urlscan.io logo urlscan.io
SecurityTrails logo

win.gg Open in urlscan Pro
18.159.80.129  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
Effective URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Submission: On November 08 via manual from GB — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 85 IPs in 13 countries across 81 domains to perform 300 HTTP transactions. The main IP is 18.159.80.129, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is win.gg.
TLS certificate: Issued by R3 on October 16th 2021. Valid for: 3 months.
This is the only time win.gg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 50 18.159.80.129 16509 (AMAZON-02)
1 143.204.98.98 16509 (AMAZON-02)
21 185.220.204.220 41436 (CLOUDWEBM...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:215... 16509 (AMAZON-02)
12 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
7 2600:9000:215... 16509 (AMAZON-02)
2 2606:4700:303... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
4 18.195.42.228 16509 (AMAZON-02)
1 2600:9000:215... 16509 (AMAZON-02)
2 143.204.95.188 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
4 2.18.233.180 16625 (AKAMAI-AS)
2 2 184.24.15.122 16625 (AKAMAI-AS)
6 104.117.200.100 16625 (AKAMAI-AS)
2 2 185.94.180.125 35220 (SPOTX-AMS)
2 8 34.98.64.218 15169 (GOOGLE)
1 2a0c:5c81:509... 55081 (24SHELLS)
13 185.167.98.14 41436 (CLOUDWEBM...)
5 6 3.126.38.41 16509 (AMAZON-02)
1 1 162.55.6.210 24940 (HETZNER-AS)
4 14 2.18.234.21 16625 (AKAMAI-AS)
2 3 185.33.221.14 29990 (ASN-APPNEX)
9 2a07:180:27b:... 209242 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 185.64.189.112 62713 (AS-PUBMATIC)
5 6 2.18.234.233 16625 (AKAMAI-AS)
1 18.196.67.255 16509 (AMAZON-02)
1 185.94.180.123 35220 (SPOTX-AMS)
1 52.57.255.59 16509 (AMAZON-02)
1 3.124.181.115 16509 (AMAZON-02)
1 35.81.242.146 16509 (AMAZON-02)
2 185.64.190.78 62713 (AS-PUBMATIC)
2 2a00:1450:400... 15169 (GOOGLE)
5 2600:9000:215... 16509 (AMAZON-02)
3 2600:9000:215... 16509 (AMAZON-02)
2 3 37.157.2.236 198622 (ADFORM)
2 89.187.169.47 60068 (CDN77 ^_^)
1 5 5.178.65.245 50673 (SERVERIUS-AS)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
5 5 52.23.121.248 14618 (AMAZON-AES)
2 2 104.111.215.191 16625 (AKAMAI-AS)
6 9 35.71.131.137 16509 (AMAZON-02)
2 3 35.244.174.68 15169 (GOOGLE)
10 11 142.250.184.194 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 13 18.193.208.211 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
1 1 66.155.71.150 13768 (COGECO-PEER1)
4 46.249.52.249 50673 (SERVERIUS-AS)
6 6 213.19.147.44 26120 (RHYTHMONE)
4 5.178.65.252 50673 (SERVERIUS-AS)
1 1 35.227.252.103 15169 (GOOGLE)
1 3.213.248.174 14618 (AMAZON-AES)
1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 3 168.119.146.39 24940 (HETZNER-AS)
4 6 185.33.221.50 29990 (ASN-APPNEX)
3 178.162.133.149 60781 (LEASEWEB-...)
4 6 18.156.0.31 16509 (AMAZON-02)
1 4 188.132.147.227 42910 (PREMIERDC...)
1 2 3.33.220.150 16509 (AMAZON-02)
1 143.204.97.29 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 51.89.9.253 16276 (OVH)
17 2606:4700:10:... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 69.173.144.138 26667 (RUBICONPR...)
1 1 194.213.62.34 5588 (GTSCE GTS...)
3 4 35.227.248.159 15169 (GOOGLE)
1 2 37.157.6.251 198622 (ADFORM)
1 2a04:4e42:600... 54113 (FASTLY)
1 2607:ae80:5::149 26558 (FREEWHEEL)
2 2 18.200.233.208 16509 (AMAZON-02)
2 2 54.78.254.47 16509 (AMAZON-02)
1 1 151.1.205.165 3242 (ASN-ITNET)
2 2 35.201.81.244 15169 (GOOGLE)
2 3 52.30.14.23 16509 (AMAZON-02)
1 1 212.82.100.182 34010 (YAHOO-IRD)
1 1 18.169.90.17 16509 (AMAZON-02)
1 34.98.67.61 15169 (GOOGLE)
2 108.128.79.28 16509 (AMAZON-02)
4 5 151.101.194.49 54113 (FASTLY)
1 1 2.18.233.201 16625 (AKAMAI-AS)
1 54.217.170.69 16509 (AMAZON-02)
1 1 3.216.128.157 14618 (AMAZON-AES)
1 2 52.95.115.196 16509 (AMAZON-02)
1 1 52.214.126.220 16509 (AMAZON-02)
1 2 52.46.154.242 16509 (AMAZON-02)
2 3 104.111.242.53 16625 (AKAMAI-AS)
1 1 52.86.150.190 14618 (AMAZON-AES)
1 2 169.50.137.184 36351 (SOFTLAYER)
4 4 185.29.132.245 30419 (MEDIAMATH...)
1 143.204.98.111 16509 (AMAZON-02)
7 2606:4700:10:... 13335 (CLOUDFLAR...)
1 51.158.29.13 12876 (Online SAS)
1 1 185.33.220.218 29990 (ASN-APPNEX)
1 3 51.89.42.86 16276 (OVH)
1 1 54.93.151.69 16509 (AMAZON-02)
2 2a05:d018:d29... 16509 (AMAZON-02)
1 1 2001:678:cb4:... 56396 (AMOBEE)
2 2 52.215.68.151 16509 (AMAZON-02)
1 1 54.81.207.173 14618 (AMAZON-AES)
1 2 2a02:2638:1::13 44788 (ASN-CRITE...)
2 178.250.0.157 44788 (ASN-CRITE...)
1 1 18.134.84.18 16509 (AMAZON-02)
3 3 54.93.133.131 16509 (AMAZON-02)
1 1 178.250.0.163 44788 (ASN-CRITE...)
1 1 2620:116:800d... 16509 (AMAZON-02)
2 2 72.251.244.141 29791 (VOXEL-DOT...)
2 2 3.127.51.194 16509 (AMAZON-02)
300 85
50    18.159.80.129 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
win.gg
1    143.204.98.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-98.fra50.r.cloudfront.net
platform-api.sharethis.com
21    185.220.204.220 (Amsterdam, Netherlands)

ASN41436 (CLOUDWEBMANAGE-EU, US)
live.primis.tech
1    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ajax.googleapis.com
1    2606:4700::6810:5714 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.jsdelivr.net
1    2600:9000:2156:b600:c:abe:f440:93a1 (United States)

ASN16509 (AMAZON-02, US)
buttons-config.sharethis.com
12    2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.youtube.com
img.youtube.com
2    2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:4700:3036::ac43:a1d1 (United States)

ASN13335 (CLOUDFLARENET, US)
g.ezodn.com
7    2600:9000:2156:c400:12:b1b7:8800:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn-images.win.gg
2    2606:4700:3031::6815:496e (United States)

ASN13335 (CLOUDFLARENET, US)
gvl.ezodn.com
3    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
4    18.195.42.228 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
nexus.ensighten.com
1    2600:9000:2156:6600:13:c079:7880:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.oribi.io
2    143.204.95.188 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-95-188.fra50.r.cloudfront.net
c.amazon-adsystem.com
2    2a00:1450:4001:810::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com
ads.pubmatic.com
2    184.24.15.122 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-15-122.deploy.static.akamaitechnologies.com
secure-assets.rubiconproject.com
6    104.117.200.100 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-117-200-100.deploy.static.akamaitechnologies.com
eus.rubiconproject.com
2    185.94.180.125 (Amsterdam, Netherlands)

ASN35220 (SPOTX-AMS, US)
sync.search.spotxchange.com
8    34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com
u.openx.net
primis-d.openx.net
eu-u.openx.net
us-u.openx.net
1    2a0c:5c81:5095:0:225:90ff:fefa:245d (London, United Kingdom)

ASN55081 (24SHELLS, US)
s.console.adtarget.com.tr
13    185.167.98.14 (Amsterdam, Netherlands)

ASN41436 (CLOUDWEBMANAGE-EU, US)
video.primis.tech
6    3.126.38.41 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-38-41.eu-central-1.compute.amazonaws.com
x.bidswitch.net
1    162.55.6.210 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.210.6.55.162.clients.your-server.de
csync.loopme.me
14    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
dsum-sec.casalemedia.com
3    185.33.221.14 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
secure.adnxs.com
9    2a07:180:27b:71f4:967e:7b66:dbda:fbaf (Belize)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
cdn.gin.bet
2    2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    185.64.189.112 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
hbopenbid.pubmatic.com
6    2.18.234.233 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-233.deploy.static.akamaitechnologies.com
ads.stickyadstv.com
1    18.196.67.255 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-196-67-255.eu-central-1.compute.amazonaws.com
ads.adaptv.advertising.com
1    185.94.180.123 (Amsterdam, Netherlands)

ASN35220 (SPOTX-AMS, US)
search.spotxchange.com
1    52.57.255.59 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-255-59.eu-central-1.compute.amazonaws.com
prebid-server.rubiconproject.com
1    3.124.181.115 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-181-115.eu-central-1.compute.amazonaws.com
l.sharethis.com
1    35.81.242.146 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-242-146.us-west-2.compute.amazonaws.com
gw.oribi.io
2    185.64.190.78 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image6.pubmatic.com
2    2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
5    2600:9000:2156:c00:1d:85c3:6640:93a1 (United States)

ASN16509 (AMAZON-02, US)
platform-cdn.sharethis.com
3    2600:9000:2156:5a00:f:4f64:8940:93a1 (United States)

ASN16509 (AMAZON-02, US)
js.adscale.de
3    37.157.2.236 (Denmark)

ASN198622 (ADFORM, DK)
cm.adform.net
track.adform.net
2    89.187.169.47 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-89-187-169-47.cdn77.com
cdn.admatic.com.tr
5    5.178.65.245 (Woerden, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net
ads.us.e-planning.net
sync.e-planning.net
1    2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:801::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.it
5    52.23.121.248 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-23-121-248.compute-1.amazonaws.com
cs.choozle.com
2    104.111.215.191 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-215-191.deploy.static.akamaitechnologies.com
tags.bluekai.com
9    35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
3    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
idsync.rlcdn.com
11    142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net
cm.g.doubleclick.net
1    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
analytics.google.com
13    18.193.208.211 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-193-208-211.eu-central-1.compute.amazonaws.com
ih.adscale.de
2    2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
imasdk.googleapis.com
1    66.155.71.150 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)
pixel.sitescout.com
4    46.249.52.249 (Aalsmeer, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: ads.us.e-planning.net
u-ams02.e-planning.net
6    213.19.147.44 (United Kingdom)

ASN26120 (RHYTHMONE, US)
sync.1rx.io
sync.targeting.unrulymedia.com
4    5.178.65.252 (Woerden, Netherlands)

ASN50673 (SERVERIUS-AS, NL)
PTR: i.e-planning.net
s.e-planning.net
1    35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com
rtb.openx.net
1    3.213.248.174 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-213-248-174.compute-1.amazonaws.com
a.audrte.com
1    2a02:fa8:8806:12::1400 (Singapore)

ASN41041 (VCLK-EU-SE, US)
prebid-match.dotomi.com
3    168.119.146.39 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.39.146.119.168.clients.your-server.de
sync.richaudience.com
6    185.33.221.50 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
ib.adnxs.com
3    178.162.133.149 (Rotterdam, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com
sync.go.sonobi.com
6    18.156.0.31 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
4    188.132.147.227 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)
PTR: static-227-147-132-188.sadecehosting.net
ads3.admatic.com.tr
ads4.admatic.com.tr
2    3.33.220.150 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
insight.adsrvr.org
1    143.204.97.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-97-29.fra50.r.cloudfront.net
d1eoo1tco6rr5e.cloudfront.net
1    2a00:1450:4001:802::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
s0.2mdn.net
2    51.89.9.253 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu
onetag-sys.com
17    2606:4700:10::6816:1857 (United States)

ASN13335 (CLOUDFLARENET, US)
spl.zeotap.com
mwzeom.zeotap.com
2    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
2    69.173.144.138 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)
token.rubiconproject.com
1    194.213.62.34 (Prague, Czech Republic)

ASN5588 (GTSCE GTS Central Europe Antel Germany, CZ)
PTR: bbnautid3.ibillboard.com
bbnaut.ibillboard.com
4    35.227.248.159 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 159.248.227.35.bc.googleusercontent.com
pixel.tapad.com
2    37.157.6.251 (Denmark)

ASN198622 (ADFORM, DK)
PTR: s1.adform.net
dmp.adform.net
c1.adform.net
1    2a04:4e42:600::300 (United States)

ASN54113 (FASTLY, US)
trc.taboola.com
1    2607:ae80:5::149 (United States)

ASN26558 (FREEWHEEL, US)
dmp.v.fwmrm.net
2    18.200.233.208 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-200-233-208.eu-west-1.compute.amazonaws.com
dpm.demdex.net
2    54.78.254.47 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
loadeu.exelator.com
1    151.1.205.165 (Italy)

ASN3242 (ASN-ITNET, IT)
bn01.er.bemail.it
2    35.201.81.244 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 244.81.201.35.bc.googleusercontent.com
idsync.frontend.weborama.fr
3    52.30.14.23 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-14-23.eu-west-1.compute.amazonaws.com
bcp.crwdcntrl.net
id.crwdcntrl.net
1    212.82.100.182 (Dublin, Ireland)

ASN34010 (YAHOO-IRD, GB)
PTR: spcms.pbp.vip.ir2.yahoo.com
cms.analytics.yahoo.com
1    18.169.90.17 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-169-90-17.eu-west-2.compute.amazonaws.com
aa.agkn.com
1    34.98.67.61 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 61.67.98.34.bc.googleusercontent.com
odr.mookie1.com
2    108.128.79.28 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-79-28.eu-west-1.compute.amazonaws.com
beacon.krxd.net
5    151.101.194.49 (United States)

ASN54113 (FASTLY, US)
sync-tm.everesttech.net
1    2.18.233.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-201.deploy.static.akamaitechnologies.com
pixel.mathtag.com
1    54.217.170.69 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-217-170-69.eu-west-1.compute.amazonaws.com
engine.widespace.com
1    3.216.128.157 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-216-128-157.compute-1.amazonaws.com
usermatch.krxd.net
2    52.95.115.196 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
aax-eu.amazon-adsystem.com
1    52.214.126.220 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-214-126-220.eu-west-1.compute.amazonaws.com
obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com
2    52.46.154.242 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
3    104.111.242.53 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-53.deploy.static.akamaitechnologies.com
px.owneriq.net
1    52.86.150.190 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-150-190.compute-1.amazonaws.com
sync.extend.tv
2    169.50.137.184 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com
um.simpli.fi
4    185.29.132.245 (United Kingdom)

ASN30419 (MEDIAMATH-INC, US)
sync.mathtag.com
1    143.204.98.111 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-111.fra50.r.cloudfront.net
tags.crwdcntrl.net
7    2606:4700:10::ac43:2ac6 (United States)

ASN13335 (CLOUDFLARENET, US)
sync.quantumdex.io
1    51.158.29.13 (Paris, France)

ASN12876 (Online SAS, FR)
PTR: 51-158-29-13.rev.poneytelecom.eu
js.cookieless-data.com
1    185.33.220.218 (Amsterdam, Netherlands)

ASN29990 (ASN-APPNEX, US)
PTR: 887.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
adscale-emea.adnxs.com
3    51.89.42.86 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p26.id5-sync.com
id5-sync.com
1    54.93.151.69 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-151-69.eu-central-1.compute.amazonaws.com
match.sharethrough.com
2    2a05:d018:d29:3605:15eb:8f8e:fe0:229e (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
pr-bh.ybp.yahoo.com
1    2001:678:cb4:bbbb::11 (United Kingdom)

ASN56396 (AMOBEE, GB)
ad.turn.com
2    52.215.68.151 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-68-151.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
1    54.81.207.173 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-81-207-173.compute-1.amazonaws.com
sync.srv.stackadapt.com
2    2a02:2638:1::13 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
gum.criteo.com
2    178.250.0.157 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
mug.criteo.com
1    18.134.84.18 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-134-84-18.eu-west-2.compute.amazonaws.com
1f2e7.v.fwmrm.net
3    54.93.133.131 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-93-133-131.eu-central-1.compute.amazonaws.com
pixel.advertising.com
1    178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)
dis.criteo.com
1    2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)
pixel.quantserve.com
2    72.251.244.141 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)
tracking.m6r.eu
2    3.127.51.194 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-51-194.eu-central-1.compute.amazonaws.com
ads.creative-serving.com
Apex Domain
Subdomains		 Transfer
57 win.gg
win.gg
cdn-images.win.gg
api-images.win.gg Failed
981 KB
34 primis.tech
live.primis.tech
video.primis.tech
3 MB
17 zeotap.com
spl.zeotap.com
mwzeom.zeotap.com
5 KB
16 adscale.de
js.adscale.de
ih.adscale.de
17 KB
14 casalemedia.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
dsum-sec.casalemedia.com
17 KB
13 e-planning.net
ads.us.e-planning.net
u-ams02.e-planning.net
sync.e-planning.net
s.e-planning.net
18 KB
13 doubleclick.net
stats.g.doubleclick.net
cm.g.doubleclick.net
3 KB
12 youtube.com
www.youtube.com
img.youtube.com
411 KB
11 adsrvr.org
match.adsrvr.org
insight.adsrvr.org
4 KB
11 rubiconproject.com
secure-assets.rubiconproject.com
eus.rubiconproject.com
prebid-server.rubiconproject.com
token.rubiconproject.com
33 KB
10 adnxs.com
secure.adnxs.com
ib.adnxs.com
adscale-emea.adnxs.com
6 KB
9 yahoo.com
ups.analytics.yahoo.com
cms.analytics.yahoo.com
pr-bh.ybp.yahoo.com
4 KB
9 gin.bet
cdn.gin.bet
231 KB
9 openx.net
u.openx.net
primis-d.openx.net
rtb.openx.net
eu-u.openx.net
us-u.openx.net
3 KB
8 sharethis.com
platform-api.sharethis.com
buttons-config.sharethis.com
l.sharethis.com
platform-cdn.sharethis.com
47 KB
7 quantumdex.io
sync.quantumdex.io
1 KB
7 pubmatic.com
ads.pubmatic.com
hbopenbid.pubmatic.com
image6.pubmatic.com
22 KB
6 admatic.com.tr
cdn.admatic.com.tr
ads3.admatic.com.tr
ads4.admatic.com.tr
22 KB
6 stickyadstv.com
ads.stickyadstv.com
5 KB
6 bidswitch.net
x.bidswitch.net
3 KB
6 amazon-adsystem.com
c.amazon-adsystem.com
aax-eu.amazon-adsystem.com
s.amazon-adsystem.com
42 KB
5 criteo.com
gum.criteo.com
mug.criteo.com
dis.criteo.com
2 KB
5 mathtag.com
pixel.mathtag.com
sync.mathtag.com
3 KB
5 everesttech.net
sync-tm.everesttech.net
2 KB
5 choozle.com
cs.choozle.com
3 KB
5 adform.net
cm.adform.net
dmp.adform.net
track.adform.net
c1.adform.net
2 KB
5 googleapis.com
ajax.googleapis.com
fonts.googleapis.com
imasdk.googleapis.com
403 KB
4 crwdcntrl.net
bcp.crwdcntrl.net
tags.crwdcntrl.net
id.crwdcntrl.net
13 KB
4 tapad.com
pixel.tapad.com
2 KB
4 1rx.io
sync.1rx.io
2 KB
4 advertising.com
ads.adaptv.advertising.com
pixel.advertising.com
1 KB
4 ensighten.com
nexus.ensighten.com
11 KB
3 id5-sync.com
id5-sync.com
3 KB
3 owneriq.net
px.owneriq.net
1 KB
3 krxd.net
beacon.krxd.net
usermatch.krxd.net
942 B
3 sonobi.com
sync.go.sonobi.com
1 KB
3 richaudience.com
sync.richaudience.com
744 B
3 rlcdn.com
idsync.rlcdn.com
1 KB
3 spotxchange.com
sync.search.spotxchange.com
search.spotxchange.com
2 KB
3 google-analytics.com
www.google-analytics.com
55 KB
3 ezodn.com
g.ezodn.com
gvl.ezodn.com
172 KB
2 creative-serving.com
ads.creative-serving.com
1 KB
2 m6r.eu
tracking.m6r.eu
1 KB
2 bidr.io
match.prod.bidr.io
1 KB
2 simpli.fi
um.simpli.fi
848 B
2 weborama.fr
idsync.frontend.weborama.fr
843 B
2 exelator.com
loadeu.exelator.com
2 KB
2 demdex.net
dpm.demdex.net
2 KB
2 fwmrm.net
dmp.v.fwmrm.net
1f2e7.v.fwmrm.net
870 B
2 googlesyndication.com
pagead2.googlesyndication.com
14 KB
2 onetag-sys.com
onetag-sys.com
2 KB
2 unrulymedia.com
sync.targeting.unrulymedia.com
971 B
2 bluekai.com
tags.bluekai.com
1 KB
2 google.it
www.google.it
608 B
2 google.com
www.google.com
analytics.google.com
842 B
2 gstatic.com
fonts.gstatic.com
31 KB
2 oribi.io
cdn.oribi.io
gw.oribi.io
35 KB
2 googletagmanager.com
www.googletagmanager.com
108 KB
1 quantserve.com
pixel.quantserve.com
500 B
1 stackadapt.com
sync.srv.stackadapt.com
612 B
1 turn.com
ad.turn.com
425 B
1 sharethrough.com
match.sharethrough.com
240 B
1 cookieless-data.com
js.cookieless-data.com
535 B
1 extend.tv
sync.extend.tv
546 B
1 imrworldwide.com
obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com
215 B
1 widespace.com
engine.widespace.com
76 B
1 mookie1.com
odr.mookie1.com
324 B
1 agkn.com
aa.agkn.com
389 B
1 bemail.it
bn01.er.bemail.it
659 B
1 taboola.com
trc.taboola.com
163 B
1 ibillboard.com
bbnaut.ibillboard.com
550 B
1 2mdn.net
s0.2mdn.net
17 KB
1 cloudfront.net
d1eoo1tco6rr5e.cloudfront.net
667 B
1 dotomi.com
prebid-match.dotomi.com
104 B
1 audrte.com
a.audrte.com
2 KB
1 sitescout.com
pixel.sitescout.com
288 B
1 loopme.me
csync.loopme.me
243 B
1 adtarget.com.tr
s.console.adtarget.com.tr
sync.console.adtarget.com.tr Failed
1 KB
1 jsdelivr.net
cdn.jsdelivr.net
23 KB
0 adotmob.com Failed
sync.adotmob.com Failed
0 admanmedia.com Failed
cs.admanmedia.com Failed
300 81
Domain Requested by
50 win.gg 1 redirects win.gg
ajax.googleapis.com
21 live.primis.tech win.gg
live.primis.tech
14 mwzeom.zeotap.com ads.us.e-planning.net
13 ih.adscale.de 1 redirects js.adscale.de
ih.adscale.de
13 video.primis.tech live.primis.tech
win.gg
11 cm.g.doubleclick.net 10 redirects u.openx.net
10 img.youtube.com win.gg
9 match.adsrvr.org 6 redirects ssum.casalemedia.com
live.primis.tech
u.openx.net
9 cdn.gin.bet win.gg
8 dsum-sec.casalemedia.com 1 redirects ssum.casalemedia.com
ssum-sec.casalemedia.com
7 sync.quantumdex.io ads.us.e-planning.net
sync.quantumdex.io
ssum-sec.casalemedia.com
7 cdn-images.win.gg win.gg
6 ups.analytics.yahoo.com 4 redirects win.gg
6 ib.adnxs.com 4 redirects spl.zeotap.com
ssum-sec.casalemedia.com
6 ads.stickyadstv.com 5 redirects live.primis.tech
6 x.bidswitch.net 5 redirects win.gg
6 eus.rubiconproject.com live.primis.tech
eus.rubiconproject.com
ads.us.e-planning.net
5 sync-tm.everesttech.net 4 redirects win.gg
5 cs.choozle.com 5 redirects
5 platform-cdn.sharethis.com win.gg
4 sync.mathtag.com 4 redirects
4 pixel.tapad.com 3 redirects ads.us.e-planning.net
4 s.e-planning.net ads.us.e-planning.net
4 sync.1rx.io 4 redirects
4 u-ams02.e-planning.net ads.us.e-planning.net
ssum.casalemedia.com
4 ssum-sec.casalemedia.com 2 redirects ssum.casalemedia.com
sync.quantumdex.io
4 ads.pubmatic.com live.primis.tech
s.console.adtarget.com.tr
ads.us.e-planning.net
4 nexus.ensighten.com www.googletagmanager.com
nexus.ensighten.com
3 pixel.advertising.com 3 redirects
3 id5-sync.com 1 redirects sync.quantumdex.io
live.primis.tech
3 px.owneriq.net 2 redirects ssum.casalemedia.com
3 spl.zeotap.com ads.us.e-planning.net
spl.zeotap.com
3 ads3.admatic.com.tr cdn.admatic.com.tr
s.console.adtarget.com.tr
3 sync.go.sonobi.com ads.us.e-planning.net
sync.quantumdex.io
3 sync.richaudience.com 1 redirects ads.us.e-planning.net
spl.zeotap.com
3 sync.e-planning.net ads.us.e-planning.net
sync.quantumdex.io
3 idsync.rlcdn.com 2 redirects win.gg
3 js.adscale.de s.console.adtarget.com.tr
js.adscale.de
ih.adscale.de
3 secure.adnxs.com 2 redirects ssum-sec.casalemedia.com
3 u.openx.net 2 redirects live.primis.tech
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 ads.creative-serving.com 2 redirects
2 tracking.m6r.eu 2 redirects
2 us-u.openx.net u.openx.net
2 eu-u.openx.net u.openx.net
2 mug.criteo.com win.gg
2 gum.criteo.com 1 redirects
2 track.adform.net 2 redirects
2 match.prod.bidr.io 2 redirects
2 pr-bh.ybp.yahoo.com ssum-sec.casalemedia.com
win.gg
2 um.simpli.fi 1 redirects ssum.casalemedia.com
2 s.amazon-adsystem.com 1 redirects ssum.casalemedia.com
2 aax-eu.amazon-adsystem.com 1 redirects ads.us.e-planning.net
2 beacon.krxd.net spl.zeotap.com
ads.us.e-planning.net
2 bcp.crwdcntrl.net 2 redirects
2 idsync.frontend.weborama.fr 2 redirects
2 loadeu.exelator.com 2 redirects
2 dpm.demdex.net 2 redirects
2 token.rubiconproject.com win.gg
eus.rubiconproject.com
2 pagead2.googlesyndication.com srcdoc
imasdk.googleapis.com
2 onetag-sys.com ads.us.e-planning.net
sync.quantumdex.io
2 ssum.casalemedia.com 1 redirects ads.us.e-planning.net
2 insight.adsrvr.org 1 redirects d1eoo1tco6rr5e.cloudfront.net
2 sync.targeting.unrulymedia.com 2 redirects
2 imasdk.googleapis.com live.primis.tech
imasdk.googleapis.com
2 tags.bluekai.com 2 redirects
2 www.google.it win.gg
2 ads.us.e-planning.net 1 redirects s.console.adtarget.com.tr
2 cdn.admatic.com.tr s.console.adtarget.com.tr
cdn.admatic.com.tr
2 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
2 image6.pubmatic.com ads.pubmatic.com
spl.zeotap.com
2 fonts.gstatic.com fonts.googleapis.com
2 sync.search.spotxchange.com 2 redirects
2 secure-assets.rubiconproject.com 2 redirects
2 fonts.googleapis.com win.gg
live.primis.tech
2 c.amazon-adsystem.com live.primis.tech
c.amazon-adsystem.com
2 gvl.ezodn.com g.ezodn.com
2 www.googletagmanager.com win.gg
www.googletagmanager.com
2 www.youtube.com win.gg
www.youtube.com
1 ads4.admatic.com.tr 1 redirects
1 c1.adform.net 1 redirects
1 pixel.quantserve.com 1 redirects
1 dis.criteo.com 1 redirects
1 1f2e7.v.fwmrm.net 1 redirects
1 id.crwdcntrl.net live.primis.tech
1 sync.srv.stackadapt.com 1 redirects
1 ad.turn.com 1 redirects
1 match.sharethrough.com 1 redirects
1 adscale-emea.adnxs.com 1 redirects
1 js.cookieless-data.com s.e-planning.net
1 tags.crwdcntrl.net s.e-planning.net
1 sync.extend.tv 1 redirects
1 obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com 1 redirects
1 usermatch.krxd.net 1 redirects
1 engine.widespace.com spl.zeotap.com
1 pixel.mathtag.com 1 redirects
1 odr.mookie1.com spl.zeotap.com
1 aa.agkn.com 1 redirects
1 cms.analytics.yahoo.com 1 redirects
1 bn01.er.bemail.it 1 redirects
1 dmp.v.fwmrm.net spl.zeotap.com
1 trc.taboola.com spl.zeotap.com
1 dmp.adform.net spl.zeotap.com
1 bbnaut.ibillboard.com 1 redirects
1 s0.2mdn.net imasdk.googleapis.com
1 d1eoo1tco6rr5e.cloudfront.net nexus.ensighten.com
1 prebid-match.dotomi.com ads.us.e-planning.net
1 a.audrte.com ads.us.e-planning.net
1 rtb.openx.net 1 redirects
1 pixel.sitescout.com 1 redirects
1 analytics.google.com www.googletagmanager.com
1 www.google.com win.gg
1 cm.adform.net s.console.adtarget.com.tr
1 gw.oribi.io cdn.oribi.io
1 l.sharethis.com platform-api.sharethis.com
1 prebid-server.rubiconproject.com live.primis.tech
1 search.spotxchange.com live.primis.tech
1 ads.adaptv.advertising.com live.primis.tech
1 primis-d.openx.net live.primis.tech
1 hbopenbid.pubmatic.com live.primis.tech
1 csync.loopme.me 1 redirects
1 s.console.adtarget.com.tr live.primis.tech
1 cdn.oribi.io win.gg
1 g.ezodn.com win.gg
1 buttons-config.sharethis.com platform-api.sharethis.com
1 cdn.jsdelivr.net win.gg
1 ajax.googleapis.com win.gg
1 platform-api.sharethis.com win.gg
0 sync.adotmob.com Failed ssum-sec.casalemedia.com
0 cs.admanmedia.com Failed ads.us.e-planning.net
0 sync.console.adtarget.com.tr Failed s.console.adtarget.com.tr
js.adscale.de
ads.us.e-planning.net
0 api-images.win.gg Failed win.gg
300 132
Subject Issuer Validity Valid
win.gg
R3		 2021-10-16 -
2022-01-14		 3 months crt.sh
sharethis.com
Amazon		 2021-07-19 -
2022-08-17		 a year crt.sh
primis.tech
Go Daddy Secure Certificate Authority - G2		 2021-10-29 -
2022-06-18		 8 months crt.sh
upload.video.google.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-03 -
2022-07-02		 a year crt.sh
*.google.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
nexus.ensighten.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-14 -
2022-10-12		 a year crt.sh
oribi.io
Amazon		 2021-06-18 -
2022-07-17		 a year crt.sh
c.amazon-adsystem.com
Amazon		 2021-07-06 -
2022-06-27		 a year crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA		 2021-03-30 -
2022-04-04		 a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-04-01 -
2022-04-04		 a year crt.sh
s.console.adtarget.com.tr
ZeroSSL ECC Domain Secure Site CA		 2021-09-30 -
2021-12-29		 3 months crt.sh
*.bidswitch.net
Sectigo RSA Domain Validation Secure Server CA		 2020-04-23 -
2022-05-04		 2 years crt.sh
cdn.gin.bet
Cloudflare Inc ECC CA-3		 2021-09-15 -
2022-09-14		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018		 2021-07-08 -
2022-08-08		 a year crt.sh
ads.stickyadstv.com
DigiCert SHA2 Secure Server CA		 2021-09-19 -
2022-09-20		 a year crt.sh
*.v.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-10-19 -
2022-04-13		 6 months crt.sh
*.spotxchange.com
GeoTrust RSA CA 2018		 2021-03-10 -
2022-03-29		 a year crt.sh
*.oribi.io
Amazon		 2021-08-29 -
2022-09-27		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.adscale.de
Amazon		 2021-08-08 -
2022-09-06		 a year crt.sh
*.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-05-28 -
2022-06-15		 a year crt.sh
cdn.admatic.com.tr
R3		 2021-10-16 -
2022-01-14		 3 months crt.sh
ads.us.e-planning.net
R3		 2021-10-09 -
2022-01-07		 3 months crt.sh
www.google.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.google.it
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.e-planning.net
R3		 2021-10-22 -
2022-01-20		 3 months crt.sh
*.audrte.com
Amazon		 2021-01-26 -
2022-02-24		 a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018		 2021-08-10 -
2022-09-11		 a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2		 2020-12-06 -
2022-01-07		 a year crt.sh
ads4.admatic.com.tr
R3		 2021-11-04 -
2022-02-02		 3 months crt.sh
*.cloudfront.net
Amazon		 2021-03-19 -
2022-03-17		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
onetag-sys.com
R3		 2021-11-02 -
2022-01-31		 3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2021-03-05 -
2022-02-19		 a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-06 -
2022-10-07		 a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-25 -
2021-12-26		 a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1		 2020-11-17 -
2021-12-18		 a year crt.sh
*.mookie1.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-02-22 -
2022-03-25		 a year crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-01-13 -
2022-01-07		 a year crt.sh
*.richaudience.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1		 2021-03-17 -
2022-03-16		 a year crt.sh
widespace.com
R3		 2021-11-01 -
2022-01-30		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2		 2021-04-29 -
2022-05-31		 a year crt.sh
js.cookieless-data.com
R3		 2021-09-30 -
2021-12-29		 3 months crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2021-08-24 -
2022-02-16		 6 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2021-09-09 -
2021-12-07		 3 months crt.sh
*.id5-sync.com
R3		 2021-10-05 -
2022-01-03		 3 months crt.sh
*.everesttech.net
GlobalSign Atlas R3 DV TLS CA 2020		 2021-03-22 -
2022-04-23		 a year crt.sh

This page contains 33 frames:

Primary Page: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Frame ID: 23E485D0E351BA0849D941ED8D737EF5
Requests: 125 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveView.php?s=104669&vp_content=plembed2011ghzmiptq&cbuster=1636365365&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Frame ID: C8B199ED9B088E9416D542140F221443
Requests: 33 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto&display=swap
Frame ID: 3C9F05D199E54FECEA309D80E40D6172
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Frame ID: FF6B4D136F1F14685FD4DDB84A822CF6
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=primis&endpoint=us-east
Frame ID: DD3C35C89A44709182FCF1F3C6BCA1FE
Requests: 3 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=94&advUuid=171962b6-407a-11ec-b79a-16ae82d30406
Frame ID: D26D8AB1A1B8D360CA3635F85B379220
Requests: 1 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=98&advUuid=a7e77e59-da8f-4c08-8356-d2c399ad902d
Frame ID: AB5B6828D67E0750E5EFC109071E2F45
Requests: 1 HTTP requests in this frame

Frame: https://s.console.adtarget.com.tr/sync.html?aid=556966
Frame ID: CA9519E1FC27A19A1BAB22D1AA522014
Requests: 2 HTTP requests in this frame

Frame: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Frame ID: 109B8EFA094FE6841FB8DB2846A7A397
Requests: 5 HTTP requests in this frame

Frame: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Frame ID: 272A4F5C4B3A06B26A4BBF80DA40BC20
Requests: 1 HTTP requests in this frame

Frame: https://cdn.admatic.com.tr/user
Frame ID: E93AD0F221167325E935F9617976B33B
Requests: 6 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=502624&extuid=${USER_ID}
Frame ID: 9D471A0263D86C1B6F9E4C65F19D7D69
Requests: 1 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=kmDPZth0VZqYMBjLduFX&pi=admatic&tc=1
Frame ID: 305598C4B7886EDDE09D865424C359E1
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Frame ID: 8D2BB0B5BBA10768C3BDCE5B36FD71D5
Requests: 15 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Frame ID: 213000790342F15DDC0C83A847065BDD
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Frame ID: 9891B10C0C061115C7D7DD54E6728CF7
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D2728411cce617bb8%26uid%3D
Frame ID: 6FF9424AFC878292E24D098C10EA88D2
Requests: 1 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/2tetedh/g27akpq/iframe
Frame ID: 5DE01321E76CE21B5BE83CBE0558E062
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.487.0_en.html
Frame ID: C77EF9F16E9BA0064A2358C99F4DE5C6
Requests: 2 HTTP requests in this frame

Frame: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Frame ID: A236676AFBB2D57CF00A330183CB27EA
Requests: 11 HTTP requests in this frame

Frame: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D2728411cce617bb8%26uid%3D
Frame ID: B4D0150626E7669F0DFBBCB1454188C3
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Frame ID: F9225AEC5399E296FC13BFB28F3B3E1A
Requests: 1 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361&cmp=0
Frame ID: 22E54BC2FA5C7E8BCE1DE3A4B4662A23
Requests: 29 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 262526FD222A65B08F6C0C06A3B14CB5
Requests: 1 HTTP requests in this frame

Frame: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Frame ID: 225357E71D0100660C26D11F2F291C67
Requests: 2 HTTP requests in this frame

Frame: https://sync.quantumdex.io/usersync/e-planning
Frame ID: F07C343E57EF40BAE14F69A79B4493A3
Requests: 9 HTTP requests in this frame

Frame: https://sync.console.adtarget.com.tr/csync?t=a&ep=307442&extuid=ANTDjccfZc81qu4J
Frame ID: 72D3C9C5A5633AE606402209EA528927
Requests: 1 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Frame ID: 345F651A3D9281666E3BCAA672C6612C
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Frame ID: 322118DF54BD6636E3D33D2D7B58693D
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Frame ID: C44B2AB0210904A5D9C23BAA2FEFC87A
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Frame ID: 16F5387C101DB2560E33478E02AAFDB8
Requests: 7 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Frame ID: 278489556B3AEC50989619C3AC868B0A
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Frame ID: 89F44D219F58193620322337B5781D45
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Has Corpse Husband ever shown his face? We investigate - WIN.gg

Page URL History Show full URLs

  1. https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate HTTP 301
    https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/ Page URL

Page Statistics

300
Requests

76 %
HTTPS

28 %
IPv6

81
Domains

132
Subdomains

85
IPs

13
Countries

6221 kB
Transfer

10348 kB
Size

124
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate HTTP 301
    https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 57
  • https://cdn-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/pathfinders-voice-actor-on-working-apex-legends-next-respawn-game.jpg HTTP 302
  • https://api-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/pathfinders-voice-actor-on-working-apex-legends-next-respawn-game.jpg
Request Chain 89
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=primis&endpoint=us-east HTTP 301
  • https://eus.rubiconproject.com/usync.html?p=primis&endpoint=us-east
Request Chain 90
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D94%26advUuid%3D%24SPOTX_USER_ID&__user_check__=1&sync_id=171962f9-407a-11ec-b79a-16ae82d30406 HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=94&advUuid=171962b6-407a-11ec-b79a-16ae82d30406
Request Chain 91
  • https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D98%26advUuid%3D HTTP 302
  • https://u.openx.net/w/1.0/cm?cc=1&id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D98%26advUuid%3D HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=98&advUuid=a7e77e59-da8f-4c08-8356-d2c399ad902d
Request Chain 104
  • https://csync.loopme.me/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D HTTP 307
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=93&advUuid=efc222b9-26e4-45d9-9860-a143fa37979e
Request Chain 105
  • https://ssum-sec.casalemedia.com/usermatchredir?s=192962&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D99%26advUuid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D99%26advUuid%3D&s=192962&C=1 HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=99&advUuid=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB
Request Chain 106
  • https://secure.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D105%26advUuid%3D%24UID HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Flive.primis.tech%252Flive%252FliveCS.php%253Fsource%253Dexternal%2526csuuid%253D6188f435634f6%2526pixel%253D%2526advId%253D105%2526advUuid%253D%2524UID HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=105&advUuid=845234657020092272
Request Chain 151
  • https://creativecdn.com/cm-notify?pi=admatic HTTP 302
  • https://creativecdn.com/cm-notify?pi=admatic&tc=1 HTTP 302
  • https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=kmDPZth0VZqYMBjLduFX&pi=admatic&tc=1
Request Chain 152
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID HTTP 302
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Request Chain 160
  • https://cs.choozle.com/dp/chz/24899?d=win.gg&cb=1723970047 HTTP 302
  • https://cs.choozle.com/sync HTTP 302
  • https://cs.choozle.com/sync?v=true&cid=bededd1e-bc0a-4201-ab0d-5b663db935c4 HTTP 302
  • https://tags.bluekai.com/site/48443?id=bededd1e-bc0a-4201-ab0d-5b663db935c4&limit=1&redir=https%3A%2F%2Fcs.choozle.com%2Fsync%3Fpid%3D%24_BK_UUID%26dpsync%3Dbk%26cid%3Dbededd1e-bc0a-4201-ab0d-5b663db935c4 HTTP 302
  • https://cs.choozle.com/sync?pid=$_BK_UUID&dpsync=bk&cid=bededd1e-bc0a-4201-ab0d-5b663db935c4 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_puid=bededd1e-bc0a-4201-ab0d-5b663db935c4&ttd_pid=gdmv7qs&ttd_tpi=1 HTTP 302
  • https://cs.choozle.com/sync?pid=9954d0a5-3bda-4478-a00d-7a44ba5cedad&dpsync=ttd&cid=bededd1e-bc0a-4201-ab0d-5b663db935c4 HTTP 302
  • https://idsync.rlcdn.com/459489.gif?partner_uid=bededd1e-bc0a-4201-ab0d-5b663db935c4 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=COGFHBIwCiwIARCp7AEaJGJlZGVkZDFlLWJjMGEtNDIwMS1hYjBkLTViNjYzZGI5MzVjNBAAGg0It-ijjAYSBQjoBxAAQgBKAA HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
  • https://idsync.rlcdn.com/362358.gif?google_gid=CAESEIDAITg6k7kfNEgFL-QyLo0&google_cver=1
Request Chain 164
  • https://ih.adscale.de/uu?cbfn=receive&t=1636365366 HTTP 302
  • https://ih.adscale.de/uu?cbfn=receive&t=1636365366&nut&uu=7e9bbb5efcf2448e980c068d45512089
Request Chain 168
  • https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3D2728411cce617bb8 HTTP 302
  • https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=2728411cce617bb8
Request Chain 169
  • https://sync.1rx.io/usersync2/eplanning HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5674022133 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5674022133 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/9954d0a5-3bda-4478-a00d-7a44ba5cedad HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3DRX-fd7553de-fd63-4482-93c8-11a50ca786bb-003%26dc%3D1079cc634ca638f8%26iss%3D1 HTTP 302
  • https://sync.e-planning.net/um?uid=RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003&dc=1079cc634ca638f8&iss=1
Request Chain 172
  • https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3D2728411cce617bb8%26uid%3D%24%7BUID%7D HTTP 302
  • https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=2728411cce617bb8&uid=699c1726-2f56-4712-acbf-84f5f4be11b5
Request Chain 176
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3D2728411cce617bb8 HTTP 302
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
Request Chain 177
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D2728411cce617bb8%26uid%3D%24UID HTTP 302
  • https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=2728411cce617bb8&uid=845234657020092272
Request Chain 179
  • https://ups.analytics.yahoo.com/ups/58414/occ HTTP 302
  • https://ups.analytics.yahoo.com/ups/58414/occ?verify=true HTTP 302
  • https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-0JMbv2VE2uExf9J4SsFS8jDzzvg06RXHoOOXUGA-~A
Request Chain 181
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu HTTP 301
  • https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Request Chain 189
  • https://insight.adsrvr.org/tags/2tetedh/g27akpq/iframe HTTP 303
  • https://d1eoo1tco6rr5e.cloudfront.net/2tetedh/g27akpq/iframe
Request Chain 200
  • https://bbnaut.ibillboard.com/match/AdScale?partneruid=7e9bbb5efcf2448e980c068d45512089&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37ac5138d2d167321d%2F1636365366797%2F0%2Fimg%3Ftpid%3D101%26tpuid%3DIBB_USER_ID&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/img?tpid=101&tpuid=BBID-01-03110793670774975-16441020
Request Chain 202
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361&google_tc= HTTP 302
  • https://mwzeom.zeotap.com/mw?google_gid=CAESELapU2pZnYuY8tPOagtgOxo&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Request Chain 203
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b847-8611-4981-776c-da5a1f9ce866%26reqId%3Dce460c15-80b0-4908-6794-bd6f11754c65%26zdid%3D1361 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b847-8611-4981-776c-da5a1f9ce866%26reqId%3Dce460c15-80b0-4908-6794-bd6f11754c65%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=07c684f9-f952-447d-b7d0-42b3701ebc09&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Request Chain 205
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b847-8611-4981-776c-da5a1f9ce866%26reqId%3Dce460c15-80b0-4908-6794-bd6f11754c65%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=9954d0a5-3bda-4478-a00d-7a44ba5cedad&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Request Chain 209
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=38d6b847-8611-4981-776c-da5a1f9ce866&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b847-8611-4981-776c-da5a1f9ce866%26reqId%3Dce460c15-80b0-4908-6794-bd6f11754c65%26zdid%3D1361 HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=38d6b847-8611-4981-776c-da5a1f9ce866&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b847-8611-4981-776c-da5a1f9ce866%26reqId%3Dce460c15-80b0-4908-6794-bd6f11754c65%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=73258897604003962834278498049206564074&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Request Chain 210
  • https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361 HTTP 302
  • https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361&xl8blockcheck=1 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=12e25d445b5559b4fade0f312841b44e&zpartnerid=7&zdid=1361&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&w_k=&user_zi=&gdpr=&gdpr_consent=&optin=&uc=&z_p=&zem1=&zem2=&zem3=&zem4=&zem5=&zem6=&zph1=&zph2=&zph3=&zph4=&zph5=&zph6=&z_e_sha2_l=&z_e_sha2_u=&z_p_sha2_w=&z_p_sha2_wo=&email_hash=&zcluid=
Request Chain 211
  • https://bn01.er.bemail.it/zeotap.php?_bid=38d6b847-8611-4981-776c-da5a1f9ce866&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=BE1-2021110810-97853-0.332360001636365367-debd824a8648448f072d3ce8b5ddd354&zdid=533&env=mWeb
Request Chain 212
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=38d6b847-8611-4981-776c-da5a1f9ce866 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=38d6b847-8611-4981-776c-da5a1f9ce866
Request Chain 213
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=38d6b847-8611-4981-776c-da5a1f9ce866&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b847-8611-4981-776c-da5a1f9ce866%26reqId%3Dce460c15-80b0-4908-6794-bd6f11754c65%26zdid%3D1361 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=38d6b847-8611-4981-776c-da5a1f9ce866&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b847-8611-4981-776c-da5a1f9ce866%26reqId%3Dce460c15-80b0-4908-6794-bd6f11754c65%26zdid%3D1361&bounce=1&random=537654513 HTTP 302
  • https://mwzeom.zeotap.com/mw?webouuid=oBoXaSaDsTnHkAehKRmdXe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Request Chain 214
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=38d6b847-8611-4981-776c-da5a1f9ce866?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=38d6b847-8611-4981-776c-da5a1f9ce866?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?pid=6d4ea94c07a4edc74a34b7ab495ea304&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Request Chain 215
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=y-or0w2mxE2orttgF1l15etf7Gdjv2jxo0gQ--~A&zpartnerid=570&env=mWeb
Request Chain 216
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=ITA&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=ITA&zdid=1361&cid=zjV%2FT1B9K4kFLiZ7l%2F%2FG%2Ft7%2BEDB%2FqRta%2BS41iYitP1U%3D
Request Chain 220
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b847-8611-4981-776c-da5a1f9ce866%26reqId%3Dce460c15-80b0-4908-6794-bd6f11754c65%26zdid%3D1361 HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b847-8611-4981-776c-da5a1f9ce866%26reqId%3Dce460c15-80b0-4908-6794-bd6f11754c65%26zdid%3D1361&_test=YYj0NwADA2hFGgBG HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YYj0NwADA2hFGgBG&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361&_test=YYj0NwADA2hFGgBG
Request Chain 221
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b847-8611-4981-776c-da5a1f9ce866%26reqId%3Dce460c15-80b0-4908-6794-bd6f11754c65%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=116e6188-f436-4e00-b748-983ff3724c10&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Request Chain 223
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Request Chain 224
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=38d6b847-8611-4981-776c-da5a1f9ce866&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=38d6b847-8611-4981-776c-da5a1f9ce866&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361&dcc=t
Request Chain 225
  • https://tags.bluekai.com/site/87734?id=38d6b847-8611-4981-776c-da5a1f9ce866&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Request Chain 226
  • https://obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b847-8611-4981-776c-da5a1f9ce866%26reqId%3Dce460c15-80b0-4908-6794-bd6f11754c65%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Request Chain 229
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB&dcc=t
Request Chain 230
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YYj0NoqWajl63Okm9fiWUAAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGhYqpkGAxmi8CodOgbYTdQ&google_cver=1&gdpr=1
Request Chain 231
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB&gdpr_consent=&us_privacy=&gdpr=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB&gdpr_consent=&us_privacy=&gdpr=1&google_tc= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEGdALzIv2f1Jdu3g_83k67M&google_cver=1
Request Chain 232
  • https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID) HTTP 302
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6896517671019144208&uid=Q6896517671019144208&ref=%2Feucm%2Fp%2Fcc HTTP 302
  • https://px.owneriq.net/noop?ct=image%2Fgif
Request Chain 233
  • https://sync.extend.tv/r.gif?exchange=index HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a141ab0b-3b43-45b7-8fda-878cfa123bf9
Request Chain 234
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1 HTTP 302
  • https://um.simpli.fi/no_match_opted_out
Request Chain 235
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=116e6188-f436-4e00-b748-983ff3724c10&gdpr=1&gdpr_consent=
Request Chain 247
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=afc4dca470d851bc36229f48a6ffcbdad5b9883484e77cb5768a0a7e4d44a003&tpid=108&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37ac5138d2d167321d%2F1636365366797%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=116e6188-f436-4e00-b748-983ff3724c10&gdpr=0&gdpr_consent=
Request Chain 249
  • https://adscale-emea.adnxs.com/getuid?https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37ac5138d2d167321d%2F1636365366797%2F0%2Fimg%3Ftpid%3D75%26tpuid%3D%24UID&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/img?tpid=75&tpuid=845234657020092272&gdpr=0
Request Chain 251
  • https://sync.1rx.io/usersync2/rmphb?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003&rndcb=2881287287 HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=adconductor&user_id=RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003&rndcb=2881287287 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=f7fae9b2-873f-4bef-938d-c40df8f159e7&google_hm=ZjdmYWU5YjItODczZi00YmVmLTkzOGQtYzQwZGY4ZjE1OWU3 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEJgwKJ4XhRTN8zMUrIWkTKU&google_cver=1&ssp=adconductor&bsw_param=f7fae9b2-873f-4bef-938d-c40df8f159e7 HTTP 302
  • https://sync.1rx.io/usersync/bidswitch/f7fae9b2-873f-4bef-938d-c40df8f159e7?gdpr=&gdpr_consent= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3DRX-fd7553de-fd63-4482-93c8-11a50ca786bb-003 HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=unruly&uid=RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003
Request Chain 252
  • https://ups.analytics.yahoo.com/ups/58424/occ HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-0JMbv2VE2uExf9J4SsFS8jDzzvg06RXHoOOXUGA-~A
Request Chain 253
  • https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D HTTP 302
  • https://id5-sync.com/c/495/0/0/1.gif?gdpr=1&gdpr_consent=
Request Chain 254
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=appnexus&uid=845234657020092272
Request Chain 255
  • https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=fb53d013-07a5-4577-ac61-24465c7bd8e4
Request Chain 256
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID HTTP 302
  • https://sync.quantumdex.io/setuid?bidder=answermedia&uid=845234657020092272
Request Chain 264
  • https://ad.turn.com/r/cs?pid=21&gdpr=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3988650457849312171
Request Chain 265
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1 HTTP 303
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1&_bee_ppp=1 HTTP 303
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAFVok7DEegAABsJfHUO9Q&expiration=1637574967&gdpr=1
Request Chain 267
  • https://sync.srv.stackadapt.com/sync?nid=68 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=7Cuh5R7pSTZ4wy5TfIuoJl-uQMs
Request Chain 269
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1 HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1&_test=YYj0NwADA7lHDQBG HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YYj0NwADA7lHDQBG&gdpr=1&_test=YYj0NwADA7lHDQBG
Request Chain 271
  • https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=d9a91467a9c567569ef1a3a190f781fb7ce37af21e81ecc6d79c8a4ecb495fc5&tpid=63&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37ac5138d2d167321d%2F1636365366797%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YYj0NoqWajl63Okm9fiWUAAA%26710
Request Chain 272
  • https://track.adform.net/serving/cookie/match/?party=9&uid=9a7b7c77d16baa24c7f35ad7a3702ed4851ec2749b0470d9bd6ee708da6e6c79&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37ac5138d2d167321d%2F1636365366797%2F0%2Fimg&gdpr=0 HTTP 302
  • https://track.adform.net/serving/cookie/match/?CC=1&party=9&uid=9a7b7c77d16baa24c7f35ad7a3702ed4851ec2749b0470d9bd6ee708da6e6c79&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37ac5138d2d167321d%2F1636365366797%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/img?tpid=42&gdpr=0&tpuid=5362326409740733592
Request Chain 274
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwin.gg%2F&domain=win.gg&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=tygo6nxHYUl3SVE4REpJL1pFcHoyMTJ6WHNOREVvSzFjVUJpTUxYT2NwcWxCOUJ3YjhLQ2RhN3RWUEZnYVdDYnV1WXFCcTM4a1V0R3JaNlNYaWRVb3NrRVZNVUw3U0lVSmZLZ3FsakVObjVFOWJtc1cvaWx2R290bnd4bVJNRmY2VzJVNDZaaU1KTWNrK0pqWE80NDdrMEhGM1hRZlVPRDdjdHpaY2t3ckREblZHKy9FRGxCMG5hUTQwb0dsRTcyMjZhRG1DcWM3cXdIeUp2T3V2SDNjRVJNWDVMK3FJYU13aE1nbEZCU1JNSnFPenZVPXw&cppv=2
Request Chain 281
  • https://ads.stickyadstv.com/auto-user-sync?gdpr=1&gdpr_consent= HTTP 302
  • https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=91e8b24c4ecf5c510bb80bb9bee8244&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7buser.id%7d&gdpr=1&gdpr_consent= HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=a101_7028135735572477205 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm=&google_sc&google_hm=OTFlOGIyNGM0ZWNmNWM1MTBiYjgwYmI5YmVlODI0NA==&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEMjaMY-DkkCMxWa1QtbftAs&google_cver=1&gdpr=0&gdpr_consent= HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=9954d0a5-3bda-4478-a00d-7a44ba5cedad HTTP 302
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D209&gdpr=0&gdpr_consent=%26userId%3D$UID HTTP 302
  • https://ads.stickyadstv.com/user-registering?dataProviderId=209&gdpr=0&gdpr_consent=&userId=845234657020092272 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/stickyads/91e8b24c4ecf5c510bb80bb9bee8244&gdpr=0&gdpr_consent=?gdpr=0&gdpr_consent=
Request Chain 282
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=9954d0a5-3bda-4478-a00d-7a44ba5cedad&_origin=1&gdpr=1&gdpr_consent=
Request Chain 284
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true HTTP 302
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP181ffd8b-407a-11ec-adf7-02cc138d7c5c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVAxODFmZmQ4Yi00MDdhLTExZWMtYWRmNy0wMmNjMTM4ZDdjNWM%3D HTTP 302
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEIReJfIlcVXOw4RP-o1nYt4&google_cver=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEIReJfIlcVXOw4RP-o1nYt4&google_cver=1&apid=UP181ffd8b-407a-11ec-adf7-02cc138d7c5c
Request Chain 285
  • https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&uid=a044bf74b887cd77a2a284b76843c62bff7261d8de02a3d840d63f35c7f3f01b&tpid=40&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37ac5138d2d167321d%2F1636365366797%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=f0470e5e-df45-4cb5-b3ba-2b2d3eebc957&gdpr=0
Request Chain 286
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=116e6188-f436-4e00-b748-983ff3724c10
Request Chain 287
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=8nI0rKJ3P6PpITmn_SUh9fxwPPDpdDuspXEZ3EJk
Request Chain 288
  • https://c1.adform.net/serving/cookie/match?party=22 HTTP 302
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5362326409740733592
Request Chain 291
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK828labqsyijjqMT93jtaE&google_cver=1
Request Chain 294
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=47d32aa039bac7147d71e433998f2a456811698d73dc0894ab7800d388b8b80d&tpid=39&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37ac5138d2d167321d%2F1636365366797%2F0%2Fimg&gdpr=0 HTTP 302
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=116e6188-f436-4e00-b748-983ff3724c10&gdpr=0&gdpr_consent=
Request Chain 295
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=8072093137ab4dbee2a7bc86ffbd460f1eea68789ea533fd6878801780cddd9b&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37ac5138d2d167321d%2F1636365366797%2F0%2Fjs&gdpr=0 HTTP 302
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=8072093137ab4dbee2a7bc86ffbd460f1eea68789ea533fd6878801780cddd9b&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37ac5138d2d167321d%2F1636365366797%2F0%2Fjs&gdpr=0&checkcookies=true HTTP 302
  • https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/js?tpid=48&tpuid=ac8714ddb19f0ee02b92ef57f200d052
Request Chain 297
  • https://x.bidswitch.net/sync?ssp=admatic HTTP 302
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=admatic&bsw_custom_parameter=f7fae9b2-873f-4bef-938d-c40df8f159e7 HTTP 302
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=admatic&bsw_custom_parameter=f7fae9b2-873f-4bef-938d-c40df8f159e7 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=bcc7969b-b386-473c-9afb-992de47ff0ad&ssp=admatic&expires=30&user_group=5&bsw_param=f7fae9b2-873f-4bef-938d-c40df8f159e7 HTTP 302
  • https://ads4.admatic.com.tr/showad/px/ums/sync/bsw?bsw_uuid=f7fae9b2-873f-4bef-938d-c40df8f159e7&dsp_uuid=&dsp_id= HTTP 302
  • https://ads3.admatic.com.tr/user?bsw_uuid=f7fae9b2-873f-4bef-938d-c40df8f159e7&dsp_uuid=&dsp_id=

300 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Redirect Chain
  • https://win.gg/news/7999/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate
  • https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
449 KB
69 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
076286a0e2f64b457cf12071c42f4d3ebbb616a437bb31bc9e3d3e007840cfc1
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9

Response headers

age
0
cache-control
max-age=0, must-revalidate, no-cache, no-store
content-encoding
br
content-type
text/html; charset=UTF-8
date
Mon, 08 Nov 2021 09:56:05 GMT
display
pub_site_sol
expires
Sun, 07 Nov 2021 09:56:05 GMT
link
<https://win.gg/wp-json/>; rel="https://api.w.org/", <https://win.gg/wp-json/wp/v2/news/10337>; rel="alternate"; type="application/json", <https://win.gg/?p=10337>; rel=shortlink
pagespeed
off
response
200
server
nginx
strict-transport-security
max-age=300
vary
Accept-Encoding Accept-Encoding,Cookie,User-Agent
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-ezoic-cdn
Miss
x-middleton-display
pub_site_sol
x-middleton-response
200
x-origin-cache-control
private, proxy-revalidate, s-maxage=0, must-revalidate
x-pantheon-styx-hostname
styx-fe3fe4-d-5fd9d579db-qf4zq
x-served-by
cache-ams21040-AMS, cache-fra19142-FRA
x-sol
pub_site
x-styx-req-id
16616393-407a-11ec-b077-3e6bb4c3c842
x-timer
S1636365365.724424,VS0,VE312

Redirect headers

age
0
cache-control
public, max-age=2592000
content-type
text/html; charset=UTF-8
date
Mon, 08 Nov 2021 09:56:04 GMT
display
staticcontent_sol
location
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
pagespeed
off
response
301
server
nginx
strict-transport-security
max-age=300
vary
Accept-Encoding Cookie,User-Agent,Origin,Accept-Encoding
via
1.1 varnish, 1.1 varnish
x-cache
MISS, MISS
x-cache-hits
0, 0
x-ezoic-cdn
Miss
x-middleton-display
staticcontent_sol
x-middleton-response
301
x-origin-cache-control
no-cache, must-revalidate, max-age=0
x-pantheon-styx-hostname
styx-fe3fe4-d-5fd9d579db-qf4zq
x-redirect-by
WordPress
x-served-by
cache-ams21021-AMS, cache-hhn4057-HHN
x-sol
pub_site
x-styx-req-id
164badae-407a-11ec-b077-3e6bb4c3c842
x-timer
S1636365365.581575,VS0,VE85
content-length
0
index.css
win.gg/wp-content/themes/win/css/ 		29 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/themes/win/css/index.css?v=1.5.9&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
708f9431e56ac3478c5143ad5e8eb3fd88b3ab4a6b745e9508eb7f929bddeeeb
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d841-29d64-gzip"
x-sol
orig
age
3138
x-ezoic-cdn
Hit ds;mm;051fb6117f6a0b847ed0ff8c33d8ca9e;2-255604-79;6be99c0d-88b9-41ec-615f-3887d5136ce0
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
x-served-by
cache-ams12736-AMS, cache-fra19174-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902797.170896,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
c85d9298-3c3d-11ec-9387-d6a21724134b
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-cnbbx
custom-styles.css
win.gg/wp-content/themes/win/css/ 		2 KB
876 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/themes/win/css/custom-styles.css?v=1.1.1&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4a829aec4a48b2ab3be4fd0e18836bd04b384cfaccd8822944d382818eb046ab
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-8bd-gzip"
x-sol
orig
age
3138
x-ezoic-cdn
Hit ds;mm;8361ae898528dceb63e038a4fc26ac6f;2-255604-79;dd46fe7a-7af3-483f-45b8-ae7c0fc9c96c
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
477
x-served-by
cache-ams21079-AMS, cache-fra19175-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902797.165804,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
c87ecff5-3c3d-11ec-9429-8e31b195775f
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-7885c47964-4d42s
style.min.css
win.gg/wp-includes/css/dist/block-library/ 		11 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-includes/css/dist/block-library/style.min.css?ver=5.8.1&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a27c2d80d30fafd29a0791f66d6945213e71c9c7f65a43f36bccd4159cbe0d80
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d841-13abe-gzip"
x-sol
orig
age
3138
x-ezoic-cdn
Hit ds;mm;27ec322a3270a9e8d23462faa90575b8;2-255604-79;009c5d9b-14bd-4799-7768-bf93217de5b2
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
1487
x-served-by
cache-ams12725-AMS, cache-fra19139-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902797.169529,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
c86520f2-3c3d-11ec-a9b0-aa1c53e674a7
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-7885c47964-525kb
blocks.style.build.css
win.gg/wp-content/plugins/embedpress/Gutenberg/dist/ 		0
311 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/plugins/embedpress/Gutenberg/dist/blocks.style.build.css?ver=1636061687&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 varnish, 1.1 varnish
etag
W/"618451f8-614"
x-sol
orig
age
0
x-ezoic-cdn
Hit ds;mm;f59d67bbccb91d9c81b1c7e578af3f91;2-255604-79;fb85b7ed-e696-41ff-6bff-7fe71277865d
x-cache
MISS, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
0, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
0
x-served-by
cache-ams12753-AMS, cache-fra19123-FRA
response
200
last-modified
Thu, 04 Nov 2021 21:34:48 GMT
server
nginx
x-timer
S1636061693.066137,VS0,VE15
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
x-styx-req-id
0bf7b5f9-3db7-11ec-b367-326ab8d9aa62
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-5c5fdf9c46-sxnb8
dashicons.min.css
win.gg/wp-includes/css/ 		42 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-includes/css/dashicons.min.css?ver=5.8.1&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
0eef35992b214af5251445fa6edda217dec37eb85de291752f74a9193d04d27c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d843-e688-gzip"
x-sol
orig
age
2139
x-ezoic-cdn
Hit ds;mm;a8a7a52692774d7acb27d9b0a41b72c7;2-255604-79;9ddd6ce4-bfb1-4e94-7dad-31ef2c9a16ba
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
x-served-by
cache-ams21031-AMS, cache-hhn4037-HHN
response
200
last-modified
Wed, 03 Nov 2021 00:30:59 GMT
server
nginx
x-timer
S1635902797.164082,VS0,VE10
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
1badb52c-3c40-11ec-9387-d6a21724134b
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-cnbbx
rounded-thumbs.min.css
win.gg/wp-content/plugins/contextual-related-posts/css/ 		0
292 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=1.0.1&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 varnish, 1.1 varnish
etag
W/"6181d841-4a9"
x-sol
orig
age
3138
x-ezoic-cdn
Hit ds;mm;d998c94939bb5942280b9358bc81d234;2-255604-79;39f9d606-b15e-42c4-55cc-6f1e067946e9
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
0
x-served-by
cache-ams21075-AMS, cache-fra19164-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902797.163156,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
x-styx-req-id
c864f9b3-3c3d-11ec-9387-d6a21724134b
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-cnbbx
embedpress.css
win.gg/wp-content/plugins/embedpress/assets/css/ 		0
407 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/plugins/embedpress/assets/css/embedpress.css?ver=5.8.1&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 varnish, 1.1 varnish
etag
W/"6181d842-2397"
x-sol
orig
age
3137
x-ezoic-cdn
Hit ds;mm;cf3baf68d546401562595c2b5e43b6a2;2-255604-79;28581555-1d6f-404b-4b38-70e717247028
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
0
x-served-by
cache-ams12749-AMS, cache-fra19174-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902797.157417,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
x-styx-req-id
c88e8cd1-3c3d-11ec-a9b0-aa1c53e674a7
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-7885c47964-525kb
mu-style.css
win.gg/wp-content/plugins/sharethis-share-buttons/css/ 		0
313 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/plugins/sharethis-share-buttons/css/mu-style.css?ver=5.8.1&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 varnish, 1.1 varnish
etag
W/"6181d842-1a"
x-sol
orig
age
3138
x-ezoic-cdn
Hit ds;mm;95ae07a38703524064a74fd6c50d0b84;2-255604-79;dd61fcee-75cc-4d3f-633b-7b17eb2719f6
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
0
x-served-by
cache-ams12761-AMS, cache-fra19141-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902797.156752,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
x-styx-req-id
c86646bc-3c3d-11ec-806f-3269da417963
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-jptrv
win-gg-public.css
win.gg/wp-content/plugins/win-gg/public/css/ 		0
224 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/plugins/win-gg/public/css/win-gg-public.css?ver=1.0.0&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 varnish, 1.1 varnish
etag
W/"6181d841-62"
x-sol
orig
age
3137
x-ezoic-cdn
Hit ds;mm;4ad16b3ce1ec8cca0416aaf40d44a1e4;2-255604-79;0d2390a7-c0ab-4c46-6860-a38f5db520cf
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
0
x-served-by
cache-ams21050-AMS, cache-fra19169-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902797.174378,VS0,VE10
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
x-styx-req-id
c88df9c5-3c3d-11ec-806f-3269da417963
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-jptrv
style.css
win.gg/wp-content/themes/win/ 		558 B
429 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/themes/win/style.css?ver=1.0.0&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
0e91990a1d7118d1a8b8e4f8b3f1c650f0d575624213daa957363fd9833bc24f
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d841-7d9-gzip"
x-sol
orig
age
3138
x-ezoic-cdn
Hit ds;mm;4aeda9832e2fea3b6684865acbd5e8e6;2-255604-79;e07d81ee-8b00-4122-6de9-416c843ecad9
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
196
x-served-by
cache-ams21041-AMS, cache-hhn4070-HHN
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902797.168778,VS0,VE10
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
c8669410-3c3d-11ec-806f-3269da417963
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-jptrv
pdfobject.min.js
win.gg/wp-content/plugins/embedpress/assets/js/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/plugins/embedpress/assets/js/pdfobject.min.js?ver=3.2.1
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c1a86d7c11a5c83b82c7e6f814aff6286a9fe3483b8e0e2c16089370bad4676d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-34d3-gzip"
age
3142
x-ezoic-cdn
Hit ds;mm;df872bece1306577295992dda13f1b20;2-255604-79;25596725-7c02-43ab-5158-b7819f9e08fc
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
4088
x-served-by
cache-ams12728-AMS, cache-hhn4030-HHN
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902801.209010,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
c8681ae2-3c3d-11ec-9387-d6a21724134b
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-cnbbx
jquery.min.js
win.gg/wp-includes/js/jquery/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-15db1-gzip"
age
623
x-ezoic-cdn
Hit ds;mm;50d057da7aaf7d91656d68a151a7cca7;2-255604-79;c29d4559-8a76-45ce-4368-7fa1e1769983
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
x-served-by
cache-ams12731-AMS, cache-fra19135-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902801.204280,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
a5fa0ee7-3c43-11ec-806f-3269da417963
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-jptrv
jquery-migrate.min.js
win.gg/wp-includes/js/jquery/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-2bd8-gzip"
age
623
x-ezoic-cdn
Hit ds;mm;7a11791901b6cd3c8ae1579f76ed157e;2-255604-79;f9f32603-873d-4b92-6fcb-8c76b76e6ab6
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
3998
x-served-by
cache-ams12723-AMS, cache-fra19142-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902801.205286,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
a5fa39df-3c43-11ec-9429-8e31b195775f
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-7885c47964-4d42s
sharethis.js
platform-api.sharethis.com/js/ 		183 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform-api.sharethis.com/js/sharethis.js
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-98.fra50.r.cloudfront.net
Software
/
Resource Hash
b3dca6992b4f8770bc3dba5f82f6325a82d2adabf685da88d950f6fe87b16716

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:48:12 GMT
content-encoding
gzip
age
473
etag
W/"2dcf1-RQaJcGO9+DuZ32kDJGMESLkOoPg"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
via
1.1 a394c864b23364262af48fed4e7e9fad.cloudfront.net (CloudFront)
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
e4IuSu8sOmisxEx1dcBXp3BoW7y81_L8LI-WBH4iXuZGL9PSNw5ZMg==
win-gg-public.js
win.gg/wp-content/plugins/win-gg/public/js/ 		838 B
595 B 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/plugins/win-gg/public/js/win-gg-public.js?ver=1.0.0
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-346-gzip"
age
3142
x-ezoic-cdn
Hit ds;mm;d1166ae83f155bbc2c21f0e958fbcb01;2-255604-79;64e85416-1640-4600-7593-93fb0c2070f6
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
412
x-served-by
cache-ams12728-AMS, cache-hhn4030-HHN
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902801.202542,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
c869b954-3c3d-11ec-9387-d6a21724134b
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-cnbbx
gtm4wp-youtube.js
win.gg/wp-content/plugins/duracelltomi-google-tag-manager/js/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-youtube.js?ver=1.13.1
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a83bf33080e6fd7aa375b48f11f4ac7b1a186d94a36af178e417cc00d6e09a7d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d841-1c80-gzip"
age
3142
x-ezoic-cdn
Hit ds;mm;eb6bfb4df1d0db5e874c628b191330b1;2-255604-79;712a1c27-e50a-4e03-62a3-4293980ad5c4
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
1281
x-served-by
cache-ams21075-AMS, cache-hhn4022-HHN
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902801.207020,VS0,VE10
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
c8688d50-3c3d-11ec-9387-d6a21724134b
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-cnbbx
analytics-talk-content-tracking.js
win.gg/wp-content/plugins/duracelltomi-google-tag-manager/js/ 		4 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/plugins/duracelltomi-google-tag-manager/js/analytics-talk-content-tracking.js?ver=1.13.1
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c983bccbfa3aeec262e4469747aaf9d860d93fedcf3ba263c84bd7ef21430234
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d841-f16-gzip"
age
3142
x-ezoic-cdn
Hit ds;mm;b98db409ddaa9dc76b68a7d82cbfcba8;2-255604-79;d3c2397f-60c2-4775-77c2-bde2fa4cb9d8
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
1132
x-served-by
cache-ams12772-AMS, cache-fra19120-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902801.210557,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
c869ddbb-3c3d-11ec-a9b0-aa1c53e674a7
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-7885c47964-525kb
wpp.min.js
win.gg/wp-content/plugins/wordpress-popular-posts/assets/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=5.4.2
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ace4208545fb0ff5ea87fbe1470d3bf0af8e73d7d52fea869966c4b9d8c78a60
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-bc3-gzip"
age
3142
x-ezoic-cdn
Hit ds;mm;549c00d922e8d6404fa2101e17aba8d1;2-255604-79;488da5fd-1f87-42fc-558f-185e39ea18e1
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
1215
x-served-by
cache-ams21021-AMS, cache-hhn4042-HHN
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902801.210600,VS0,VE10
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
c869a7e8-3c3d-11ec-9429-8e31b195775f
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-7885c47964-4d42s
myloadmore.js
win.gg/wp-content/themes/win/js/ 		1 KB
752 B 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/themes/win/js/myloadmore.js?ver=5.8.1
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c555bc295bb01f8cf5343bf7e338efa35182951447d9362a01ab618b31935ed4
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d841-490-gzip"
age
3142
x-ezoic-cdn
Hit ds;mm;ad4c2e8adceb41cfaec9258a0bc97592;2-255604-79;1ccdf83a-e8f5-4cf3-67aa-751ab959cfab
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
506
x-served-by
cache-ams12749-AMS, cache-fra19127-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902801.209728,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
c86b687e-3c3d-11ec-9387-d6a21724134b
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-cnbbx
dashicons.ttf
win.gg/wp-includes/fonts/ 		55 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-includes/fonts/dashicons.ttf?99ac726223c749443b642ce33df8b800
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cacd900a2587c234c53e9d0108fc51ff6c61420c4f89a1731014b673a7b9a1a8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Origin
https://win.gg
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-dc48-gzip"
age
187
x-ezoic-cdn
Hit ds;mm;7853ef15cb261014823b6e1f4ce05260;2-255604-79;0faf6364-7551-46c0-763b-670ba081f7ca
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
x-served-by
cache-ams21041-AMS, cache-hhn4029-HHN
access-control-allow-origin
*
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902801.206988,VS0,VE10
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-font-ttf
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
a97e625a-3c44-11ec-9387-d6a21724134b
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-cnbbx
consentsettings.js
win.gg/detroitchicago/ 		1 KB
696 B 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/detroitchicago/consentsettings.js?cb=2
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
383472db86bc19b822592340828e1a9d680ece8e6a5114eb4744351081fdea3c

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
last-modified
Mon, 08 Nov 2021 07:11:38 GMT
server
nginx
etag
"5be-5d041b439727e;5c701b9c2cf40-gzip"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
content-length
525
banger.js
win.gg/porpoiseant/ 		50 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/porpoiseant/banger.js?cb=195-0&bv=83&v=55&PageSpeed=off
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4098a1bac66df8c517bb37d59d5a915ac296d00a8526b08d8272f9e2c4e2adc1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
server
nginx
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public
x-robots-tag
noindex
wp-emoji-release.min.js
win.gg/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-includes/js/wp-emoji-release.min.js?ver=5.8.1
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d843-4705-gzip"
age
2142
x-ezoic-cdn
Hit ds;mm;687cacc22fbe4dece0618e83f2787bb3;2-255604-79;497fbaa2-ef4d-4769-7537-0d4ac2375947
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
x-served-by
cache-ams12767-AMS, cache-hhn4053-HHN
response
200
last-modified
Wed, 03 Nov 2021 00:30:59 GMT
server
nginx
x-timer
S1635902801.401244,VS0,VE10
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
1c671b51-3c40-11ec-9387-d6a21724134b
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-cnbbx
liveView.php
live.primis.tech/live/ 		43 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveView.php?s=104669&vp_content=plembed2011ghzmiptq
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
0f4ea72595b897c003af2e0ec5e89574e208237b22b2192be022750894c2c206

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
content-type
text/javascript; charset=utf-8
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/3.5.1/ 		87 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Sat, 06 Nov 2021 00:10:58 GMT
x-content-type-options
nosniff
age
207907
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
89476
x-xss-protection
0
last-modified
Fri, 08 May 2020 07:05:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="hosted-libraries-pushers"
expires
Sun, 06 Nov 2022 00:10:58 GMT
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/js/ 		77 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.0.1/dist/js/bootstrap.bundle.min.js
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5714 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79d443b15f542c8a8acca8e937f2a3c90ecba78bd49fdbac6c9b878c7f1293e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://win.gg/
Origin
https://win.gg
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
1170553
x-jsd-version
5.0.1
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by
cache-fra19121-FRA, cache-mxp6979-MXP
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"1339c-XbTEDbxr09liPumKIGHdJliFzy4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
cf-ray
6aadedecea5859cb-MXP
custom.js
win.gg/wp-content/themes/win/js/ 		2 KB
920 B 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/themes/win/js/custom.js?ver=1
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cea9c3393f4b0a57475e38dbbff527aca7a3aa2d107b4b4742b937c2507e2063
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-762-gzip"
age
3141
x-ezoic-cdn
Hit ds;mm;ca5a6afa4bd45676d088dc73fae68cc5;2-255604-79;cb34ec04-4140-4d25-543b-5decb5921516
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
707
x-served-by
cache-ams21026-AMS, cache-hhn4059-HHN
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902801.228361,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
c8acd03f-3c3d-11ec-806f-3269da417963
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-jptrv
app.js
win.gg/wp-content/themes/win/js/ 		2 KB
715 B 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/themes/win/js/app.js?ver=1.0.4
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
935b2f1cdbf1af0439e86ecbd0ca09a2b3a91807ae651cf3f840f9237a45a667
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-718-gzip"
age
3141
x-ezoic-cdn
Hit ds;mm;bb0c8de94a1d9c208ce349ffedb8e213;2-255604-79;1054988a-937c-485b-7755-35ca669b99ef
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
411
x-served-by
cache-ams12720-AMS, cache-fra19182-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902801.230836,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
c8ae7e97-3c3d-11ec-9429-8e31b195775f
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-7885c47964-4d42s
front.js
win.gg/wp-content/plugins/embedpress/assets/js/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/plugins/embedpress/assets/js/front.js?ver=3.2.1
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f62e11b110b6233da7f94fc6715e2d026d3dd3cc22fa394623ba16c9316fa8f8
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-7bb-gzip"
age
3141
x-ezoic-cdn
Hit ds;mm;023c17ecc3422746f41ee0482784c7f2;2-255604-79;9bd23ba4-5792-49d4-6368-34381c189cb8
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
743
x-served-by
cache-ams12742-AMS, cache-fra19125-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902801.230084,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
c8aeb862-3c3d-11ec-806f-3269da417963
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-jptrv
navigation.js
win.gg/wp-content/themes/win/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/themes/win/js/navigation.js?ver=1.0.0
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
60e1017c6585464aa240b13f4074ab5ea100dcbdb72615124ff575bcc891a542
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d841-ba0-gzip"
age
3141
x-ezoic-cdn
Hit ds;mm;cca13f525d9d477139ac577db149a09b;2-255604-79;b64c7258-6477-44e6-699b-3ec165391df8
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
933
x-served-by
cache-ams21044-AMS, cache-fra19155-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902801.231564,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
c8ae51c2-3c3d-11ec-806f-3269da417963
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-jptrv
wp-embed.min.js
win.gg/wp-includes/js/ 		1 KB
881 B 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-includes/js/wp-embed.min.js?ver=5.8.1
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-592-gzip"
age
3141
x-ezoic-cdn
Hit ds;mm;87b14d717e46be9e1f6cd10883c73a49;2-255604-79;d05327a9-c003-41ce-5a2f-17f2679fb6ee
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
663
x-served-by
cache-ams12733-AMS, cache-fra19171-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902801.237268,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
c8ae7d7d-3c3d-11ec-806f-3269da417963
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-jptrv
ezcl.webp
win.gg/utilcave_com/inc/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/utilcave_com/inc/ezcl.webp?cb=4
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
x-sol
middleton
server
nginx
display
staticcontent_sol
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
x-middleton-display
staticcontent_sol
cache-control
max-age=86400
content-length
605
60fa285f7c9b910013246b5d.js
buttons-config.sharethis.com/js/ 		1 KB
914 B 		Script
General
Check archive.org
Download Go to
Full URL
https://buttons-config.sharethis.com/js/60fa285f7c9b910013246b5d.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:b600:c:abe:f440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1f5b6267968f60e8c5f023222caa8cfdd05574076c8ea3740894ef93fd4b8ba3

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-encoding
gzip
etag
W/"b5b12554debecb814fc68e90517a2655"
last-modified
Mon, 11 Oct 2021 23:54:27 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
text/javascript
via
1.1 6b8ac2d6d64dc42007741d312e2d73ab.cloudfront.net (CloudFront)
cache-control
public, max-age=60
x-amz-cf-id
EuqanUxpEqz-9yMWwsN1yJROT0b9PlATsRaWXhC1d5v5ECFqbWbwjQ==
iframe_api
www.youtube.com/ 		980 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: win.gg
URL: https://win.gg/wp-content/plugins/duracelltomi-google-tag-manager/js/gtm4wp-youtube.js?ver=1.13.1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2aee396045e8313003eda4d9b0acc42c7a9cbd7c29b4a32480ba2489baacbecc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=it for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
server
ESF
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
report-to
{"group":"AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"}]}
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=0
permissions-policy
ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdexiF0ssZ_nH8Dr-M3QgbdVRvO77RECMA"
expires
Mon, 08 Nov 2021 09:56:05 GMT
popular-posts
win.gg/wp-json/wordpress-popular-posts/v1/ 		54 B
686 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-json/wordpress-popular-posts/v1/popular-posts
Requested by
Host: win.gg
URL: https://win.gg/wp-content/plugins/wordpress-popular-posts/assets/js/wpp.min.js?ver=5.4.2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
4a19a7aff7822fad5a9c7c2c0453177cef72e10fcfdc2f3eb5c31b2a8e4f24f0
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
X-Requested-With
XMLHttpRequest
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

content-encoding
br
x-sol
pub_site
age
0
x-pantheon-styx-hostname
styx-fe3fe4-c-5c5fdf9c46-x9p47
x-middleton-display
staticcontent_sol
strict-transport-security
max-age=300
x-served-by
cache-ams21020-AMS, cache-fra19163-FRA
x-wp-nonce
4428d1b990
x-timer
S1636365365.355683,VS0,VE94
x-origin-cache-control
public, max-age=600
vary
Accept-Encoding, Origin,Accept-Encoding
access-control-allow-methods
OPTIONS, GET, POST, PUT, PATCH, DELETE
content-type
application/json; charset=UTF-8
x-styx-req-id
16c1a964-407a-11ec-8a64-c648c161b27c
access-control-expose-headers
X-WP-Total, X-WP-TotalPages, Link
cache-control
public, max-age=600
x-robots-tag
noindex
access-control-allow-headers
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
x-cache-hits
0, 0
date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
access-control-allow-origin
https://win.gg
x-ezoic-cdn
Miss
x-cache
MISS, MISS
x-middleton-response
201
content-length
51
link
<https://win.gg/wp-json/>; rel="https://api.w.org/"
response
201
server
nginx
allow
GET, POST
access-control-allow-credentials
true
display
staticcontent_sol
gtm.js
www.googletagmanager.com/ 		135 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-598L2T6
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
126c2f717e7156d14ab6202014846c69b291675708e42e8168a29b466eb8aebe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49204
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 08 Nov 2021 09:56:05 GMT
cmbv2.js
win.gg/detroitchicago/ 		68 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1f-3&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1f
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ceff8f79fc08dd279e8dc90d0e877071ee32398794afb661107f79432daf7289

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
server
nginx
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public, max-age=31536000, public
x-robots-tag
noindex
liveView.php
live.primis.tech/live/ Frame C8B1 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveView.php?s=104669&vp_content=plembed2011ghzmiptq&cbuster=1636365365&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=104669&vp_content=plembed2011ghzmiptq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
0cae5fa60b7fe1d9bd45050df69e07fc2b0358e6b85cd6eecf6b5d5bf4d73dea

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:04 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
content-type
text/javascript; charset=utf-8
cmp.js
g.ezodn.com/cmp/v2/ 		518 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://g.ezodn.com/cmp/v2/cmp.js?v=49
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3036::ac43:a1d1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16910f012ec529e4bef4051c3f178f72302c5ef55973277ba7aa36b5d19b91e2

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Tue, 02 Nov 2021 07:11:22 GMT
server
cloudflare
age
468819
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q7JzUadOiLxqm%2BPrEI1qIFFJ7X0HngAtTt5siafBvGSrfuKXcuatVBocNVRZRLrYgBWFAGAZpsfHTlqPrCGoXjUUIqVZlI6n9T5alJ0n3p%2F%2FqegrUvB8GUpcpAZ7u81WCYe01mWFlUhgPg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=604800
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray
6aadedee3acd0f82-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
nmash.js
win.gg/porpoiseant/ 		24 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/porpoiseant/nmash.js?v=1
Requested by
Host: win.gg
URL: https://win.gg/porpoiseant/banger.js?cb=195-0&bv=83&v=55&PageSpeed=off
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
d86923070cdd3b26c384dfb89877b54c56cc30ebcaca4b9ef0fefeb935d5c7ef

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
last-modified
Mon, 08 Nov 2021 07:53:24 GMT
server
nginx
etag
"6083-5d04249976735;5c701b9c2cf40-gzip"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cache-control
max-age=31536000, public
accept-ranges
bytes
x-robots-tag
noindex
imp.gif
win.gg/detroitchicago/ 		43 B
128 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://win.gg/detroitchicago/imp.gif?e=%7B%22ad_cache_level%22%3A1%2C%22ad_count_adjustment%22%3A0%2C%22ad_lazyload_version%22%3A5%2C%22ad_load_version%22%3A2%2C%22ad_location_ids%22%3A%22%22%2C%22ad_transform_level%22%3A0%2C%22adx_ad_count%22%3A0%2C%22bidder_method%22%3A1%2C%22bidder_version%22%3A3%2C%22city%22%3A%22Milan%22%2C%22country%22%3A%22IT%22%2C%22days_since_last_visit%22%3A-1%2C%22display_ad_count%22%3A0%2C%22domain_id%22%3A255604%2C%22ds_adsize_opt_id%22%3A-1%2C%22engaged_time_visit%22%3A0%2C%22ezcache_level%22%3A1%2C%22ezcache_skip_code%22%3A3%2C%22form_factor_id%22%3A1%2C%22framework_id%22%3A1%2C%22has_bad_image%22%3A0%2C%22has_bad_words%22%3A1%2C%22iab_category%22%3A%22%22%2C%22is_from_recommended_pages%22%3Afalse%2C%22is_return_visitor%22%3Afalse%2C%22is_sitespeed%22%3A1%2C%22last_page_load%22%3A%22%22%2C%22last_pageview_id%22%3A%22%22%2C%22lt_cache_level%22%3A0%2C%22max_ads%22%3A0%2C%22metro_code%22%3A0%2C%22optimization_version%22%3A1%2C%22page_ad_positions%22%3A%22%22%2C%22page_view_count%22%3A0%2C%22page_view_id%22%3A%22afb2b3d6-8e04-45cc-4921-b43cbead7c12%22%2C%22position_selection_id%22%3A39%2C%22postal_code%22%3A%2220153%22%2C%22pv_event_count%22%3A0%2C%22response_size_orig%22%3A358621%2C%22response_time_orig%22%3A329%2C%22serverid%22%3A%2218.198.27.100%3A28289%22%2C%22state%22%3A%22MI%22%2C%22sub_page_ad_positions%22%3A%22%22%2C%22t_epoch%22%3A1636365364%2C%22template_id%22%3A134%2C%22time_on_site_visit%22%3A0%2C%22url%22%3A%22https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F%22%2C%22user_id%22%3A0%2C%22word_count%22%3A787%2C%22worst_bad_word_level%22%3A1%7D
Requested by
Host: win.gg
URL: https://win.gg/detroitchicago/cmbv2.js?gcb=195-0&cb=04-1y02-5y06-12y07-1y19-5y0b-5y0d-14y13-3y17-4y1a-2y1b-1y1f-3&cmbcb=20&sj=x04x02x06x07x19x0bx0dx13x17x1ax1bx1f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
server
nginx
vary
Accept-Encoding, Accept-Encoding, Accept-Encoding
content-type
image/gif
x-middleton-display
imp_sol
cache-control
no-cache, no-store, must-revalidate, max-age=0
content-length
47
index.css
win.gg/wp-content/themes/win/css/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://win.gg/wp-content/themes/win/css/index.css?v=1.5.9&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d841-29d64-gzip"
x-sol
orig
age
3138
x-ezoic-cdn
Hit ds;mm;051fb6117f6a0b847ed0ff8c33d8ca9e;2-255604-79;6be99c0d-88b9-41ec-615f-3887d5136ce0
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
x-served-by
cache-ams12736-AMS, cache-fra19174-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902797.170896,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
c85d9298-3c3d-11ec-9387-d6a21724134b
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-cnbbx
custom-styles.css
win.gg/wp-content/themes/win/css/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://win.gg/wp-content/themes/win/css/custom-styles.css?v=1.1.1&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-8bd-gzip"
x-sol
orig
age
3138
x-ezoic-cdn
Hit ds;mm;8361ae898528dceb63e038a4fc26ac6f;2-255604-79;dd46fe7a-7af3-483f-45b8-ae7c0fc9c96c
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
477
x-served-by
cache-ams21079-AMS, cache-fra19175-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902797.165804,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
c87ecff5-3c3d-11ec-9429-8e31b195775f
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-7885c47964-4d42s
style.min.css
win.gg/wp-includes/css/dist/block-library/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://win.gg/wp-includes/css/dist/block-library/style.min.css?ver=5.8.1&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d841-13abe-gzip"
x-sol
orig
age
3138
x-ezoic-cdn
Hit ds;mm;27ec322a3270a9e8d23462faa90575b8;2-255604-79;009c5d9b-14bd-4799-7768-bf93217de5b2
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
1487
x-served-by
cache-ams12725-AMS, cache-fra19139-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902797.169529,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
c86520f2-3c3d-11ec-a9b0-aa1c53e674a7
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-7885c47964-525kb
blocks.style.build.css
win.gg/wp-content/plugins/embedpress/Gutenberg/dist/ 		0
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://win.gg/wp-content/plugins/embedpress/Gutenberg/dist/blocks.style.build.css?ver=1636061687&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 varnish, 1.1 varnish
etag
W/"618451f8-614"
x-sol
orig
age
0
x-ezoic-cdn
Hit ds;mm;f59d67bbccb91d9c81b1c7e578af3f91;2-255604-79;fb85b7ed-e696-41ff-6bff-7fe71277865d
x-cache
MISS, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
0, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
0
x-served-by
cache-ams12753-AMS, cache-fra19123-FRA
response
200
last-modified
Thu, 04 Nov 2021 21:34:48 GMT
server
nginx
x-timer
S1636061693.066137,VS0,VE15
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
x-styx-req-id
0bf7b5f9-3db7-11ec-b367-326ab8d9aa62
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-5c5fdf9c46-sxnb8
dashicons.min.css
win.gg/wp-includes/css/ 		42 KB
42 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://win.gg/wp-includes/css/dashicons.min.css?ver=5.8.1&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d843-e688-gzip"
x-sol
orig
age
2139
x-ezoic-cdn
Hit ds;mm;a8a7a52692774d7acb27d9b0a41b72c7;2-255604-79;9ddd6ce4-bfb1-4e94-7dad-31ef2c9a16ba
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
x-served-by
cache-ams21031-AMS, cache-hhn4037-HHN
response
200
last-modified
Wed, 03 Nov 2021 00:30:59 GMT
server
nginx
x-timer
S1635902797.164082,VS0,VE10
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
1badb52c-3c40-11ec-9387-d6a21724134b
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-cnbbx
rounded-thumbs.min.css
win.gg/wp-content/plugins/contextual-related-posts/css/ 		0
460 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://win.gg/wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=1.0.1&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 varnish, 1.1 varnish
etag
W/"6181d841-4a9"
x-sol
orig
age
3138
x-ezoic-cdn
Hit ds;mm;d998c94939bb5942280b9358bc81d234;2-255604-79;39f9d606-b15e-42c4-55cc-6f1e067946e9
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
0
x-served-by
cache-ams21075-AMS, cache-fra19164-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902797.163156,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
x-styx-req-id
c864f9b3-3c3d-11ec-9387-d6a21724134b
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-cnbbx
embedpress.css
win.gg/wp-content/plugins/embedpress/assets/css/ 		0
454 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://win.gg/wp-content/plugins/embedpress/assets/css/embedpress.css?ver=5.8.1&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 varnish, 1.1 varnish
etag
W/"6181d842-2397"
x-sol
orig
age
3137
x-ezoic-cdn
Hit ds;mm;cf3baf68d546401562595c2b5e43b6a2;2-255604-79;28581555-1d6f-404b-4b38-70e717247028
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
0
x-served-by
cache-ams12749-AMS, cache-fra19174-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902797.157417,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
x-styx-req-id
c88e8cd1-3c3d-11ec-a9b0-aa1c53e674a7
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-7885c47964-525kb
mu-style.css
win.gg/wp-content/plugins/sharethis-share-buttons/css/ 		0
219 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://win.gg/wp-content/plugins/sharethis-share-buttons/css/mu-style.css?ver=5.8.1&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 varnish, 1.1 varnish
etag
W/"6181d842-1a"
x-sol
orig
age
3138
x-ezoic-cdn
Hit ds;mm;95ae07a38703524064a74fd6c50d0b84;2-255604-79;dd61fcee-75cc-4d3f-633b-7b17eb2719f6
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
0
x-served-by
cache-ams12761-AMS, cache-fra19141-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902797.156752,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
x-styx-req-id
c86646bc-3c3d-11ec-806f-3269da417963
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-jptrv
win-gg-public.css
win.gg/wp-content/plugins/win-gg/public/css/ 		0
224 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://win.gg/wp-content/plugins/win-gg/public/css/win-gg-public.css?ver=1.0.0&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 varnish, 1.1 varnish
etag
W/"6181d841-62"
x-sol
orig
age
3137
x-ezoic-cdn
Hit ds;mm;4ad16b3ce1ec8cca0416aaf40d44a1e4;2-255604-79;0d2390a7-c0ab-4c46-6860-a38f5db520cf
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
0
x-served-by
cache-ams21050-AMS, cache-fra19169-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902797.174378,VS0,VE10
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
x-styx-req-id
c88df9c5-3c3d-11ec-806f-3269da417963
cache-control
public, max-age=31536000
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-jptrv
style.css
win.gg/wp-content/themes/win/ 		558 B
558 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://win.gg/wp-content/themes/win/style.css?ver=1.0.0&ez_used_css_s=13
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d841-7d9-gzip"
x-sol
orig
age
3138
x-ezoic-cdn
Hit ds;mm;4aeda9832e2fea3b6684865acbd5e8e6;2-255604-79;e07d81ee-8b00-4122-6de9-416c843ecad9
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, orig_site_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
196
x-served-by
cache-ams21041-AMS, cache-hhn4070-HHN
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902797.168778,VS0,VE10
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
text/css
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
c8669410-3c3d-11ec-806f-3269da417963
display
staticcontent_sol, orig_site_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-jptrv
cmbdv2.js
win.gg/detroitchicago/ 		43 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://win.gg/detroitchicago/cmbdv2.js?gcb=195-0&cb=03-5y0c-5y18-4&cmbcb=20&sj=x03x0cx18
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
dfb9840e362eb5cc9a96353c6b89562cb360fbc5c38bc5133fc5a9e6c460a456

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
server
nginx
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
x-middleton-display
sol-js
cache-control
max-age=31536000, public, max-age=31536000, public
x-robots-tag
noindex
logo--dark.png
win.gg/wp-content/themes/win/assets/ 		13 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://win.gg/wp-content/themes/win/assets/logo--dark.png
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ebab19f74d95b1c10457dbf025009438a9479c198c5e96a829c64f4b4298cf46
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
"6181d842-3435-gzip"
age
3137
x-ezoic-cdn
Hit ds;mm;83d6e92484cb3e75716d513d7359b9a8;2-255604-79;2ec3329a-f81c-44f6-5648-ec3421c60a4c
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, User-Agent,Origin,Accept-Encoding
x-served-by
cache-ams12754-AMS, cache-hhn4051-HHN
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902797.171769,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
image/png
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
c8ef71ba-3c3d-11ec-9429-8e31b195775f
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-7885c47964-4d42s
sun--dark.png
win.gg/wp-content/themes/win/assets/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://win.gg/wp-content/themes/win/assets/sun--dark.png
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
875ca1fe8a85b43fefb0206533f96bd56905305e6e0291c0b5284daf07b0c9e9
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
"6181d841-490-gzip"
age
3137
x-ezoic-cdn
Hit ds;mm;d8e71934369849cda63ffbee45913a44;2-255604-79;d7839b09-617c-4101-47b9-3c576af1d59f
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, User-Agent,Origin,Accept-Encoding
content-length
1172
x-served-by
cache-ams12733-AMS, cache-fra19125-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:57 GMT
server
nginx
x-timer
S1635902797.159249,VS0,VE10
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
image/png
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
c8f0aa41-3c3d-11ec-9387-d6a21724134b
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-cnbbx
search--dark.svg
win.gg/wp-content/themes/win/assets/ 		608 B
593 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://win.gg/wp-content/themes/win/assets/search--dark.svg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
62c6ababbe88d3d4496203cd685f2b900a0cb382b8e24704ad25e84b8ed80833
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-260-gzip"
age
3137
x-ezoic-cdn
Hit ds;mm;ccf92ad84bedceade2dc9e9a6c739300;2-255604-79;d4165aa8-7f0b-4c14-65d5-1b729552a0f3
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
339
x-served-by
cache-ams21045-AMS, cache-hhn4081-HHN
access-control-allow-origin
*
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902797.163511,VS0,VE10
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
image/svg+xml
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=31536000
x-styx-req-id
c8f157a4-3c3d-11ec-806f-3269da417963
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-d-9d8bc846d-jptrv
has-corpse-husband-ever-shown-his-face-question-mark-we-investigate.jpg
cdn-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/ 		77 KB
77 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:c400:12:b1b7:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b6c2c004674f17d54d9905790df57a805fbff7ac2f3022b5d1474213b2a8fa2d

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified
Fri, 27 Aug 2021 21:07:03 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"111c85e58415ce5fa04ea1368ad5aaa5"
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31557600
x-cache
Miss from cloudfront
content-length
78660
x-amz-cf-id
ckhghtgvaHe1sVRuQQHLmQ1vulxiDW9WgrLIezmLKftLsCPWnbWhuA==
the-history-of-ninja-from-halo-to-streaming-on-twitch-and-mixer.jpg
cdn-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/ 		114 KB
115 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/the-history-of-ninja-from-halo-to-streaming-on-twitch-and-mixer.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:c400:12:b1b7:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c31654127300d01cf59bee84cc2691f26493ba20bf30d4f567ccb1f2dee4a912

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified
Fri, 27 Aug 2021 21:07:03 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"89955d92395db2b87118ce70e64299a9"
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31557600
x-cache
Miss from cloudfront
content-length
117072
x-amz-cf-id
DotEe8ydPAy-3LjzFd9t5SRCAIomH_Qy0ZPMMyzzZXkecq17MjoQCw==
pathfinders-voice-actor-on-working-apex-legends-next-respawn-game.jpg
api-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/
Redirect Chain
  • https://cdn-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/pathfinders-voice-actor-on-working-apex-legends-next-respawn-game.jpg
  • https://api-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/pathfinders-voice-actor-on-working-apex-legends-next-respawn-game.jpg
0
0
top-10-gaming-and-esports-streamers-on-twitch.jpg
cdn-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/ 		130 KB
130 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/top-10-gaming-and-esports-streamers-on-twitch.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:c400:12:b1b7:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
98f10959d56f5914d9c5dbe05e695bd1e4cc30dc68729f0b22f691d0dea3f19c

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified
Fri, 27 Aug 2021 21:07:03 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"d88c209295723468d6bee054fd30d971"
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31557600
x-cache
Miss from cloudfront
content-length
132662
x-amz-cf-id
jAaDHwJgiuusJ_uuNw5ljUWXPgSZsWbXSeCacCCK2vk75qTdzRMLCQ==
who-is-breakout-twitch-star-sykkuno-question-mark-and-who-is-he-dating-question-mark.jpg
cdn-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/ 		113 KB
113 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/who-is-breakout-twitch-star-sykkuno-question-mark-and-who-is-he-dating-question-mark.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:c400:12:b1b7:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0ead993a38ac2331daec6b258056b9015c3ca70d84f6ce47299a157feab33efe

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified
Fri, 27 Aug 2021 22:18:35 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"cc8c5e88201f404eb60466b30d81f0c5"
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31557600
x-cache
Miss from cloudfront
content-length
115524
x-amz-cf-id
mIrO3WfRwuremk2aHlglY1d39WoboeXb8E2fA-ECgMhR-DJKNBG8mg==
these-were-the-most-popular-games-on-twitch-in-2020.jpg
cdn-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/ 		168 KB
169 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/these-were-the-most-popular-games-on-twitch-in-2020.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:c400:12:b1b7:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0e4df2c57f22311384b1c79a1e882fb4c20809817d555456ca31a96c7591037f

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified
Fri, 27 Aug 2021 22:55:21 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"29070893cf93d7a2214ad9338fe040c3"
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=31557600
x-cache
Miss from cloudfront
content-length
172028
x-amz-cf-id
o8Q50_KOn_hKEXmcH2rrRNkdh0yhas_-W7OzotlBjt7eOrFdD8Wqzw==
0.jpg
img.youtube.com/vi/DyhFqURfrD4/ 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.youtube.com/vi/DyhFqURfrD4/0.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
97e042e763cc2cf729d788a418763a5b8e64ff4dcfb19f204f95266cca6cb596
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:52:17 GMT
x-content-type-options
nosniff
age
228
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38757
x-xss-protection
0
server
sffe
etag
"1636112422"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=300
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Mon, 08 Nov 2021 09:57:17 GMT
0.jpg
img.youtube.com/vi/rq1s-F9y3rA/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.youtube.com/vi/rq1s-F9y3rA/0.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
53fd83eaca8a5b5d851df8710ee239da10fa09d446e6fa2f4a014bf66a9c8140
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 08:50:28 GMT
x-content-type-options
nosniff
age
3937
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32940
x-xss-protection
0
server
sffe
etag
"1636045189"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Mon, 08 Nov 2021 10:50:28 GMT
0.jpg
img.youtube.com/vi/w1Qft5E94wM/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.youtube.com/vi/w1Qft5E94wM/0.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a4eab981ff34f8cb5ee9a7d114ebe5f28f4e3a390d81276801de1fd4710d3105
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:38:02 GMT
x-content-type-options
nosniff
age
1083
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33005
x-xss-protection
0
server
sffe
etag
"1635854695"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Mon, 08 Nov 2021 11:38:02 GMT
0.jpg
img.youtube.com/vi/AMExtK7lPWI/ 		44 KB
44 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.youtube.com/vi/AMExtK7lPWI/0.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fbff3ed0ba29af09e05a3080ffbec67eb6e20ac062535baaef3f660b9557e3f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:36:29 GMT
x-content-type-options
nosniff
age
1176
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45113
x-xss-protection
0
server
sffe
etag
"1636016602"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Mon, 08 Nov 2021 11:36:29 GMT
0.jpg
img.youtube.com/vi/sN2NOuyxUnw/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.youtube.com/vi/sN2NOuyxUnw/0.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
026b86883e9a229fa0788ba6fb68e51d8dea063a746234c0c0d1c258874c30b0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:01:02 GMT
x-content-type-options
nosniff
age
3303
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37404
x-xss-protection
0
server
sffe
etag
"1635758809"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Mon, 08 Nov 2021 11:01:02 GMT
0.jpg
img.youtube.com/vi/m0gnmm3WLRw/ 		43 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.youtube.com/vi/m0gnmm3WLRw/0.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4a7300bc3d6addbe32fe20ccf8888f19ff2a7e11220552d68579b97c4d0eea8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:47:29 GMT
x-content-type-options
nosniff
age
516
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43942
x-xss-protection
0
server
sffe
etag
"1635183273"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Mon, 08 Nov 2021 11:47:29 GMT
0.jpg
img.youtube.com/vi/bcJmnEnaMvo/ 		35 KB
35 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.youtube.com/vi/bcJmnEnaMvo/0.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
afa7154724b0a7ce743bf2b11250f9af787a3aeb2b12a6391de669cd06bb5285
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:34:14 GMT
x-content-type-options
nosniff
age
1311
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35764
x-xss-protection
0
server
sffe
etag
"1635169834"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Mon, 08 Nov 2021 11:34:14 GMT
0.jpg
img.youtube.com/vi/o_GSpRqP6zg/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.youtube.com/vi/o_GSpRqP6zg/0.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2d27694d44fa22602efcc92caf61eff0b9c2bc85455e964f78a092040c1a9592
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:43:28 GMT
x-content-type-options
nosniff
age
757
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34857
x-xss-protection
0
server
sffe
etag
"1635505364"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Mon, 08 Nov 2021 11:43:28 GMT
0.jpg
img.youtube.com/vi/Wyhbd9fYJPQ/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.youtube.com/vi/Wyhbd9fYJPQ/0.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
98385317c6bdcf8c203beeda9c8e4e8dc2622e7d6405a11b2639e5a7a84c1452
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:47:29 GMT
x-content-type-options
nosniff
age
516
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37652
x-xss-protection
0
server
sffe
etag
"1635438357"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Mon, 08 Nov 2021 11:47:29 GMT
0.jpg
img.youtube.com/vi/VdziGu5GgVE/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://img.youtube.com/vi/VdziGu5GgVE/0.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8dddea515a7535c5f8382cd21e6a362464f3932f4445663f420c1ef0158b0238
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:34:14 GMT
x-content-type-options
nosniff
age
1311
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30799
x-xss-protection
0
server
sffe
etag
"1635348337"
vary
Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
image/jpeg
cache-control
public, max-age=7200
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Mon, 08 Nov 2021 11:34:14 GMT
iab_consent_sdk.v1.0.js
live.primis.tech/content/ClientDetections/ Frame C8B1 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/content/ClientDetections/iab_consent_sdk.v1.0.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=104669&vp_content=plembed2011ghzmiptq&cbuster=1636365365&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
last-modified
Wed, 12 Feb 2020 15:01:36 GMT
server
nginx
etag
W/"5e441350-4be0"
content-type
application/javascript
cache-control
max-age=31536000, public
expires
Tue, 08 Nov 2022 09:56:05 GMT
DetectGDPR2.v1.1.js
live.primis.tech/content/ClientDetections/ Frame C8B1 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/content/ClientDetections/DetectGDPR2.v1.1.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=104669&vp_content=plembed2011ghzmiptq&cbuster=1636365365&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
154212eb976f7df7c79f5844fcb356740bcb6c51edacb2e8515108e2d7effa67

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
last-modified
Thu, 11 Feb 2021 09:45:48 GMT
server
nginx
etag
W/"6024fccc-228f"
content-type
application/javascript
cache-control
max-age=31536000, public
expires
Tue, 08 Nov 2022 09:56:05 GMT
DetectGDPR.v1.1.js
live.primis.tech/content/ClientDetections/ Frame C8B1 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/content/ClientDetections/DetectGDPR.v1.1.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=104669&vp_content=plembed2011ghzmiptq&cbuster=1636365365&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
5bb08412d18881e3fc69fdb44226bfc6f66a77d45dfff3f10b98a100c09bc970

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
last-modified
Thu, 11 Feb 2021 09:45:48 GMT
server
nginx
etag
W/"6024fccc-1ef8"
content-type
application/javascript
cache-control
max-age=31536000, public
expires
Tue, 08 Nov 2022 09:56:05 GMT
hls.0.12.4_2.min.js
live.primis.tech/content/video/hls/ Frame C8B1 		256 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=104669&vp_content=plembed2011ghzmiptq&cbuster=1636365365&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
13ab06913444b6e3b4139e5487813073f11e082878ae8a5bf5213fdc6f95f5e0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:04 GMT
content-encoding
gzip
last-modified
Thu, 13 Aug 2020 08:36:05 GMT
server
nginx
etag
W/"5f34fb75-3ff27"
content-type
application/javascript
cache-control
max-age=31536000, public
expires
Tue, 08 Nov 2022 09:56:04 GMT
prebidVid.5.18.0_2.min.js
live.primis.tech/content/prebid/ Frame C8B1 		482 KB
175 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=104669&vp_content=plembed2011ghzmiptq&cbuster=1636365365&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
f436d7ccb58e150e6cabdc18fed5a45fe1d7835adc4a9e15399f84cdb9e41430

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
last-modified
Tue, 02 Nov 2021 09:24:05 GMT
server
nginx
etag
W/"618103b5-78922"
content-type
application/javascript
cache-control
max-age=31536000, public
expires
Tue, 08 Nov 2022 09:56:05 GMT
liveVideo.php
live.primis.tech/live/ Frame C8B1 		611 KB
172 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D31312D30385F31317D7B7331343830393231367D7B433136347D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=95.174.64.203&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6188f435634f6&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011ghzmiptq&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=45.4722&geoLong=9.1922&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=104669&vp_content=plembed2011ghzmiptq&cbuster=1636365365&pubUrlAuto=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
21f1b794b9ebdb7b238c6e280a775d581605595e542a4c94bf1881d2879279e9

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
server
nginx
content-type
text/html; charset=UTF-8
www-widgetapi.js
www.youtube.com/s/player/8eb5bf0c/www-widgetapi.vflset/ 		143 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/s/player/8eb5bf0c/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9b64f85d8068989c158ba9a881e4b5f4971eb769a6ec9ae697f5a0728ba294fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 08:56:58 GMT
content-encoding
br
x-content-type-options
nosniff
age
3547
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47334
x-xss-protection
0
last-modified
Wed, 03 Nov 2021 00:18:20 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Tue, 08 Nov 2022 08:56:58 GMT
GVL
gvl.ezodn.com/gvlcache/ 		293 KB
39 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://gvl.ezodn.com/gvlcache/GVL?gvlSpecificationVersion=2&language=en&vb=114&cmpv=55
Requested by
Host: g.ezodn.com
URL: https://g.ezodn.com/cmp/v2/cmp.js?v=49
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:496e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c10ad7ad72209b5d2ccd624383a0d28ae20b75ff07343c36989e4fd9c767fd1c

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
gvlcache-hit
true
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g0vRXq2mpF95cjXZmxMl%2Bet2C1D1xhrZ7yY7crj7CH%2FjLtNGr6hUBaOFEunXHeW0T8DBHLNSOdGx%2FilVQasOLGm5fEegtVlMf%2BmhUtW2k466wy1Gb4O%2FC750XMb2Un%2F4k142mzqBJVuObK0l"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=604800, public
cf-ray
6aadedef7b940f52-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
admin-ajax.php
win.gg/wp-admin/ 		22 B
438 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-admin/admin-ajax.php?action=ai_ajax&ip-data=ip-address-country-city&ai_check=47f7d417e1&ver=1636365365593-19533
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f1eec9308aa07093c74acf7f47b64d93a4890b49d6e7b042096470c45b6fdb0c
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Accept
*/*
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
X-Requested-With
XMLHttpRequest
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
x-content-type-options
nosniff
age
0
x-ezoic-cdn
Bypass
x-cache
MISS, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
0, 0
x-middleton-response
200
content-length
26
x-served-by
cache-ams12774-AMS, cache-hhn4082-HHN
referrer-policy
strict-origin-when-cross-origin
pagespeed
off
response
200
server
nginx
x-timer
S1636365366.676793,VS0,VE141
x-frame-options
SAMEORIGIN
x-origin-cache-control
no-cache, must-revalidate, max-age=0
vary
Accept-Encoding, Accept-Encoding,Cookie,Origin
strict-transport-security
max-age=300
content-type
text/html; charset=UTF-8
via
1.1 varnish, 1.1 varnish
expires
Wed, 11 Jan 1984 05:00:00 GMT
cache-control
no-cache, must-revalidate, max-age=0
x-robots-tag
noindex
x-styx-req-id
16f2dc03-407a-11ec-b367-326ab8d9aa62
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-5c5fdf9c46-sxnb8
analytics.js
www.google-analytics.com/ 		48 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-598L2T6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 26 Oct 2021 23:24:02 GMT
server
Golfe2
age
6899
date
Mon, 08 Nov 2021 08:01:06 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19747
expires
Mon, 08 Nov 2021 10:01:06 GMT
js
www.googletagmanager.com/gtag/ 		160 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-916JLHZYLF&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-598L2T6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
05bdc489509bd02988ef2b2c0010840d7accc9bcd39c4090392a7270180858cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60846
x-xss-protection
0
expires
Mon, 08 Nov 2021 09:56:05 GMT
Bootstrap.js
nexus.ensighten.com/choozle/15154/ 		28 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/choozle/15154/Bootstrap.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-598L2T6
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
2fb07bc2036b6b6338b8632cdb49566bb1a3fdaa471b628345de4459692362c8

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 19:30:44 GMT
server
nginx
etag
W/"61390f64-7013"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=300
oribi.js
cdn.oribi.io/Xy0xODg1MDA0Nzk1/ 		108 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.oribi.io/Xy0xODg1MDA0Nzk1/oribi.js
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:6600:13:c079:7880:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
de8bcb64a320b1a2b1e4788b6aaaf8e4ac888a7eb62a66c5e214cc43ce0bb777

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 5317564e96c9dceb46123f6c5f149a03.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript;charset=UTF-8
cache-control
public, max-age=60
content-encoding
gzip
x-amz-cf-id
aRXCmZUo9cAh4b4zQAnkB4v0jkc7mXuwU3GZOmIAwyKoPgDPM08Dhw==
x-application-context
application
primisslate.css
live.primis.tech/content/video/css/ 		17 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/content/video/css/primisslate.css
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D31312D30385F31317D7B7331343830393231367D7B433136347D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=95.174.64.203&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6188f435634f6&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011ghzmiptq&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=45.4722&geoLong=9.1922&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
4f7cd55655bafca4db9b67255125ed52cd91d21b1727e9f28f71219aa1341de5

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
last-modified
Tue, 18 Aug 2020 10:07:25 GMT
server
nginx
etag
W/"5f3ba85d-45c8"
content-type
text/css
apstag.js
c.amazon-adsystem.com/aax2/ Frame C8B1 		133 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D31312D30385F31317D7B7331343830393231367D7B433136347D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=95.174.64.203&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6188f435634f6&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011ghzmiptq&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=45.4722&geoLong=9.1922&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
Server /
Resource Hash
973fe12f5130be123a73261e3956030b8a1c380f8cd8234e319b51bda6892898

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
okBBdl4mniljyIhAB_yWlERThSsUPvbQ
content-encoding
gzip
etag
fc2e1be4d234471752ea2ebee7e63d1e
age
875
x-cache
Hit from cloudfront
server
Server
x-amz-rid
1XXBTNNM50ARV51Q23SF
date
Mon, 08 Nov 2021 09:42:23 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 f7b7cf90592cf6a380fd34cc45e9c4b5.cloudfront.net (CloudFront)
cache-control
public, max-age=900
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
timing-allow-origin
*
x-amz-cf-id
yPwc8QuGhOPCrMkIsjBRUOTsa7ezGkVn_jPh1n2cMyLSinqmtLWATQ==
css
fonts.googleapis.com/ Frame 3C9F 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8c4967c13572e41e718dfbb3d84dddeacc748aa14cb2d65ad91ecdde60f50664
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 08:55:31 GMT
server
ESF
date
Mon, 08 Nov 2021 09:56:05 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Mon, 08 Nov 2021 09:56:05 GMT
css
fonts.googleapis.com/ 		2 KB
623 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D31312D30385F31317D7B7331343830393231367D7B433136347D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=95.174.64.203&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6188f435634f6&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011ghzmiptq&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=45.4722&geoLong=9.1922&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8c4967c13572e41e718dfbb3d84dddeacc748aa14cb2d65ad91ecdde60f50664
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 08:55:07 GMT
server
ESF
date
Mon, 08 Nov 2021 09:56:05 GMT
x-frame-options
SAMEORIGIN
report-to
{"group":"AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"}]}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cross-origin-opener-policy-report-only
same-origin; report-to="AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk"
expires
Mon, 08 Nov 2021 09:56:05 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame FF6B 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D31312D30385F31317D7B7331343830393231367D7B433136347D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=95.174.64.203&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6188f435634f6&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011ghzmiptq&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=45.4722&geoLong=9.1922&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=157521
expires
Wed, 10 Nov 2021 05:41:26 GMT
date
Mon, 08 Nov 2021 09:56:05 GMT
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame DD3C
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=primis&endpoint=us-east
  • https://eus.rubiconproject.com/usync.html?p=primis&endpoint=us-east
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?p=primis&endpoint=us-east
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D31312D30385F31317D7B7331343830393231367D7B433136347D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=95.174.64.203&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6188f435634f6&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011ghzmiptq&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=45.4722&geoLong=9.1922&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.117.200.100 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-200-100.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40019-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 08 Nov 2021 09:56:05 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?p=primis&endpoint=us-east
Date
Mon, 08 Nov 2021 09:56:05 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
liveCS.php
live.primis.tech/live/ Frame D26D
Redirect Chain
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D94%26advUuid%3D%24...
  • https://sync.search.spotxchange.com/partner?adv_id=8805&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D94%26advUuid%3D%24...
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=94&advUuid=171962b6-407a-11ec-b79a-16ae82d30406
0
223 B 		Document
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=94&advUuid=171962b6-407a-11ec-b79a-16ae82d30406
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D31312D30385F31317D7B7331343830393231367D7B433136347D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=95.174.64.203&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6188f435634f6&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011ghzmiptq&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=45.4722&geoLong=9.1922&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/

Response headers

server
nginx
date
Mon, 08 Nov 2021 09:56:05 GMT
content-type
text/html; charset=utf-8
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
pragma
no-cache
age
0
content-encoding
gzip

Redirect headers

Server
nginx
Date
Mon, 08 Nov 2021 09:56:05 GMT
Content-Type
text/plain
Content-Length
0
Connection
keep-alive
Location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=94&advUuid=171962b6-407a-11ec-b79a-16ae82d30406
X-fe
22
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
liveCS.php
live.primis.tech/live/ Frame AB5B
Redirect Chain
  • https://u.openx.net/w/1.0/cm?id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D98%26advU...
  • https://u.openx.net/w/1.0/cm?cc=1&id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D98%2...
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=98&advUuid=a7e77e59-da8f-4c08-8356-d2c399ad902d
0
223 B 		Document
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=98&advUuid=a7e77e59-da8f-4c08-8356-d2c399ad902d
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D31312D30385F31317D7B7331343830393231367D7B433136347D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=95.174.64.203&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6188f435634f6&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011ghzmiptq&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=45.4722&geoLong=9.1922&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/

Response headers

server
nginx
date
Mon, 08 Nov 2021 09:56:05 GMT
content-type
text/html; charset=utf-8
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
pragma
no-cache
age
0
content-encoding
gzip

Redirect headers

vary
Accept, Accept-Encoding
server
OXGW/16.218.0
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=98&advUuid=a7e77e59-da8f-4c08-8356-d2c399ad902d
date
Mon, 08 Nov 2021 09:56:05 GMT
content-type
text/html
content-length
0
content-encoding
gzip
via
1.1 google
alt-svc
clear
sync.html
s.console.adtarget.com.tr/ Frame CA95 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://s.console.adtarget.com.tr/sync.html?aid=556966
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D31312D30385F31317D7B7331343830393231367D7B433136347D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=95.174.64.203&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6188f435634f6&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011ghzmiptq&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=45.4722&geoLong=9.1922&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2a0c:5c81:5095:0:225:90ff:fefa:245d London, United Kingdom, ASN55081 (24SHELLS, US),
Reverse DNS
Software
VertaMedia 1.0 /
Resource Hash
43b348d194f4e2c50da38d2a5e596635df86baee4de5839d73d19aa6285dbd4f

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/

Response headers

Server
VertaMedia 1.0
Date
Mon, 08 Nov 2021 09:56:05 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
853
Access-Control-Allow-Origin
https://win.gg
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Content-Encoding
gzip
liveView.php
live.primis.tech/live/ Frame C8B1 		63 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTxyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwx5MDxyMxZ2nWRyo181ZwZuZwAjMWFuZTFvMwY0MmUlMDQ1JTJGqzyxNwE4ODM3NTNyNmyyZTA4MTQlMTY3Ml5gpDQzqzyxX2NioaRyoaRsnWQ9MTxmNmx1OSZ2nWRsY29hqGVhqF9xZXNwPUFaZW50KmE3K0NbYW1vZXIzqzyxX2NioaRyoaRsqGy0oGU9QWqyoaQeMTpeQ2uuoWJypvZ2nWRsY29hqGVhqF9xqXJuqGyiow05NSZxZWJ1Z0yhZz9loWF0nW9hPSZ4PTY0NCZ5PTM2MvZjqWJVpzj9nHR0pHMyM0EyMxYyMxZ3nW4hZ2pyMxZhZXqmJTJGnGFmLWNipaBmZS1bqXNvYW5xLWV2ZXIgp2uiq24gnGymLWZuY2UgpXVyp3Rco24goWFlnl13ZS1coaZyp3RcZ2F0ZSUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMkMxQmMTMkMxQmMDM4NUYmMTMkN0Q3QwpmMmEmNDM4MmAmOTMlMmEmNwqEN0I0MmMkMmYmNDqEN0I1MmY0MmI2Qmp1NEM2RDY0NxU3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmpmNTMjN0Q3QwU5MmQmMwM0N0Q3QwY2MmE3RDqCNEMmODM1MmUmNwqERxVGRSZcp0FjpD0jJzqyo0kuqGx9NDUhNDplMvZaZW9Mo25aPTxhMTxlMvZ1p2VlSXBBZGRlPTx1LwE3NC42NC4lMDMzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwt5LwAhNDM4OS43MvgTYWZupzxyMxY1MmphMmYzpGkurWVlQXBcSWQ9JzNmqXVcZD02MTt4ZwQmNTYmNGY2JzNvqXN0ZXI9MTYmNwM2NTM2NTp0MlZaZHBlPTEzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0j
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D31312D30385F31317D7B7331343830393231367D7B433136347D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=95.174.64.203&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6188f435634f6&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011ghzmiptq&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=45.4722&geoLong=9.1922&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
2af77703de4d55fb43b5128428d9e3e7570b5732dac454ca0597ded15af9a2d4

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://win.gg
cache-control
no-store
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
7403
liveView.php
live.primis.tech/live/ Frame C8B1 		63 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTxyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwx5MDxyMxZ2nWRyo181ZwZuZwAjMWFuZTFvMwY0MmUlMDQ1JTJGqzyxNwE4ODM3NTNyNmyyZTA4MTQlMTY3Ml5gpDQzqzyxX2NioaRyoaRsnWQ9MTxmNmx1OSZ2nWRsY29hqGVhqF9xZXNwPUFaZW50KmE3K0NbYW1vZXIzqzyxX2NioaRyoaRsqGy0oGU9QWqyoaQeMTpeQ2uuoWJypvZ2nWRsY29hqGVhqF9xqXJuqGyiow05NSZxZWJ1Z0yhZz9loWF0nW9hPSZ4PTQjMCZ5PTIlNSZjqWJVpzj9nHR0pHMyM0EyMxYyMxZ3nW4hZ2pyMxZhZXqmJTJGnGFmLWNipaBmZS1bqXNvYW5xLWV2ZXIgp2uiq24gnGymLWZuY2UgpXVyp3Rco24goWFlnl13ZS1coaZyp3RcZ2F0ZSUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMkMxQmMTMkMxQmMDM4NUYmMTMkN0Q3QwpmMmEmNDM4MmAmOTMlMmEmNwqEN0I0MmMkMmYmNDqEN0I1MmY0MmI2Qmp1NEM2RDY0NxU3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmpmNTMjN0Q3QwU5MmQmMwM0N0Q3QwY2MmE3RDqCNEMmODM1MmUmNwqERxVGRSZcp0FjpD0jJzqyo0kuqGx9NDUhNDplMvZaZW9Mo25aPTxhMTxlMvZ1p2VlSXBBZGRlPTx1LwE3NC42NC4lMDMzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwt5LwAhNDM4OS43MvgTYWZupzxyMxY1MmphMmYzpGkurWVlQXBcSWQ9JzNmqXVcZD02MTt4ZwQmNTYmNGY2JzNvqXN0ZXI9MTYmNwM2NTM2NTp0NCZaZHBlPTEzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0j
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D31312D30385F31317D7B7331343830393231367D7B433136347D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=95.174.64.203&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6188f435634f6&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011ghzmiptq&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=45.4722&geoLong=9.1922&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
fc28539981fe33c095b8977e288022fe1dc283a58c4475796401f6d8bd15bf32

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://win.gg
cache-control
no-store
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
7407
liveView.php
live.primis.tech/live/ Frame C8B1 		10 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMTxyMxZ2nWRyolUlRaVmZXJmJTJGY29hqzVlqGVxJTJGMwx5MDxyMxZ2nWRyo181ZwZuZwAjMWFuZTFvMwY0MmUlMDQ1JTJGqzyxNwE4ODM3NTNyNmyyZTA4MTQlMTY3Ml5gpDQzqzyxX2NioaRyoaRsnWQ9MTxmNmx1OSZ2nWRsY29hqGVhqF9xZXNwPUFaZW50KmE3K0NbYW1vZXIzqzyxX2NioaRyoaRsqGy0oGU9QWqyoaQeMTpeQ2uuoWJypvZ2nWRsY29hqGVhqF9xqXJuqGyiow05NSZxZWJ1Z0yhZz9loWF0nW9hPSZ4PTY0NCZ5PTM2MvZjqWJVpzj9nHR0pHMyM0EyMxYyMxZ3nW4hZ2pyMxZhZXqmJTJGnGFmLWNipaBmZS1bqXNvYW5xLWV2ZXIgp2uiq24gnGymLWZuY2UgpXVyp3Rco24goWFlnl13ZS1coaZyp3RcZ2F0ZSUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMkMxQmMTMkMxQmMDM4NUYmMTMkN0Q3QwpmMmEmNDM4MmAmOTMlMmEmNwqEN0I0MmMkMmYmNDqEN0I1MmY0MmI2Qmp1NEM2RDY0NxU3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmpmNTMjN0Q3QwU5MmQmMwM0N0Q3QwY2MmE3RDqCNEMmODM1MmUmNwqERxVGRSZcp0FjpD0jJzqyo0kuqGx9NDUhNDplMvZaZW9Mo25aPTxhMTxlMvZ1p2VlSXBBZGRlPTx1LwE3NC42NC4lMDMzqXNypyVBPU1irzyfoGEyMxY1LwAeJTI4V2yhZG93plgOVCfkMC4jJTNCK1qcowY0JTNCK3t2NCUlOSgBpHBfZVqyYxgcqCUlRwUmNl4mNvfyMwuLSFRNTCUlQlgfnWgyK0qyY2giJTI5K0Nbpz9gZSUlRwt5LwAhNDM4OS43MvgTYWZupzxyMxY1MmphMmYzpGkurWVlQXBcSWQ9JzNmqXVcZD02MTt4ZwQmNTYmNGY2JzNvqXN0ZXI9MTYmNwM2NTM2NTp0OSZaZHBlPTEzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0j
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D31312D30385F31317D7B7331343830393231367D7B433136347D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=95.174.64.203&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6188f435634f6&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011ghzmiptq&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=45.4722&geoLong=9.1922&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
9fbd875b574af5dc5a7d8d885c52c88c14c477ee8f8b2a2f4b91949d27aee01c

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://win.gg
cache-control
no-store
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
3298
chunklist_480.m3u8
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/ 		641 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/chunklist_480.m3u8
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
Tengine /
Resource Hash
175c1838f8a29dc3943d08fc552c13a38d0dfcfa1809456f9f60a146c195399c

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 eeb37cc1f9365f500f5ca2cdb3697a98.cloudfront.net (CloudFront)
x-amz-cf-pop
OTP50-C1
content-length
641
last-modified
Sun, 07 Nov 2021 20:32:57 GMT
server
Tengine
etag
"65314d64da5e3c8ebd5c0fd36d973b6a"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
application/vnd.apple.mpegurl
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
22yJWCl80G7j65Mo3-CngN1BQ1FcrFNJ8T3zZ8pcT8Pj3cJqd2sb6w==
expires
Mon, 22 Nov 2021 09:56:05 GMT
vid61883753e79ee081421673_thumb.jpg
video.primis.tech/uploads/cn19/video/users/converted/29909/video_5f6af001aae1b264352045/ Frame 3C9F 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.primis.tech/uploads/cn19/video/users/converted/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673_thumb.jpg?cbuster=1636317329
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
Tengine /
Resource Hash
c9ba955bb5e749f1ffdf4d60245b2625b8c5bc2b71fbbf538335faeec3621fa9

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 b43c04a791e8dcb8ddb6bb0847fcf95a.cloudfront.net (CloudFront)
last-modified
Sun, 07 Nov 2021 20:35:30 GMT
server
Tengine
x-amz-cf-pop
FRA60-P3
etag
"94c128abe9498b45fc26c72d43336fa3"
content-type
image/jpeg
access-control-allow-origin
*
expires
Mon, 22 Nov 2021 09:56:05 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
4700
x-amz-cf-id
mdWyKqySzAVd1fXyJVGtlaz8x8Vk10EcnkwRvey9ZUxh--JUf2fGlg==
x-proxy-cache
HIT
vid6186f0120342d875476376_thumb.jpg
video.primis.tech/uploads/cn18/video/users/converted/29909/video_5f6af001aae1b264352045/ Frame 3C9F 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.primis.tech/uploads/cn18/video/users/converted/29909/video_5f6af001aae1b264352045/vid6186f0120342d875476376_thumb.jpg?cbuster=1636236770
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
Tengine /
Resource Hash
3b176aaa639598399777a9038810cc766df54fcba4e602fb826ce3335d4cf75b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 c8d2dd017ae345697950b9af4e41ff18.cloudfront.net (CloudFront)
last-modified
Sat, 06 Nov 2021 22:12:51 GMT
server
Tengine
x-amz-cf-pop
OTP50-C1
etag
"662dd4729a6eb4dc69937137f41c1078"
content-type
image/jpeg
access-control-allow-origin
*
expires
Mon, 22 Nov 2021 09:56:05 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
3467
x-amz-cf-id
jmIEBNy-pXR2HGDKEZHL-IbL9Ft0TvpWv8PIlCtVYm4jvqepZJHzww==
x-proxy-cache
HIT
vid61858d0e5c3ba993858745_thumb.jpg
video.primis.tech/uploads/cn17/video/users/converted/29909/video_5f6af001aae1b264352045/ Frame 3C9F 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.primis.tech/uploads/cn17/video/users/converted/29909/video_5f6af001aae1b264352045/vid61858d0e5c3ba993858745_thumb.jpg?cbuster=1636143918
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
Tengine /
Resource Hash
bdb330c6f9f1437527c93b73cdcf04d786b8d802f4d40a4e321a681a0132580c

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 557d225d7fe3f75093bf3aa13b485922.cloudfront.net (CloudFront)
last-modified
Fri, 05 Nov 2021 20:25:19 GMT
server
Tengine
x-amz-cf-pop
OTP50-C1
etag
"734a1f05013c51476d67380bce1ac8c1"
content-type
image/jpeg
access-control-allow-origin
*
expires
Mon, 22 Nov 2021 09:56:05 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
5524
x-amz-cf-id
F1fjzK3NH9_AWhlT6F7N83PAQVAbn7ErvVTchMohuUCoBc2iQbhiFQ==
x-proxy-cache
HIT
vid61842fc5dc6b3810095258_thumb.jpg
video.primis.tech/uploads/cn16/video/users/converted/29909/video_5f6af001aae1b264352045/ Frame 3C9F 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.primis.tech/uploads/cn16/video/users/converted/29909/video_5f6af001aae1b264352045/vid61842fc5dc6b3810095258_thumb.jpg?cbuster=1636058489
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
Tengine /
Resource Hash
ba87da3ae2bef11156e0ca6440a0212bba1e6eeb051197095ad32c8be1fa061a

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 d821b8789930abef3b648d54ffad08de.cloudfront.net (CloudFront)
last-modified
Thu, 04 Nov 2021 20:41:30 GMT
server
Tengine
x-amz-cf-pop
OTP50-C1
etag
"74393312bd4d9cb86de31f416c1b340f"
content-type
image/jpeg
access-control-allow-origin
*
expires
Mon, 22 Nov 2021 09:56:05 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
5287
x-amz-cf-id
Kkht3OtqFEHnsEEwaLSSutbl7410Q7NYQG7kAUl0XGXNtL-G5WZiXw==
x-proxy-cache
HIT
vid6182cd3b03a0d264832385_thumb.jpg
video.primis.tech/uploads/cn15/video/users/converted/29909/video_5f6af001aae1b264352045/ Frame 3C9F 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.primis.tech/uploads/cn15/video/users/converted/29909/video_5f6af001aae1b264352045/vid6182cd3b03a0d264832385_thumb.jpg?cbuster=1636017567
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
Tengine /
Resource Hash
522b7e3ff459e82d26f3daa82b3f8c8ea0df6d4ff12c981e4dddeaf9c8a25421

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 ab21b6436bc1d51d57b228ad39b1fa54.cloudfront.net (CloudFront)
last-modified
Thu, 04 Nov 2021 09:19:28 GMT
server
Tengine
x-amz-cf-pop
FRA60-P3
etag
"76c63964b3e2a21cbaef1afaac426352"
content-type
image/jpeg
access-control-allow-origin
*
expires
Mon, 22 Nov 2021 09:56:05 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
4191
x-amz-cf-id
djkdsR8YHs_d7eKwKifybjbeJ0HVnbC-WS710bKTxyhEge4ShzpDOQ==
x-proxy-cache
HIT
liveView.php
live.primis.tech/live/ 		0
226 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTUjJaNypaZypyRcoWU9MTYmNwM2NTM2NSZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA0NwY5JaN0YT0jJat9NmUjJax9NDI0JaZcZF9jYXNmRG9gYWyhPXqcov5aZlZmqWJJZD13nW4hZ2pzZGVvqWqJozZipz1uqGyiow0znXNBpHA9MCZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwMkMxQmMTMkMxQmMDM4NUYmMTMkN0Q3QwpmMmEmNDM4MmAmOTMlMmEmNwqEN0I0MmMkMmYmNDqEN0I1MmY0MmI2Qmp1NEM2RDY0NxU3RDqCNwI2MmY4NmI2RwZENwU3RDqCNmE2NDY1NmM2Qwp0NxY3MDqEN0I2Rwp3Nwx2RTY0NxY3NmpmN0Q3QwU4MmpmNTMjN0Q3QwU5MmQmMwM0N0Q3QwY2MmE3RDqCNEMmODM1MmUmNwqERxVGRSZxnWFcZD0zqXNypxyjQWRxpw05NS4kNmQhNwQhMwAmJaVmZXJVQT1No3ccoGkuJTJGNS4jJTIjJTI4V2yhZG93plUlME5UJTIjMTAhMCUmQvUlMFqcowY0JTNCJTIjrDY0JTI5JTIjQXBjoGVXZWJLnXQyMxY1MmphMmYyMwAyMwuLSFRNTCUlQlUlMGkcn2UyMwBHZWNeolUlOSUlMENbpz9gZSUlRwt5LwAhNDM4OS43MvUlMFNuZzFlnSUlRwUmNl4mNvZwp3V1nWQ9NwE4OGY0MmU2MmRzNvZwo250ZW50RzyfZUyxPTAzoWVxnWFQoGF5TGymqEyxPTAzoWVxnWFMnXN0SWQ9MCZaZHBlPTEzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0jJzNwpGE9MCZwY3BuQ29hp2VhqD0zY2J1p3Rypw0kNwM2MmY1MmY1NmM0JaVcZD1TZWgcozRiU1BfYXyypwYkODuzNDM1ODqwOWEzpHVvVXJfPWu0qHBmJTNBJTJGJTJGq2yhLzqaJTJGozV3plUlRzuupl1wo3Jjp2UgnHVmYzFhZC1yqzVlLXNbo3qhLWucpl1zYWNyLXF1ZXN0nW9hLW1upzfgq2UgnW52ZXN0nWquqGUyMxYzZzkiYXRTqGF0qXM9ZzFfp2UzZWyxp3A9pHJyYzyx
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
content-type
text/html; charset=UTF-8
sync
x.bidswitch.net/ Frame C8B1 		43 B
220 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/sync?ssp=sekindo&user_id=6188f435634f6&custom_data=6188f435634f6;live.primis.tech&gdpr=1&gdpr_consent=
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.126.38.41 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-38-41.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 09:56:06 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif
liveCS.php
live.primis.tech/live/ Frame C8B1
Redirect Chain
  • https://csync.loopme.me/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D93%26advUuid%3D%7Bdevice_id%7D
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=93&advUuid=efc222b9-26e4-45d9-9860-a143fa37979e
0
223 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=93&advUuid=efc222b9-26e4-45d9-9860-a143fa37979e
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
content-type
text/html; charset=utf-8

Redirect headers

location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=93&advUuid=efc222b9-26e4-45d9-9860-a143fa37979e
date
Mon, 08 Nov 2021 09:56:06 GMT
server
_
content-length
0
liveCS.php
live.primis.tech/live/ Frame C8B1
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=192962&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D99%26advUuid%3D
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D99%26advUuid%3D&s=192962&C=1
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=99&advUuid=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB
0
223 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=99&advUuid=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:06 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
content-type
text/html; charset=utf-8

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:06 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=99&advUuid=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
334
Expires
Mon, 08 Nov 2021 09:56:06 GMT
liveCS.php
live.primis.tech/live/ Frame C8B1
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D105%26advUuid%3D%24UID
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Flive.primis.tech%252Flive%252FliveCS.php%253Fsource%253Dexternal%2526csuuid%253D6188f435634f6%2526pixel%253D%2526advId%253D105%2526ad...
  • https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=105&advUuid=845234657020092272
0
223 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=105&advUuid=845234657020092272
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
cache-control
no-store
content-type
text/html; charset=utf-8

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:06 GMT
X-Proxy-Origin
95.174.64.203; 95.174.64.203; 730.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
d75d172f-a942-49ed-88b5-eb1c1a143005
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://live.primis.tech/live/liveCS.php?source=external&csuuid=6188f435634f6&pixel=&advId=105&advUuid=845234657020092272
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
vid61883753e79ee081421673.jpg
video.primis.tech/uploads/cn19/video/users/converted/29909/video_5f6af001aae1b264352045/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://video.primis.tech/uploads/cn19/video/users/converted/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.jpg?cbuster=1636317329
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
Tengine /
Resource Hash
968fbcdac55faf8697d9c4ceec7040836f549f345701d44194bc45cd7971ae8a

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 43228f633da333c6de62c0c5b2122cf0.cloudfront.net (CloudFront)
last-modified
Sun, 07 Nov 2021 20:35:29 GMT
server
Tengine
x-amz-cf-pop
OTP50-C1
etag
"8429fcbb86b5c230de91b95afac36bf1"
content-type
image/jpeg
access-control-allow-origin
*
expires
Mon, 22 Nov 2021 09:56:05 GMT
cache-control
max-age=1209600
accept-ranges
bytes
content-length
37899
x-amz-cf-id
CNqaZdXQTKL16puPFIZr-GlxiWVviuaUqy6FPm_2ws2HzmJMw9uZdA==
x-proxy-cache
HIT
app.js
win.gg/wp-content/themes/win/js/ 		2 KB
686 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://win.gg/wp-content/themes/win/js/app.js?ver=1.0.4
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.159.80.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-159-80-129.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
935b2f1cdbf1af0439e86ecbd0ca09a2b3a91807ae651cf3f840f9237a45a667
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
X-Requested-With
XMLHttpRequest
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
br
etag
W/"6181d842-718-gzip"
age
3141
x-ezoic-cdn
Hit ds;mm;bb0c8de94a1d9c208ce349ffedb8e213;2-255604-79;1054988a-937c-485b-7755-35ca669b99ef
x-cache
HIT, MISS
x-middleton-display
staticcontent_sol, staticcontent_sol
x-cache-hits
1, 0
x-middleton-response
200
vary
Accept-Encoding, Accept-Encoding,User-Agent,Origin
content-length
411
x-served-by
cache-ams12720-AMS, cache-fra19182-FRA
response
200
last-modified
Wed, 03 Nov 2021 00:30:58 GMT
server
nginx
x-timer
S1635902801.230836,VS0,VE9
x-origin-cache-control
max-age=31622400
strict-transport-security
max-age=300
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=2592000
x-styx-req-id
c8ae7e97-3c3d-11ec-9429-8e31b195775f
display
staticcontent_sol, staticcontent_sol
x-pantheon-styx-hostname
styx-fe3fe4-c-7885c47964-4d42s
CSGOFast-banner-300x250-1.jpg
cdn-images.win.gg/wp/uploads/2021/09/ 		28 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-images.win.gg/wp/uploads/2021/09/CSGOFast-banner-300x250-1.jpg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:c400:12:b1b7:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8293bdedd66b50dcaf53d569261107d3eb3c9b18caa18cbe3479b6f037d233c8

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified
Mon, 20 Sep 2021 14:46:30 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"e18db40c9928399f18d687264ed67297"
vary
Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
image/jpeg
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
28979
x-amz-cf-id
L9bF7c4cgU9iYj8UXld00CHXRiSTX3ZyKAgtSBimPgOahKY3hm8SWg==
light.png
cdn-images.win.gg/wp/uploads/2021/10/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn-images.win.gg/wp/uploads/2021/10/light.png
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:c400:12:b1b7:8800:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7e0e2fbaa7a89c64df6b30953123d55b39e38cb0933d59425ecb11c9989d477b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 436c247027acc191b22ece964efbaeca.cloudfront.net (CloudFront)
last-modified
Fri, 08 Oct 2021 15:56:11 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"7d33bf45dbe240bfc75db6ba977aba38"
vary
Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
image/png
access-control-allow-origin
*
x-cache
RefreshHit from cloudfront
content-length
5857
x-amz-cf-id
rFZYQDX_03DuVYVN2B1DRmcGPKhKsoCPqmK7WlVRa9536mK3oqMoJg==
p11649611d0c404d8d6710923965.png
cdn.gin.bet/team/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.gin.bet/team/p11649611d0c404d8d6710923965.png
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a07:180:27b:71f4:967e:7b66:dbda:fbaf , Belize, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a18a746fcdbca1597f56192658dce3f4389d3fa18793c2dcdc76c359583cbc9a

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
cf-cache-status
HIT
last-modified
Wed, 18 Aug 2021 13:33:52 GMT
server
cloudflare
age
454276
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=31536000
cf-ray
6aadedf1dd7459ef-MXP
p11676611d0c435bd53980706417.png
cdn.gin.bet/team/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.gin.bet/team/p11676611d0c435bd53980706417.png
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a07:180:27b:71f4:967e:7b66:dbda:fbaf , Belize, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8fe61dd7619deb61b9fe75185de7c08c14a46c6ce306a2d2866bf470fc68e27b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
cf-cache-status
HIT
last-modified
Wed, 18 Aug 2021 13:33:55 GMT
server
cloudflare
age
389365
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=31536000
cf-ray
6aadedf1dd6a59ef-MXP
123px-G2_Arcticlogo_square5e1d747d4e557452170327.png
cdn.gin.bet/team/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.gin.bet/team/123px-G2_Arcticlogo_square5e1d747d4e557452170327.png
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a07:180:27b:71f4:967e:7b66:dbda:fbaf , Belize, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d5abddabdb2b594d258497f39378ab882825d08862304ca3ea638e45dabdb051

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
cf-cache-status
HIT
last-modified
Tue, 14 Jan 2020 07:57:49 GMT
server
cloudflare
age
454276
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=31536000
cf-ray
6aadedf1dd6d59ef-MXP
123px-UCAM_Esports_Clublogo_square[1]5e482330ebec7226611169.png
cdn.gin.bet/team/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.gin.bet/team/123px-UCAM_Esports_Clublogo_square[1]5e482330ebec7226611169.png
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a07:180:27b:71f4:967e:7b66:dbda:fbaf , Belize, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8288594c3165e45994ab70dcbfd3d14b1d902727050e3226e0af0cfcb774c11

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
cf-cache-status
HIT
last-modified
Sat, 15 Feb 2020 16:58:24 GMT
server
cloudflare
age
454276
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=31536000
cf-ray
6aadedf1fd9c59ef-MXP
t395961285c796cc35597370503.png
cdn.gin.bet/team/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.gin.bet/team/t395961285c796cc35597370503.png
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a07:180:27b:71f4:967e:7b66:dbda:fbaf , Belize, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
86d7e0bcc044c387f48bc5405b86c1779c827a21db7c8511b72920f05e662dbe

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
cf-cache-status
HIT
last-modified
Fri, 27 Aug 2021 03:31:05 GMT
server
cloudflare
age
323625
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=31536000
cf-ray
6aadedf1dd6f59ef-MXP
220[1]5ffff0c0beac4191613028[1]6004b90f7926d898125499.png
cdn.gin.bet/team/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.gin.bet/team/220[1]5ffff0c0beac4191613028[1]6004b90f7926d898125499.png
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a07:180:27b:71f4:967e:7b66:dbda:fbaf , Belize, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
91479500536a8e96c6dc6e62c801df8d5a108e33a037a34806c4d50f67b10f1c

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
cf-cache-status
HIT
last-modified
Sun, 17 Jan 2021 22:24:15 GMT
server
cloudflare
age
323625
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=31536000
cf-ray
6aadedf1dd7359ef-MXP
t36526611d257c965df208413654.png
cdn.gin.bet/team/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.gin.bet/team/t36526611d257c965df208413654.png
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a07:180:27b:71f4:967e:7b66:dbda:fbaf , Belize, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fa24b62299baace7fe5abb6f7ee07864a3dda2bacfe5aa388edc805bc9a9173

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
cf-cache-status
HIT
last-modified
Wed, 18 Aug 2021 15:21:32 GMT
server
cloudflare
age
323625
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=31536000
cf-ray
6aadedf1dd7759ef-MXP
300px-Movistar_Riderslogo_square5acc93a0d41d1390673533.png
cdn.gin.bet/team/ 		84 KB
84 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.gin.bet/team/300px-Movistar_Riderslogo_square5acc93a0d41d1390673533.png
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a07:180:27b:71f4:967e:7b66:dbda:fbaf , Belize, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
80d7fe7545bc4316e85f5abf3e5dc9cb6a0df917c4e715f836f4e0ca418224fd

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
cf-cache-status
HIT
last-modified
Tue, 10 Apr 2018 10:36:16 GMT
server
cloudflare
age
300178
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=31536000
cf-ray
6aadedf1dd7159ef-MXP
madlions5e1d743e324af179045799.png
cdn.gin.bet/team/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.gin.bet/team/madlions5e1d743e324af179045799.png
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a07:180:27b:71f4:967e:7b66:dbda:fbaf , Belize, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6457d717d017a3e507014ccf5e8903a9f9c4a881ced3d7efd85843a97683feb

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
cf-cache-status
HIT
last-modified
Tue, 14 Jan 2020 07:56:46 GMT
server
cloudflare
age
454276
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=31536000
cf-ray
6aadedf1dd7259ef-MXP
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://win.gg
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 02 Nov 2021 05:32:01 GMT
x-content-type-options
nosniff
age
534245
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 02 Nov 2022 05:32:01 GMT
translator
hbopenbid.pubmatic.com/ Frame C8B1 		0
110 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://win.gg
date
Mon, 08 Nov 2021 09:56:05 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
avjp
primis-d.openx.net/v/1.0/ Frame C8B1 		106 B
408 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://primis-d.openx.net/v/1.0/avjp?ju=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&ch=UTF-8&res=1600x1200x24&ifr=true&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=6b72cdce-780e-45af-96b6-6998b934fdec&nocache=1636365366003&gdpr_consent=&gdpr=1&schain=1.0,1!primis.tech,29909,1,,,&skip=1&auid=540289187&vwd=644&vht=362&aumfs=1300
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:06 GMT
via
1.1 google
server
OXGW/16.218.0
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://win.gg
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
alt-svc
clear
content-length
106
expires
Mon, 26 Jul 1997 05:00:00 GMT
swfIndex.php
ads.stickyadstv.com/www/delivery/ Frame C8B1 		67 B
570 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=14000367&componentId=prebid&componentSubId=mustang&timestamp=1636365366004&pKey=-1530222844&_fw_gdpr_consent=&_fw_gdpr=true&loc=https%3A%2F%2Fwin.gg%2F&playerSize=644x362&schain=1.0,1!primis.tech,29909,1,,,
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-233.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:06 GMT
Server
nginx
Content-Type
application/xml;charset=UTF-8
Access-Control-Allow-Origin
https://win.gg
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
67
x-sticky-vk
1636365366163039-344
Expires
Mon, 08 Nov 2021 09:56:06 GMT
openrtb
ads.adaptv.advertising.com/rtb/ Frame C8B1 		0
207 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=PrimisTwoHB
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.67.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-196-67-255.eu-central-1.compute.amazonaws.com
Software
adaptv/1.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://win.gg
access-control-allow-credentials
true
server
adaptv/1.0
Connection
keep-alive
content-length
0
content-type
application/json
liveInternalSsp.php
live.primis.tech/live/ Frame C8B1 		2 B
280 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://live.primis.tech/live/liveInternalSsp.php?sspData=%7B%22ver%22%3A%22ver_1.5%22%2C%22minBid%22%3A0%2C%22buzzer%22%3A%7B%22count%22%3A0%2C%22titleLen%22%3A100%2C%22w%22%3A200%2C%22h%22%3A160%7D%2C%22width%22%3A644%2C%22height%22%3A362%2C%22spaceId%22%3A%2258057%22%2C%22spaceType%22%3A%22vast%22%2C%22videoPlacementType%22%3A1%2C%22ip%22%3A%2295.174.64.203%22%2C%22geoId%22%3A164%2C%22alpha2Geo%22%3A%22IT%22%2C%22devicetype%22%3A2%2C%22txtDevicetype%22%3A%22desktop%22%2C%22browser%22%3A%22chrome%22%2C%22os%22%3A%22Windows%22%2C%22txtOs%22%3A%22windows%22%2C%22deviceModel%22%3A%22%22%2C%22osVersion%22%3A%2210.0%22%2C%22deviceManufacturer%22%3A%22%22%2C%22deviceCodeName%22%3A%22%22%2C%22userAgent%22%3A%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F89.0.4389.72%20Safari%2F537.36%22%2C%22lat%22%3A%2245.4722%22%2C%22lon%22%3A%229.1922%22%2C%22appName%22%3A%22%22%2C%22appId%22%3A%22%22%2C%22isApp%22%3A0%2C%22appBundleId%22%3A%22https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F%22%2C%22appStoreUrl%22%3A%22%22%2C%22appPrivacyPolicy%22%3A%22%22%2C%22appIsPaid%22%3A%22%22%2C%22appDeveloper%22%3A%22%22%2C%22ifa%22%3A%22%22%2C%22ifv%22%3A%22%22%2C%22atts%22%3A%22%22%2C%22appVersion%22%3A%22%22%2C%22referrer%22%3A%22https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F%22%2C%22page%22%3A%22https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F%22%2C%22gdpr%22%3A1%2C%22gdprConsent%22%3A%22%22%2C%22isWePassGdpr%22%3A%220%22%2C%22ccpa%22%3A0%2C%22ccpaConsent%22%3A%22%22%2C%22domain%22%3A%22win.gg%22%2C%22website%22%3A%22www.sekindo.com%22%2C%22secure%22%3A1%2C%22geoSource%22%3A%22IP%22%2C%22coppa%22%3A0%2C%22uuid%22%3A%226188f435634f6%22%2C%22blockBrands%22%3A%5B%5D%2C%22extUserIds%22%3A%5B%5D%2C%22mraidAllowed%22%3A0%2C%22debugInformation%22%3A%22%22%2C%22siteId%22%3A104669%2C%22publisherId%22%3A29909%2C%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22primis.tech%22%2C%22sid%22%3A%2229909%22%2C%22hp%22%3A1%7D%5D%7D%2C%22region%22%3A%22EU%22%2C%22campaigns%22%3A%7B%2269811%22%3A%7B%22tracker%22%3A%22campaignFreqCap%3D0%252F0%26campaignId%3D69811%26space2AdId%3D13913619%22%2C%22prebidNsspIndex%22%3A0%2C%22space2AdId%22%3A%2213913619%22%2C%22deal%22%3A%7B%22isRtbDeal%22%3A0%2C%22rtbDealId%22%3A%22%22%2C%22rtbSeatId%22%3A%22%22%7D%2C%22rtbWSeat%22%3A%22%22%2C%22campaignId%22%3A69811%2C%22campaignScope%22%3A%22public%22%2C%22buyerUid%22%3A%22%22%2C%22adUserId%22%3A29378%2C%22bcat%22%3A%22%22%2C%22bidfloor%22%3A1.3%2C%22ext%22%3A%7B%22partner%22%3A%2293%22%2C%22revShare%22%3A%220.92%22%2C%22endpointPrefix%22%3A%22primis%22%7D%2C%22referenceId%22%3A7%7D%7D%2C%22pagecat%22%3A%5B%22IAB9-30%22%2C%22IAB9%22%2C%22IAB19-1%22%2C%22IAB3-4%22%2C%22IAB19-16%22%2C%22IAB19-30%22%2C%22IAB19%22%2C%22IAB19-2%22%5D%2C%22placementCat%22%3A%5B%22IAB9-30%22%5D%2C%22contentcat%22%3A%5B%22IAB9-30%22%5D%7D
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
https://win.gg
cache-control
no-store
access-control-allow-credentials
true
content-type
text/html; charset=UTF-8
171621
search.spotxchange.com/openrtb/2.3/dados/ Frame C8B1 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://search.spotxchange.com/openrtb/2.3/dados/171621?src_sys=prebid
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
185.94.180.123 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Date
Mon, 08 Nov 2021 09:56:06 GMT
X-SpotX-Timing-Transform
0.000337
X-SpotX-Timing-SpotMarket
0.094619
X-SpotX-Timing-Page-Mux
0.000320
X-SpotX-Timing-Page-Require
0.000333
X-fe
123
Connection
keep-alive
X-SpotX-Timing-Page-Cookie
0.000027
X-SpotX-Timing-Page
0.099504
Pragma
no-cache
X-SpotX-Timing-Page-Context
0.000330
Last-Modified
Mon, 08 Nov 2021 09:56:06 GMT
Server
nginx
Cache-Control
no-cache, must-revalidate, post-check=0, pre-check=0
X-SpotX-Timing-SpotMarket-Primary
0.019420
Access-Control-Allow-Methods
POST, GET, PATCH, DELETE, OPTIONS
Content-Type
application/json
Access-Control-Allow-Origin
https://win.gg
X-SpotX-Timing-Page-Misc
0.003523
X-SpotX-Timing-Page-Exception
0.000000
X-SpotX-Timing-SpotMarket-Secondary
0.075199
X-SpotX-Timing-Page-URI
0.000015
Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Expires
Thu, 01 Jan 1970 00:00:00 GMT
auction
prebid-server.rubiconproject.com/openrtb2/ Frame C8B1 		173 B
377 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://prebid-server.rubiconproject.com/openrtb2/auction
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.57.255.59 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-57-255-59.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
f99130a4161663ec1906f66cb043d778984e3fd3e30c85e887ae4e78f97e6717

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:06 GMT
content-encoding
gzip
content-type
application/json
access-control-allow-origin
https://win.gg
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
content-length
168
expires
0
liveView.php
live.primis.tech/live/ 		43 B
298 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTYzp2VlqzVlVGygZT0kNwM2MmY1MmY1JaZcZF9joGF5ZXJWZXI9Ml4kLwAzpm01ODA1NlZmqGE9MTM2NDM0ODtzrD02NDQzrT0mNwIzoXN0YT0kNDtjOTIkNvZ2nWRsqzFmqFR5pGU9MlZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9jYXNmRG9gYWyhPXqcov5aZlZmqWJJZD13nW4hZ2pzZGVvqWqJozZipz1uqGyiow0znXNBpHA9MCZ1p2VlSXBBZGRlPTx1LwE3NC42NC4lMDMzqXNypyVBPU1irzyfoGEyMxY1LwAyMwAyMwuXnW5xo3qmJTIjTyQyMwAkMC4jJTNCJTIjV2yhNwQyM0IyMwB4NwQyMwxyMwBBpHBfZVqyYxgcqCUlRwUmNl4mNvUlMCUlOEgIVE1MJTJDJTIjoGyeZSUlMEqyY2giJTI5JTIjQ2ulo21yJTJGODxhMC40Mmt5LwplJTIjU2FzYXJcJTJGNTM3LwM2JzNmqXVcZD02MTt4ZwQmNTYmNGY2JaJ2ow0xr1ZQX1JWTy9NQUNST30zYXR0ZW1jqE11oHRcpGkcZXI9MwAzY29hqGVhqEZcoGVJZD0jJz1yZGyuUGkurUkcp3RJZD0jJz1yZGyuTGymqEyxPTAzZ2Rjpw0kJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MCZwY3BuPTAzY2NjYUNioaNyoaQ9JzNvqXN0ZXI9MTYmNwM2NTM2NTx4MlZ1nWQ9U2VenW5xo1NQoGF5ZXI2MTt4ZwQmNTt3YmyuJaB1YyVloD1bqHRjplUmQSUlRvUlRaqcov5aZlUlRz5yq3MyMxZbYXMgY29lpHNyLWu1p2JuozQgZXZypv1mnG93ov1bnXMgZzFwZS1kqWVmqGyiov1gYXJeLXqyLWyhqzVmqGyaYXRyJTJGJzZfo2F0U3RuqHVmPWZuoHNyJzVcZHNjPXBlZWJcZA==
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:05 GMT
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
max-age=315360000
content-disposition
inline; filename="pixel.gif"
content-type
image/gif
expires
Thu, 31 Dec 2037 23:55:55 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 3C9F 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://win.gg
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Tue, 02 Nov 2021 05:32:01 GMT
x-content-type-options
nosniff
age
534245
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 02 Nov 2022 05:32:01 GMT
GVL
gvl.ezodn.com/gvlcache/ 		31 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://gvl.ezodn.com/gvlcache/GVL?gvlSpecificationVersion=2&language=it&vb=114&cmpv=55
Requested by
Host: g.ezodn.com
URL: https://g.ezodn.com/cmp/v2/cmp.js?v=49
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::6815:496e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24302a009863150046e73b021927c5b2840c4ffbbfbfd3fe05f4cbf42b19fcc0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
gvlcache-hit
true
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uvTohb01XWqyHMzhjnUxz8X4x31Ex1dqQ1p9%2Fo9e3MdH037RGxBEqT2s4f%2Fc4r7yt1X0yw0zGAiB2nDaT%2FllSxJWZ5rL6Aoc623gaWV1nvEBQuwaJ7EIgGfWnCrGadBTDeL%2B7Ph6c9sujvnF"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=604800, public
cf-ray
6aadedf269b00f52-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
w_480_00000.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/ 		455 KB
455 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/w_480_00000.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
Tengine /
Resource Hash
3e8c7c4773e3e97ad0d9aaf4ab471c5f065f9e9e3f079e3aecb40ad4f10fa693

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
via
1.1 1ebea75895f361dce4c5c868f0a0f44f.cloudfront.net (CloudFront)
x-amz-cf-pop
OTP50-C1
content-length
465488
last-modified
Sun, 07 Nov 2021 20:32:58 GMT
server
Tengine
etag
"4e5fa6416388b9ae3ebd50fe3dcde69c"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
um5ftF5U_nE91B0icmEJsuUFZ-n_oTqaabZDXDZ9xrrad5c7zUBiLg==
expires
Mon, 22 Nov 2021 09:56:06 GMT
collect
www.google-analytics.com/j/ 		2 B
201 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j93&a=929963767&t=pageview&_s=1&dl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&ul=en-us&de=UTF-8&dt=Has%20Corpse%20Husband%20ever%20shown%20his%20face%3F%20We%20investigate%20-%20WIN.gg&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEADQAAAAC~&jid=542735331&gjid=1658861547&cid=619682733.1636365366&tid=UA-125662552-1&_gid=1752130741.1636365366&_r=1&gtm=2wgb31598L2T6&cg1=&cg2=article&cd1=article&cd2=&cd9=Olivia%20Richman&cd11=10337&cd12=&z=513379345
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:06 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://win.gg
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.google-analytics.com/gtm/ 		88 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-T8SWN4K&t=gtm5&cid=619682733.1636365366
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3881d4ebc20dc4b40e4856c3c946492ae6932e8aafc787dc84600f2d76fbfb60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35237
x-xss-protection
0
last-modified
Mon, 08 Nov 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 08 Nov 2021 09:56:06 GMT
e5ac5fec-a2dc-40fb-998e-e915f562a7b6
https://win.gg/ 		65 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://win.gg/e5ac5fec-a2dc-40fb-998e-e915f562a7b6
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d2dffba8a31eb663c59a5494783cbf197c182104edc58f0c0a17b7992429d7af

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Length
66258
Content-Type
text/javascript
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame C8B1 		6 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.95.188 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-95-188.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
c91ZTIbLZrDqT0mloV_AD7.LNsTlhW69
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
age
30696
x-cache
Hit from cloudfront
access-control-max-age
3000
access-control-allow-origin
*
last-modified
Thu, 07 Oct 2021 01:02:33 GMT
server
AmazonS3
date
Mon, 08 Nov 2021 01:24:31 GMT
vary
Origin
access-control-allow-methods
GET
content-type
application/javascript
via
1.1 e6d97713eb9b65f883e0f86b833878dd.cloudfront.net (CloudFront)
cache-control
public, max-age=86400
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
G_YaJy41hGI65C88H8E3XhWpd_ZHXjys5xLL4MNQvW8hVGi0cVdrDg==
pview
l.sharethis.com/ 		0
328 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.sharethis.com/pview?event=pview&hostname=win.gg&location=%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&product=unknown&url=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&source=sharethis.js&fcmp=false&fcmpv2=true&has_segmentio=false&title=Has%20Corpse%20Husband%20ever%20shown%20his%20face%3F%20We%20investigate%20-%20WIN.gg&cms=unknown&publisher=60fa285f7c9b910013246b5d&sop=true&version=st_sop.js&lang=en&description=Corpse%20Husband%20is%20a%20mystery.%20-%20April%2029%2C%202021%20-%20WIN.gg
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.124.181.115 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-181-115.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 09:56:06 GMT
Access-Control-Max-Age
1728000
Access-Control-Allow-Origin
https://win.gg
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
event
gw.oribi.io/ 		0
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://gw.oribi.io/event
Requested by
Host: cdn.oribi.io
URL: https://cdn.oribi.io/Xy0xODg1MDA0Nzk1/oribi.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.81.242.146 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-81-242-146.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://win.gg
date
Mon, 08 Nov 2021 09:56:06 GMT
access-control-allow-credentials
true
content-length
0
vary
Origin
x-application-context
application
content-type
text/plain
usync.js
eus.rubiconproject.com/ Frame DD3C 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=primis&endpoint=us-east
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.117.200.100 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-200-100.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
4ac95c59a70b7c78d9dcfce05d1dcfd512e8f083d1525cf5d34ee3f57bf8e325

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?p=primis&endpoint=us-east
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 09:56:06 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Nov 2021 21:03:19 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=83681
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9506
Expires
Tue, 09 Nov 2021 09:10:47 GMT
serverComponent.php
nexus.ensighten.com/choozle/15154/ 		401 B
543 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/choozle/15154/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/choozle/15154/code/&publishedOn=Wed%20Sep%2008%2019:30:43%20GMT%202021&ClientID=923&PageID=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/15154/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
9859bce90c517c92bc2e03c378e158d7927ad582604e9c357435226bd8c7eea8

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
cache-control
no-cache, no-store
server
nginx
content-type
text/javascript
content-length
401
expires
Mon, 08 Nov 2021 09:56:05 GMT
PugMaster
image6.pubmatic.com/AdServer/ Frame FF6B 		0
42 B 		Script
General
Check archive.org
Download Go to
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=68671455&p=159196&s=0&a=0&ptask=ALL&np=0&fp=0&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=1&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26csuuid%3D6188f435634f6%26pixel%3D%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D1%26gdpr_consent%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:04 GMT
content-length
0
collect
stats.g.doubleclick.net/j/ 		4 B
436 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-125662552-1&cid=619682733.1636365366&jid=542735331&gjid=1658861547&_gid=1752130741.1636365366&_u=YEBAAEACQAAAAC~&z=69489037
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b4cd4f889e2c7dd71da12d2b0a29aa6346de2e5d8b3c882d7700d64c700f661d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 08 Nov 2021 09:56:06 GMT
content-type
text/plain
access-control-allow-origin
https://win.gg
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
twitter.svg
platform-cdn.sharethis.com/img/ 		731 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://platform-cdn.sharethis.com/img/twitter.svg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:c00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Wed, 03 Nov 2021 05:11:20 GMT
via
1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
last-modified
Thu, 10 Oct 2019 01:20:13 GMT
server
AmazonS3
age
449087
etag
"0af2fb38987598376c99e21af17ade45"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=2592000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
731
x-amz-cf-id
xhUC6iX39STTAjmbOh6BJRGZ7Iaj0AxgTlAezWnYxnaMJP7U2HEmhQ==
facebook.svg
platform-cdn.sharethis.com/img/ 		301 B
678 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://platform-cdn.sharethis.com/img/facebook.svg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:c00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Tue, 02 Nov 2021 13:05:50 GMT
via
1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
last-modified
Thu, 10 Oct 2019 01:20:12 GMT
server
AmazonS3
age
507016
etag
"c6e9be45643e197ce1db1d7e24a99adc"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=2592000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
301
x-amz-cf-id
vlQv_WDvDS0aopi8SNp55zdALKenOvX1Rat3pu2xnvtSha4Ux6f1Aw==
messenger.svg
platform-cdn.sharethis.com/img/ 		372 B
751 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://platform-cdn.sharethis.com/img/messenger.svg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:c00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2986551fd9e82929eabb8cba7c44f74a28d8496c744893432f067b320dff55da

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Fri, 29 Oct 2021 22:04:29 GMT
via
1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
last-modified
Thu, 10 Oct 2019 01:20:13 GMT
server
AmazonS3
age
820298
etag
"a5aa43fa302867d3e888ac2f69b7b288"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=2592000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
372
x-amz-cf-id
Gy1i_BUB6vDu9wumwV3thtpnYkYnfdySzatooX8PQT5jJoqPM_zDGA==
reddit.svg
platform-cdn.sharethis.com/img/ 		910 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://platform-cdn.sharethis.com/img/reddit.svg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:c00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
dadbb59b37bfea4c78c6e15c8cbb96dfba84526e43a0767dc244fd062a841aba

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Mon, 01 Nov 2021 15:26:37 GMT
via
1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
last-modified
Thu, 10 Oct 2019 01:20:13 GMT
server
AmazonS3
age
584970
etag
"78d796ca648d8a5e665b48ed0217c56a"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=2592000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
910
x-amz-cf-id
3kohW0-sfIqJ5lPUwGI4Ro841y7focL_1Bk8WGYvF1bH3Q57cMSnxQ==
email.svg
platform-cdn.sharethis.com/img/ 		343 B
723 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://platform-cdn.sharethis.com/img/email.svg
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:c00:1d:85c3:6640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-server-side-encryption
AES256
date
Sun, 17 Oct 2021 01:54:40 GMT
via
1.1 bee9d99ac2913ec4167e166e6bdb691e.cloudfront.net (CloudFront)
last-modified
Thu, 10 Oct 2019 01:20:12 GMT
server
AmazonS3
age
1929687
etag
"5977437466e857c7ddcadda6f6d88c2a"
x-cache
Hit from cloudfront
content-type
image/svg+xml
cache-control
public, max-age=2592000
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-length
343
x-amz-cf-id
D8ME6YSytZxvV9MWkNH_t7bU-NKzWbc8Te09r9MPHpHYoZMZI05csw==
pbsync.html
js.adscale.de/ Frame 109B 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ecde72bc5d9fd5bc5150218535ae8f75ad9161924b91e64b7995c495fc90c246

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://s.console.adtarget.com.tr/

Response headers

content-type
text/html
last-modified
Wed, 03 Nov 2021 12:30:58 GMT
x-amz-version-id
QdHVeJNZx0vktkBJzc6umsZhQi6jSn18
server
AmazonS3
content-encoding
br
date
Mon, 08 Nov 2021 08:31:02 GMT
cache-control
max-age=7200
etag
W/"5550fca00caf055568d6ced373f2721f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
sYL7RO7dSoacDPkKEQEwN9CIYEWlZkyjeJlsHHqneck0xqQmc-qYyg==
age
5105
cookie
cm.adform.net/ Frame 272A 		43 B
106 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307457%26extuid%3D%24UID
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.236 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://s.console.adtarget.com.tr/

Response headers

server
nginx
date
Mon, 08 Nov 2021 09:56:06 GMT
content-type
image/gif
content-length
43
user
cdn.admatic.com.tr/ Frame E93A 		251 B
629 B 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.admatic.com.tr/user
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
62b58b017cf4d54dc404dbc48e49b0429cbbb46678a868a95bf17664cc6340fd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://s.console.adtarget.com.tr/

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-type
text/html
vary
Accept-Encoding
server
BunnyCDN-DE1-756
cdn-pullzone
266102
cdn-uid
bea626e5-d007-4073-8941-73ce8dd2f81c
cdn-requestcountrycode
IT
cdn-edgestorageid
756
cdn-storageserver
DE-51
cache-control
public, max-age=3600
cdn-fileserver
141
last-modified
Thu, 11 Feb 2021 13:30:42 GMT
cdn-cachedat
2021-08-10 09:24:38
cdn-requestpullsuccess
True
cdn-requestpullcode
206
cdn-requestid
8c7d266c7e2e1c5545853885da9d274d
cdn-status
200
cdn-cache
HIT
content-encoding
gzip
csync
sync.console.adtarget.com.tr/ Frame 9D47 		0
0
csync
sync.console.adtarget.com.tr/ Frame 3055
Redirect Chain
  • https://creativecdn.com/cm-notify?pi=admatic
  • https://creativecdn.com/cm-notify?pi=admatic&tc=1
  • https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=kmDPZth0VZqYMBjLduFX&pi=admatic&tc=1
0
0
/
ads.us.e-planning.net/uspd/1/ Frame 8D2B
Redirect Chain
  • https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
  • https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
3 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
356ce5e8970cc7ae0067519b144668c732ff1f202d188bd4443fca430b5c3aa3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://s.console.adtarget.com.tr/

Response headers

server
openresty
date
Mon, 08 Nov 2021 09:56:06 GMT
content-type
text/html
cache-control
max-age=0, no-cache
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
expires
Mon, 08 Nov 2021 09:56:06 GMT
x-sid
AMS-602
content-encoding
gzip

Redirect headers

server
openresty
date
Mon, 08 Nov 2021 09:56:06 GMT
content-type
text/html; charset=iso-8859-1
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location
/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
x-sid
AMS-602
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 2130 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=0&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307406%26extuid%3D
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://s.console.adtarget.com.tr/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=157520
expires
Wed, 10 Nov 2021 05:41:26 GMT
date
Mon, 08 Nov 2021 09:56:06 GMT
vary
Accept-Encoding
csync
sync.console.adtarget.com.tr/ Frame CA95 		0
0
023efb217eee1cbb71f657f0ff77d993.js
nexus.ensighten.com/choozle/15154/code/ 		1 KB
869 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/choozle/15154/code/023efb217eee1cbb71f657f0ff77d993.js?conditionId0=4912064&conditionId1=4912065
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/15154/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
96ae6a03a75db67d90cdae793dabdb904860f79f05feeaea10a4e09428719763

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 19:14:38 GMT
server
nginx
etag
W/"61390b9e-5cc"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
7e3bcccbe9be6061a65a6eb142929580.js
nexus.ensighten.com/choozle/15154/code/ 		2 KB
558 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/choozle/15154/code/7e3bcccbe9be6061a65a6eb142929580.js?conditionId0=421905
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/15154/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.195.42.228 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-42-228.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
9186ad0839410bf3d20f3c5b242b36027562baac85ffb8cba18b50b6e4d7945d

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 19:09:28 GMT
server
nginx
etag
W/"61390a68-746"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-125662552-1&cid=619682733.1636365366&jid=542735331&_u=YEBAAEACQAAAAC~&z=478403572
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.it/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.it/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j93&tid=UA-125662552-1&cid=619682733.1636365366&jid=542735331&_u=YEBAAEACQAAAAC~&z=478403572
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
w_480_00001.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/ 		483 KB
484 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/w_480_00001.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
Tengine /
Resource Hash
15770468a1704759435695a14f23c4fa7ec3059b1cbd2dd85faf4db3a2eda98b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
via
1.1 372875ad1ec20daf24f3f29f14a73cd0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
content-length
494252
last-modified
Sun, 07 Nov 2021 20:32:58 GMT
server
Tengine
etag
"549c648b64ff7d0ff15bd95a15b242c5"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
wOLYLQyJNPIoEPYt1AtASyPxlof5zBKy44YYQaLJYGG0-aDpz9Ra6g==
expires
Mon, 22 Nov 2021 09:56:06 GMT
362358.gif
idsync.rlcdn.com/
Redirect Chain
  • https://cs.choozle.com/dp/chz/24899?d=win.gg&cb=1723970047
  • https://cs.choozle.com/sync
  • https://cs.choozle.com/sync?v=true&cid=bededd1e-bc0a-4201-ab0d-5b663db935c4
  • https://tags.bluekai.com/site/48443?id=bededd1e-bc0a-4201-ab0d-5b663db935c4&limit=1&redir=https%3A%2F%2Fcs.choozle.com%2Fsync%3Fpid%3D%24_BK_UUID%26dpsync%3Dbk%26cid%3Dbededd1e-bc0a-4201-ab0d-5b663...
  • https://cs.choozle.com/sync?pid=$_BK_UUID&dpsync=bk&cid=bededd1e-bc0a-4201-ab0d-5b663db935c4
  • https://match.adsrvr.org/track/cmf/generic?ttd_puid=bededd1e-bc0a-4201-ab0d-5b663db935c4&ttd_pid=gdmv7qs&ttd_tpi=1
  • https://cs.choozle.com/sync?pid=9954d0a5-3bda-4478-a00d-7a44ba5cedad&dpsync=ttd&cid=bededd1e-bc0a-4201-ab0d-5b663db935c4
  • https://idsync.rlcdn.com/459489.gif?partner_uid=bededd1e-bc0a-4201-ab0d-5b663db935c4
  • https://idsync.rlcdn.com/1000.gif?memo=COGFHBIwCiwIARCp7AEaJGJlZGVkZDFlLWJjMGEtNDIwMS1hYjBkLTViNjYzZGI5MzVjNBAAGg0It-ijjAYSBQjoBxAAQgBKAA
  • https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
  • https://idsync.rlcdn.com/362358.gif?google_gid=CAESEIDAITg6k7kfNEgFL-QyLo0&google_cver=1
42 B
316 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEIDAITg6k7kfNEgFL-QyLo0&google_cver=1
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
clear
content-length
42

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEIDAITg6k7kfNEgFL-QyLo0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
289
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/ 		0
341 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-916JLHZYLF&gtm=2oeb31&_p=929963767&sr=1600x1200&_gaz=1&ul=en-us&cid=619682733.1636365366&_s=1&dl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&dt=Has%20Corpse%20Husband%20ever%20shown%20his%20face%3F%20We%20investigate%20-%20WIN.gg&sid=1636365366&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.game=&ep.author=Olivia%20Richman&ep.content_type=article&ep.tag=&epn.item_id=10337
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-916JLHZYLF&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:06 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://win.gg
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-916JLHZYLF&cid=619682733.1636365366&gtm=2oeb31&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-916JLHZYLF&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0c::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:06 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://win.gg
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.it/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.it/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-916JLHZYLF&cid=619682733.1636365366&gtm=2oeb31&aip=1&z=1627176883
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:06 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
uu
ih.adscale.de/ Frame 109B
Redirect Chain
  • https://ih.adscale.de/uu?cbfn=receive&t=1636365366
  • https://ih.adscale.de/uu?cbfn=receive&t=1636365366&nut&uu=7e9bbb5efcf2448e980c068d45512089
44 B
213 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ih.adscale.de/uu?cbfn=receive&t=1636365366&nut&uu=7e9bbb5efcf2448e980c068d45512089
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol
H2
Server
18.193.208.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-208-211.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
29319580ce848cd69d06fd75aff5626eaa1af5ebefb0136dc1ca332478d2acf3

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://js.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-length
44
content-type
text/javascript;charset=ISO-8859-1

Redirect headers

location
https://ih.adscale.de/uu?cbfn=receive&t=1636365366&nut&uu=7e9bbb5efcf2448e980c068d45512089
date
Mon, 08 Nov 2021 09:56:06 GMT
content-length
0
ima3.js
imasdk.googleapis.com/js/sdkloader/ Frame C8B1 		369 KB
123 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/sdkloader/ima3.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032312D31312D30385F31317D7B7331343830393231367D7B433136347D7B5364326C754C6D646E7D7B626368726F6D657D7B716465736B746F707D7B6F77696E646F77737D7B583735307D7B593432347D7B66317D7B4C383535367DFEFE&userIpAddr=95.174.64.203&userUA=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F89.0.4389.72+Safari%2F537.36&debugInformation=&isWePassGdpr=0&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=30&c2pWaitTime=10&isSinglePageFloatSupport=0&csuuid=6188f435634f6&debugInfo=14809216_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=14809216&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed2011ghzmiptq&secondaryContent=&x=750&y=424&pubUrl=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=1&flow_bottomOffset=110&impGap=1&flow_width=400&flow_height=225&videoType=flow&gdpr=1&gdprConsent=&contentFeedId=&geoLati=45.4722&geoLong=9.1922&vpTemplate=8556&flowMode=below&isRealPreroll=0&playerApiId=&isApp=0&ccpa=0&ccpaConsent=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3cdbb68e93d9fb8a81d427448443a41d21a66c151d4d7ec865e648833f854b2c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
125171
x-xss-protection
0
expires
Mon, 08 Nov 2021 09:56:06 GMT
bundle.js
cdn.admatic.com.tr/user/ Frame E93A 		54 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.admatic.com.tr/user/bundle.js
Requested by
Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
89.187.169.47 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-89-187-169-47.cdn77.com
Software
BunnyCDN-DE1-756 /
Resource Hash
8b5cbe512fbb056de7aa42963d3bac7e38adb05e32fbe6f502b4fad3cabf57fc

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://cdn.admatic.com.tr/user
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-encoding
br
cdn-edgestorageid
756
cdn-fileserver
141
cdn-storageserver
DE-51
cdn-cachedat
2021-08-12 13:48:34
cdn-pullzone
266102
last-modified
Fri, 12 Mar 2021 04:24:48 GMT
server
BunnyCDN-DE1-756
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
cdn-uid
bea626e5-d007-4073-8941-73ce8dd2f81c
cache-control
public, max-age=3600
cdn-requestid
9a7e1de6afce5d3dbd997568629f4d4e
cdn-requestcountrycode
IT
cdn-status
200
cdn-requestpullsuccess
True
w_480_00002.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/ 		516 KB
517 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/w_480_00002.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
Tengine /
Resource Hash
34d421a3b0ead306cef4a445313ca5809756632f7c4ac677ec066ba05be73ec1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
via
1.1 f813184316cc9264bb50439c82a80f89.cloudfront.net (CloudFront)
x-amz-cf-pop
OTP50-C1
content-length
528468
last-modified
Sun, 07 Nov 2021 20:32:58 GMT
server
Tengine
etag
"1a01bd596b96e50bef1040b8e489a4e5"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
O4lnhu2rRnbj9SQZ_pozgvJKa4UTR7-gnBgt1pcItTxCupxot6OQsA==
expires
Mon, 22 Nov 2021 09:56:06 GMT
um
u-ams02.e-planning.net/ Frame 8D2B
Redirect Chain
  • https://pixel.sitescout.com/dmp/pixelSync?network=EPLANNING&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D%7BUSER_ID%7D%26dc%3D0abbcb4eba840e59%26fi%3D2728411cce617bb8
  • https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=2728411cce617bb8
42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=2728411cce617bb8
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
46.249.52.249 Aalsmeer, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
server
openresty
content-type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:05 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://u-ams02.e-planning.net/um?uid=no-consent&dc=0abbcb4eba840e59&fi=2728411cce617bb8
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
um
sync.e-planning.net/ Frame 8D2B
Redirect Chain
  • https://sync.1rx.io/usersync2/eplanning
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5674022133
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5674022133
  • https://sync.1rx.io/usersync/tradedesk/9954d0a5-3bda-4478-a00d-7a44ba5cedad
  • https://sync.targeting.unrulymedia.com/csync/RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003?redir=https%3A%2F%2Fsync.e-planning.net%2Fum%3Fuid%3DRX-fd7553de-fd63-4482-93c8-11a50ca786bb-003%26dc%3D1079...
  • https://sync.e-planning.net/um?uid=RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003&dc=1079cc634ca638f8&iss=1
42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.e-planning.net/um?uid=RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003&dc=1079cc634ca638f8&iss=1
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
server
openresty
content-type
image/gif

Redirect headers

location
https://sync.e-planning.net/um?uid=RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003&dc=1079cc634ca638f8&iss=1
date
Mon, 08 Nov 2021 09:56:07 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RXfd7553defd63448293c811a50ca786bb003
content-type
text/html
dataxpand_28122020.js
s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/ Frame 8D2B 		39 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/1/3fb8/8a4272ba9ae263fe/dataxpand_28122020.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.252 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
i.e-planning.net
Software
openresty /
Resource Hash
792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
last-modified
Mon, 28 Dec 2020 16:45:03 GMT
server
openresty
etag
W/"5fea0b8f-9a72"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Sat, 07 Nov 2026 09:56:05 GMT
retargetly_030920.js
s.e-planning.net/esb/4/1/3fb8/7bb4893a30d21aef/ Frame 8D2B 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/1/3fb8/7bb4893a30d21aef/retargetly_030920.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.252 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
i.e-planning.net
Software
openresty /
Resource Hash
18cbfcb608af5885f7916274b60578d32006c90e8fce3d98dbcc89a646707608

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
last-modified
Thu, 03 Sep 2020 18:45:03 GMT
server
openresty
etag
W/"5f5139af-857"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Sat, 07 Nov 2026 09:56:05 GMT
um
u-ams02.e-planning.net/ Frame 8D2B
Redirect Chain
  • https://rtb.openx.net/sync/prebid?r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dff96d1aa62deeebd%26fi%3D2728411cce617bb8%26uid%3D%24%7BUID%7D
  • https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=2728411cce617bb8&uid=699c1726-2f56-4712-acbf-84f5f4be11b5
42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=2728411cce617bb8&uid=699c1726-2f56-4712-acbf-84f5f4be11b5
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
46.249.52.249 Aalsmeer, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
server
openresty
content-type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:05 GMT
via
1.1 google
server
Cowboy
access-control-allow-origin
null
vary
Origin
p3p
CP="CUR ADM OUR NOR STA NID"
location
https://u-ams02.e-planning.net/um?dc=ff96d1aa62deeebd&fi=2728411cce617bb8&uid=699c1726-2f56-4712-acbf-84f5f4be11b5
access-control-expose-headers
cache-control
private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
content-length
0
x-request-id
vhifengo3mnvlsrt73o8rade5ua0t0ih
ptag
a.audrte.com/ Frame 8D2B 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.audrte.com/ptag?p=M1353665098
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.213.248.174 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-213-248-174.compute-1.amazonaws.com
Software
nginx/1.18.0 /
Resource Hash
fe1d9d6a59ca420393fe9918c207d04a09e28bb98976edbc58e1a179b0abc405

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 09:56:06 GMT
Content-Encoding
gzip
Server
nginx/1.18.0
Vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
text/plain;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-transform, public, max-age=3600
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
1682
lotame.js
s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/ Frame 8D2B 		266 B
415 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.252 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
i.e-planning.net
Software
openresty /
Resource Hash
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:05 GMT
content-encoding
gzip
last-modified
Thu, 19 Nov 2020 16:18:03 GMT
server
openresty
etag
W/"5fb69abb-10a"
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
max-age=157680000
expires
Sat, 07 Nov 2026 09:56:05 GMT
current
prebid-match.dotomi.com/match/bounce/ Frame 8D2B 		0
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prebid-match.dotomi.com/match/bounce/current?networkId=72582&version=1&rurl=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Dfbb23d0ef33aad5d%26fi%3D2728411cce617bb8%26uid%3D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:12::1400 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:06 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
/
sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/ Frame 8D2B
Redirect Chain
  • https://sync.richaudience.com/f7872c90c5d3791e2b51f7edce1a0a5d/?p=25BiP9IMgN&r=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fuid%3D[PDID]%26dc%3Dfabfd6762b833237%26fi%3D2728411cce617bb8
  • https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
95 B
222 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
168.119.146.39 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.39.146.119.168.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png

Redirect headers

location
https://sync.richaudience.com/bf7c142f4339da0278e83698a02b0854/?consentString=&referrer=https%3A%2F%2Fads.us.e-planning.net%2F
date
Mon, 08 Nov 2021 09:56:06 GMT
server
nginx/1.14.2
content-type
text/html; charset=UTF-8
um
u-ams02.e-planning.net/ Frame 8D2B
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D8103fa85295fbe60%26fi%3D2728411cce617bb8%26uid%3D%24UID
  • https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=2728411cce617bb8&uid=845234657020092272
42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=2728411cce617bb8&uid=845234657020092272
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
46.249.52.249 Aalsmeer, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
server
openresty
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:06 GMT
X-Proxy-Origin
95.174.64.203; 95.174.64.203; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
fd342552-9238-4721-904c-cbed7d48b266
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://u-ams02.e-planning.net/um?dc=8103fa85295fbe60&fi=2728411cce617bb8&uid=845234657020092272
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
us
sync.go.sonobi.com/ Frame 8D2B 		0
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us?loc=%0A%0Ahttps%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3De52415579699e09f%26fi%3D2728411cce617bb8%26uid%3D%5BUID%5D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:06 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
um
sync.e-planning.net/ Frame 8D2B
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58414/occ
  • https://ups.analytics.yahoo.com/ups/58414/occ?verify=true
  • https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-0JMbv2VE2uExf9J4SsFS8jDzzvg06RXHoOOXUGA-~A
42 B
104 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-0JMbv2VE2uExf9J4SsFS8jDzzvg06RXHoOOXUGA-~A
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
server
openresty
content-type
image/gif

Redirect headers

location
https://sync.e-planning.net/um?dc=d5ef3eaea371187e&iss=1&uid=y-0JMbv2VE2uExf9J4SsFS8jDzzvg06RXHoOOXUGA-~A
date
Mon, 08 Nov 2021 09:56:06 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
eplanning
cs.admanmedia.com/sync/ Frame 8D2B 		0
0
usync.html
eus.rubiconproject.com/ Frame 9891
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?&p=12186&endpoint=eu
  • https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.117.200.100 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-200-100.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40019-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 08 Nov 2021 09:56:06 GMT
Connection
keep-alive
Vary
Accept-Encoding

Redirect headers

Server
AkamaiGHost
Content-Length
0
Location
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Date
Mon, 08 Nov 2021 09:56:06 GMT
Connection
keep-alive
Access-Control-Allow-Credentials
true
Access-Control-Allow-Origin
*
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6FF9 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156631&s=&predirect=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3Da208d9366469aa64%26fi%3D2728411cce617bb8%26uid%3D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=157520
expires
Wed, 10 Nov 2021 05:41:26 GMT
date
Mon, 08 Nov 2021 09:56:06 GMT
vary
Accept-Encoding
user
ads3.admatic.com.tr/ Frame E93A 		75 B
422 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads3.admatic.com.tr/user
Requested by
Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user/bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.132.147.227 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
static-227-147-132-188.sadecehosting.net
Software
AdMatic / AdMatic
Resource Hash
115ccd207fe3b7633eaa48b7a44f27c163274f2d35d20368a00a40b83d8afbf1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://cdn.admatic.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-type
application/json; charset=utf-8
server
AdMatic
x-powered-by
AdMatic
vary
Origin
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://cdn.admatic.com.tr
cache-control
no-cache
access-control-allow-credentials
true
timing-allow-origin
*
content-length
75
usync.js
eus.rubiconproject.com/ Frame 9891 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.117.200.100 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-200-100.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
4ac95c59a70b7c78d9dcfce05d1dcfd512e8f083d1525cf5d34ee3f57bf8e325

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?&p=12186&endpoint=eu
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 09:56:06 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Nov 2021 21:03:19 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=83681
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9506
Expires
Tue, 09 Nov 2021 09:10:47 GMT
userconnect.js
js.adscale.de/ Frame 109B 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.adscale.de/userconnect.js
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
58ed344732766704ee535508e3dcd8d4a8ec0c9c79d16adf02293adde110926c

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://js.adscale.de/pbsync.html?gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307565%26extuid%3D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
_MrzQtF9UBvoAFyvgr_X89zr3JHNDNtA
content-encoding
gzip
last-modified
Wed, 03 Nov 2021 12:30:58 GMT
server
AmazonS3
age
5105
etag
W/"98f37b242862929d9aef4bde91abc8ad"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
cache-control
max-age=7200
date
Mon, 08 Nov 2021 08:31:02 GMT
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
uB7U_27MJ1PjsYpR_wgaZum3ITQExlkUNhpGaAQ7YdZtCT4H9JjeWg==
csync
sync.console.adtarget.com.tr/ Frame 109B 		0
0
w_480_00003.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/ 		474 KB
475 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/w_480_00003.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
Tengine /
Resource Hash
ece688f60b3b488b21f3aa30a0a0f7178e6da09b5f67ff98200b09dc69f93e42

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
via
1.1 4612dc3b414cf2057f542e94733d59bd.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
content-length
485040
last-modified
Sun, 07 Nov 2021 20:32:58 GMT
server
Tengine
etag
"65ae3f83eabe04ea3e8c1702e5a61fa3"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
NFIy5nu6kS3rYNUTIYDrIMKTe9uCkNmne6Yo6B8EnHZHVcf6gdNWhA==
expires
Mon, 22 Nov 2021 09:56:06 GMT
userconnect
ih.adscale.de/ Frame 109B 		149 B
224 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ih.adscale.de/userconnect?ssl=1&sid=0&cbfn=stroeerCoreConnect&ts=1636365366642&umd=false&gdpr=0&gdpr_version=2&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.208.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-208-211.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://js.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-length
149
content-type
application/javascript
iframe
d1eoo1tco6rr5e.cloudfront.net/2tetedh/g27akpq/ Frame 5DE0
Redirect Chain
  • https://insight.adsrvr.org/tags/2tetedh/g27akpq/iframe
  • https://d1eoo1tco6rr5e.cloudfront.net/2tetedh/g27akpq/iframe
138 B
667 B 		Document
General
Check archive.org
Download Go to
Full URL
https://d1eoo1tco6rr5e.cloudfront.net/2tetedh/g27akpq/iframe
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/15154/code/023efb217eee1cbb71f657f0ff77d993.js?conditionId0=4912064&conditionId1=4912065
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
143.204.97.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-97-29.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b98d73c9da43ab088e858bcfadfa96208819a10c743b730ccf229e427655cd82

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/

Response headers

Content-Type
text/html
Content-Length
138
Connection
keep-alive
Last-Modified
Fri, 01 Oct 2021 23:46:10 GMT
x-amz-server-side-encryption
AES256
Accept-Ranges
bytes
Server
AmazonS3
Date
Mon, 08 Nov 2021 07:19:47 GMT
Cache-Control
max-age=86400
ETag
"8c0625cd3448e60af6c1f4784d6f3573"
X-Cache
Hit from cloudfront
Via
1.1 a394c864b23364262af48fed4e7e9fad.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA50-C1
X-Amz-Cf-Id
ELCmFnx8kbEVlnPNJhusR5r-SE57VzECk6FBmq3dge4z62VTwtULOg==
Age
9380

Redirect headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-type
text/html; charset=UTF-8
content-length
183
location
https://d1eoo1tco6rr5e.cloudfront.net/2tetedh/g27akpq/iframe
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
bridge3.487.0_en.html
imasdk.googleapis.com/js/core/ Frame C77E 		578 KB
190 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://imasdk.googleapis.com/js/core/bridge3.487.0_en.html
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
17d28d80565aea246a542b61a9d2f93c98fb30887bd662de52191d4e87a6fb45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="ads-doubleclick-instream-static"
report-to
{"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length
194247
date
Fri, 05 Nov 2021 10:09:33 GMT
expires
Sat, 05 Nov 2022 10:09:33 GMT
last-modified
Mon, 01 Nov 2021 17:03:25 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
cache-control
public, max-age=31536000
age
258393
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
client.js
s0.2mdn.net/instream/video/ Frame C8B1 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s0.2mdn.net/instream/video/client.js
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16746
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Mon, 08 Nov 2021 09:56:06 GMT
map
ih.adscale.de/ Frame A236 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/userconnect.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.208.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-208-211.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
79e0b31ed7dd31fb4a8d054b05cf38a6e3fbec7ed680bc8df999505637f5368e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://js.adscale.de/

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-type
text/html;charset=ISO-8859-1
content-length
2702
usermatch
ssum.casalemedia.com/ Frame B4D0 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D2728411cce617bb8%26uid%3D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
22460c9c4d8a343b378271dd691d8870253cfef422393cbd73644b8c4b9b6a3c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
39|241|45|230|31|152|90|3
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1776
Expires
Mon, 08 Nov 2021 09:56:06 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:06 GMT
Connection
keep-alive
/
onetag-sys.com/usync/ Frame F922 		2 KB
823 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=5927d926323dc2c
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
/
spl.zeotap.com/ Frame 22E5 		7 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4bccfd351ab603b339f3307bbf8da34450cd9d2deae5ad5f5400b5fd6e25845e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

date
Mon, 08 Nov 2021 09:56:06 GMT
content-type
text/html
access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://ads.us.e-planning.net
vary
Origin
via
1.1 google
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6aadedf6cc805a2b-MXP
content-encoding
br
omweb-v1.js
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 2625 		37 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Requested by
Host: srcdoc
URL: about:srcdoc
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:14:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2521
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12861
x-xss-protection
0
last-modified
Tue, 26 Oct 2021 20:08:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="omsdk-team-release-policy"
vary
Accept-Encoding
report-to
{"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
expires
Mon, 08 Nov 2021 10:14:05 GMT
match.js
js.adscale.de/ Frame A236 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.adscale.de/match.js
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:5a00:f:4f64:8940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
91b4eb09154d5ebef46352e922194ec6dbb9547b63f9776ae10133fe1ca66879

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id
trc55p8MIfgti2EifEco1Vi7JFS12hcu
content-encoding
br
last-modified
Wed, 03 Nov 2021 12:30:58 GMT
server
AmazonS3
age
5105
etag
W/"b75124846aec28a28b7a3441813682d5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 6ea9fcffa719a56ee2be748a73d37974.cloudfront.net (CloudFront)
cache-control
max-age=7200
date
Mon, 08 Nov 2021 08:31:02 GMT
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
1Ptm7OrtJarrcXrrwZYiBSbfLhULYYvSt5_KE6NwWwIdBWBCRN7TzA==
new
ads3.admatic.com.tr/user/ Frame E93A 		169 B
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ads3.admatic.com.tr/user/new
Requested by
Host: cdn.admatic.com.tr
URL: https://cdn.admatic.com.tr/user/bundle.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
188.132.147.227 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
static-227-147-132-188.sadecehosting.net
Software
AdMatic / AdMatic
Resource Hash
644ef600fd425cb6a30b351e54c5110dc5b7e88e65c44989be4c44c8ff54c768

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://cdn.admatic.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 09:56:06 GMT
etag
Z8IqVZSbMG3v9ufet-n7w02PhorVfVMgrORVdX0f_3otLZz00GoYWYNZb6XJ5k2T3_on_7UUYoEBB68eRHJ5lw
last-modified
Mon, 08 Nov 2021 10:56:07 GMT
server
AdMatic
x-powered-by
AdMatic
vary
Origin
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://cdn.admatic.com.tr
cache-control
no-cache
access-control-allow-credentials
true
content-type
application/json; charset=utf-8
content-length
169
khaos.jpg
token.rubiconproject.com/ Frame DD3C 		284 B
536 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/khaos.jpg?
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
284
X-RPHost
3bafef7aa4e37890defcd73f0a080481
Content-Type
image/jpg
img
ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/ Frame A236
Redirect Chain
  • https://bbnaut.ibillboard.com/match/AdScale?partneruid=7e9bbb5efcf2448e980c068d45512089&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37ac5138d2d167321d%2F1636365366797%2F0%2Fimg%3Ftpid%...
  • https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/img?tpid=101&tpuid=BBID-01-03110793670774975-16441020
49 B
466 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/img?tpid=101&tpuid=BBID-01-03110793670774975-16441020
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.193.208.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-208-211.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
nginx
Transfer-Encoding
chunked
p3p
CP="CUR ADM DEV OUR STP PRE DSP NOI COR NID"
Location
https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/img?tpid=101&tpuid=BBID-01-03110793670774975-16441020
Cache-Control
private, max-age=3600
Access-Control-Allow-Credentials
true
Connection
close
getuid
ib.adnxs.com/ Frame 22E5 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-67...
  • https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm=&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6...
  • https://mwzeom.zeotap.com/mw?google_gid=CAESELapU2pZnYuY8tPOagtgOxo&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?google_gid=CAESELapU2pZnYuY8tPOagtgOxo&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedf888fc5a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://mwzeom.zeotap.com/mw?google_gid=CAESELapU2pZnYuY8tPOagtgOxo&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
470
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
  • https://mwzeom.zeotap.com/mw?cid=07c684f9-f952-447d-b7d0-42b3701ebc09&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=07c684f9-f952-447d-b7d0-42b3701ebc09&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedf888db5a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=07c684f9-f952-447d-b7d0-42b3701ebc09&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
/
dmp.adform.net/serving/cookie/match/ Frame 22E5 		0
331 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.6.251 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
s1.adform.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b847-8611-4981-776c-da5a1f9ce866%26reqId%3Dc...
  • https://mwzeom.zeotap.com/mw?cid=9954d0a5-3bda-4478-a00d-7a44ba5cedad&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908...
95 B
164 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=9954d0a5-3bda-4478-a00d-7a44ba5cedad&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedf838015a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://mwzeom.zeotap.com/mw?cid=9954d0a5-3bda-4478-a00d-7a44ba5cedad&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
481
cm
trc.taboola.com/sg/zeotap/1/ Frame 22E5 		0
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-vcl-time-ms
82
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 varnish
server
nginx
x-timer
S1636365367.035671,VS0,VE82
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-mxp6921-MXP
u
dmp.v.fwmrm.net/ad/ Frame 22E5 		0
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
2607:ae80:5::149 , United States, ASN26558 (FREEWHEEL, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Cache-Control
no-store
Expires
0
Content-Type
text/html
Content-Length
0
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame 22E5 		0
163 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b847-8611-4981-776c-da5a1f9ce866%26reqId%3Dce460c15-80b0-4908-6794-bd6f11754c65%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=38d6b847-8611-4981-776c-da5a1f9ce866&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=38d6b847-8611-4981-776c-da5a1f9ce866&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
  • https://mwzeom.zeotap.com/mw?cid=73258897604003962834278498049206564074&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=73258897604003962834278498049206564074&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedf97b715a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

DCS
dcs-prod-irl1-1-v019-003e67e75.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
ZOk5AfklR4s=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://mwzeom.zeotap.com/mw?cid=73258897604003962834278498049206564074&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
  • https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361&xl8b...
  • https://mwzeom.zeotap.com/mw?cid=12e25d445b5559b4fade0f312841b44e&zpartnerid=7&zdid=1361&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&w_k=&user_zi=&gdpr=&gdpr_consent=&optin=&uc=&z_p=&zem1=&zem2=&zem...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=12e25d445b5559b4fade0f312841b44e&zpartnerid=7&zdid=1361&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&w_k=&user_zi=&gdpr=&gdpr_consent=&optin=&uc=&z_p=&zem1=&zem2=&zem3=&zem4=&zem5=&zem6=&zph1=&zph2=&zph3=&zph4=&zph5=&zph6=&z_e_sha2_l=&z_e_sha2_u=&z_p_sha2_w=&z_p_sha2_wo=&email_hash=&zcluid=
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedf99bc95a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

date
Mon, 08 Nov 2021 09:56:07 GMT
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location
https://mwzeom.zeotap.com/mw?cid=12e25d445b5559b4fade0f312841b44e&zpartnerid=7&zdid=1361&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&w_k=&user_zi=&gdpr=&gdpr_consent=&optin=&uc=&z_p=&zem1=&zem2=&zem3=&zem4=&zem5=&zem6=&zph1=&zph2=&zph3=&zph4=&zph5=&zph6=&z_e_sha2_l=&z_e_sha2_u=&z_p_sha2_w=&z_p_sha2_wo=&email_hash=&zcluid=
cache-control
no-cache
access-control-allow-credentials
true
content-type
image/gif
content-length
0
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://bn01.er.bemail.it/zeotap.php?_bid=38d6b847-8611-4981-776c-da5a1f9ce866&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-...
  • https://mwzeom.zeotap.com/mw?cid=BE1-2021110810-97853-0.332360001636365367-debd824a8648448f072d3ce8b5ddd354&zdid=533&env=mWeb
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=BE1-2021110810-97853-0.332360001636365367-debd824a8648448f072d3ce8b5ddd354&zdid=533&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedf8a93e5a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=BE1-2021110810-97853-0.332360001636365367-debd824a8648448f072d3ce8b5ddd354&zdid=533&env=mWeb
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
nginx/1.10.2
Connection
keep-alive
X-Powered-By
PHP/5.4.16
Transfer-Encoding
chunked
Content-Type
text/html
check
pixel.tapad.com/idsync/ex/receive/ Frame 22E5
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=38d6b847-8611-4981-776c-da5a1f9ce866
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=38d6b847-8611-4981-776c-da5a1f9ce866
95 B
425 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=38d6b847-8611-4981-776c-da5a1f9ce866
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.248.227.35.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=38d6b847-8611-4981-776c-da5a1f9ce866
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=38d6b847-8611-4981-776c-da5a1f9ce866&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=38d6b847-8611-4981-776c-da5a1f9ce866&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://mwzeom.zeotap.com/mw?webouuid=oBoXaSaDsTnHkAehKRmdXe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-49...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?webouuid=oBoXaSaDsTnHkAehKRmdXe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedf889005a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
last-modified
Mon, 08 Nov 2021 09:56:07 GMT
server
nginx/1.12.0
location
https://mwzeom.zeotap.com/mw?webouuid=oBoXaSaDsTnHkAehKRmdXe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
clear
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=38d6b847-8611-4981-776c-da5a1f9ce866?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=38d6b847-8611-4981-776c-da5a1f9ce866?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdp...
  • https://mwzeom.zeotap.com/mw?pid=6d4ea94c07a4edc74a34b7ab495ea304&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?pid=6d4ea94c07a4edc74a34b7ab495ea304&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedf9dc855a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://mwzeom.zeotap.com/mw?pid=6d4ea94c07a4edc74a34b7ab495ea304&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
cache-control
no-cache
x-server
10.45.20.14
content-length
0
expires
0
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
  • https://mwzeom.zeotap.com/mw?cid=y-or0w2mxE2orttgF1l15etf7Gdjv2jxo0gQ--~A&zpartnerid=570&env=mWeb
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=y-or0w2mxE2orttgF1l15etf7Gdjv2jxo0gQ--~A&zpartnerid=570&env=mWeb
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedf9cc6c5a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

date
Mon, 08 Nov 2021 09:56:07 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
text/html;charset=utf-8
location
https://mwzeom.zeotap.com/mw?cid=y-or0w2mxE2orttgF1l15etf7Gdjv2jxo0gQ--~A&zpartnerid=570&env=mWeb
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000
content-length
0
x-content-type-options
nosniff
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=ITA&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zd...
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=ITA&zdid=1361&cid=zjV%2FT1B9K4kFLiZ7l%2F%2FG%2Ft7%2BEDB%2FqRta%2BS41iYitP1U%3D
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=ITA&zdid=1361&cid=zjV%2FT1B9K4kFLiZ7l%2F%2FG%2Ft7%2BEDB%2FqRta%2BS41iYitP1U%3D
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedf97b735a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
server
AAWebServer
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=ITA&zdid=1361&cid=zjV%2FT1B9K4kFLiZ7l%2F%2FG%2Ft7%2BEDB%2FqRta%2BS41iYitP1U%3D
cache-control
no-cache, no-store, must-revalidate
content-length
0
expires
0
v2
odr.mookie1.com/t/ Frame 22E5 		43 B
324 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://odr.mookie1.com/t/v2?tagid=V2_746632&src.visitorId=38d6b847-8611-4981-776c-da5a1f9ce866&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.67.61 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
61.67.98.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
server
Apache
p3p
CP="NON DSP COR NID CURa PSAa PSDa OUR STP UNI COM NAV STA LOC OTC",policyref="/w3c/p3p.xml"
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif;charset=UTF-8
alt-svc
clear
content-length
43
x-application-context
application
expires
Thu, 01 Jan 1970 00:00:00 GMT
usermatch.gif
beacon.krxd.net/ Frame 22E5 		0
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.128.79.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-79-28.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
cache-control
private, no-cache, no-store
x-request-time
D=44 t=1636365367
x-served-by
beacon-n022-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame 22E5 		95 B
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=38d6b847-8611-4981-776c-da5a1f9ce866&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.119.146.39 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.39.146.119.168.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YYj0NwADA2hFGgBG&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YYj0NwADA2hFGgBG&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361&_test=YYj0NwADA2hFGgBG
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedfa0d285a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 varnish
server
Varnish
x-timer
S1636365367.338995,VS0,VE0
x-served-by
cache-mxp6950-MXP
x-cache
HIT
location
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=YYj0NwADA2hFGgBG&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361&_test=YYj0NwADA2hFGgBG
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://mwzeom.zeotap.com/mw?cid=116e6188-f436-4e00-b748-983ff3724c10&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c1...
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?cid=116e6188-f436-4e00-b748-983ff3724c10&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedf9bc355a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
MT3 4067 88cc6bf master cdg-pixel-x31 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://mwzeom.zeotap.com/mw?cid=116e6188-f436-4e00-b748-983ff3724c10&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
0
Expires
Mon, 08 Nov 2021 09:56:06 GMT
v1
engine.widespace.com/map/ext/api/trackingcallback/ Frame 22E5 		0
76 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://engine.widespace.com/map/ext/api/trackingcallback/v1?accessToken=zeotap-user-sync&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.217.170.69 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-217-170-69.eu-west-1.compute.amazonaws.com
Software
nginx/1.20.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
server
nginx/1.20.1
usermatch.gif
beacon.krxd.net/ Frame 22E5
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f1175...
0
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
108.128.79.28 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-108-128-79-28.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
cache-control
private, no-cache, no-store
x-request-time
D=28 t=1636365367
x-served-by
beacon-n002-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
date
Mon, 08 Nov 2021 09:56:07 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a013-ash-prod.krxd.net
dcm
aax-eu.amazon-adsystem.com/s/ Frame 22E5
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=38d6b847-8611-4981-776c-da5a1f9ce866&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776...
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=38d6b847-8611-4981-776c-da5a1f9ce866&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776...
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=38d6b847-8611-4981-776c-da5a1f9ce866&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361&dcc=t
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
HTTP/1.1
Server
52.95.115.196 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
8P4QPJ509CRT7W538D74
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
J1N5H0VZVYC7PEG13PFQ
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=38d6b847-8611-4981-776c-da5a1f9ce866&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://tags.bluekai.com/site/87734?id=38d6b847-8611-4981-776c-da5a1f9ce866&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK...
  • https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedfb587c5a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?zpartnerid=1202&env=mWeb&cid=$_BK_UUID&BK_SWAP_DEST=87734
Date
Mon, 08 Nov 2021 09:56:07 GMT
Connection
keep-alive
Content-Length
0
BK-Server
ce91
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
mw
mwzeom.zeotap.com/ Frame 22E5
Redirect Chain
  • https://obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D38d6b...
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
95 B
153 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6aadedfb0fc75a2b-MXP
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
date
Mon, 08 Nov 2021 09:56:07 GMT
cross-origin-resource-policy
cross-origin
content-length
0
cmp.min.js
spl.zeotap.com/ Frame 22E5 		557 B
522 B 		Script
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b526e9e3f769d1f08a58b16c65bc4d4ecf2ec999b3d0eb8efcad80da5bf084f

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray
6aadedf7beca5a2b-MXP
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
cf-cache-status
MISS
last-modified
Mon, 08 Nov 2021 09:56:07 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
content-encoding
br
access-control-allow-headers
*
casale
match.adsrvr.org/track/cmf/ Frame B4D0 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D2728411cce617bb8%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
dcm
s.amazon-adsystem.com/ Frame B4D0
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB&dcc=t
43 B
645 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB&dcc=t
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D2728411cce617bb8%26uid%3D
Protocol
HTTP/1.1
Server
52.46.154.242 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
KPK6KGTQ55ZDW0P43849
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
PW917MWYDGYW9Y70YB4X
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=1&gdpr_consent=&id=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame B4D0
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D&gdpr=1
  • https://cm.g.doubleclick.net/pixel?gdpr=1&google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YYj0NoqWajl63Okm9fiWUAAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGhYqpkGAxmi8CodOgbYTdQ&google_cver=1&gdpr=1
43 B
999 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGhYqpkGAxmi8CodOgbYTdQ&google_cver=1&gdpr=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D2728411cce617bb8%26uid%3D
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 09:56:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEGhYqpkGAxmi8CodOgbYTdQ&google_cver=1&gdpr=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
325
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame B4D0
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB&gdpr_consent=&us_privacy=&gdpr=1
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB&gdpr_consent=&us_privacy=&gdpr=1&google_tc=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEGdALzIv2f1Jdu3g_83k67M&google_cver=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEGdALzIv2f1Jdu3g_83k67M&google_cver=1
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D2728411cce617bb8%26uid%3D
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Mon, 08 Nov 2021 09:56:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=1&google_gid=CAESEGdALzIv2f1Jdu3g_83k67M&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
343
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
noop
px.owneriq.net/ Frame B4D0
Redirect Chain
  • https://px.owneriq.net/eucm/p/cc?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D31%26external_user_id%3D(OIQ_UUID)
  • https://px.owneriq.net/ecc?redir=https%3a%2f%2fdsum-sec.casalemedia.com%2fcrum%3fcm_dsp_id%3d31%26external_user_id%3dQ6896517671019144208&uid=Q6896517671019144208&ref=%2Feucm%2Fp%2Fcc
  • https://px.owneriq.net/noop?ct=image%2Fgif
0
287 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.owneriq.net/noop?ct=image%2Fgif
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D2728411cce617bb8%26uid%3D
Protocol
HTTP/1.1
Server
104.111.242.53 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-242-53.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
Apache/2.2.15 (CentOS)
Connection
keep-alive
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-Powered-By
PHP/5.3.3
Content-Length
0
Content-Type
image/gif

Redirect headers

Location
https://px.owneriq.net/noop?ct=image%2Fgif
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
AkamaiGHost
Connection
keep-alive
Content-Length
0
crum
dsum-sec.casalemedia.com/ Frame B4D0
Redirect Chain
  • https://sync.extend.tv/r.gif?exchange=index
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a141ab0b-3b43-45b7-8fda-878cfa123bf9
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a141ab0b-3b43-45b7-8fda-878cfa123bf9
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D2728411cce617bb8%26uid%3D
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 09:56:07 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Access-Control-Allow-Origin
*
Content-Type
text/html; charset=utf-8
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=152&external_user_id=a141ab0b-3b43-45b7-8fda-878cfa123bf9
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
132
Expires
Tue, 29 May 1984 15:00:00 GMT
no_match_opted_out
um.simpli.fi/ Frame B4D0
Redirect Chain
  • https://um.simpli.fi/pm_match?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=90&external_user_id=$UID&gdpr=1
  • https://um.simpli.fi/no_match_opted_out
0
278 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://um.simpli.fi/no_match_opted_out
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D2728411cce617bb8%26uid%3D
Protocol
H2
Server
169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
b8.89.32a9.ip4.static.sl-reverse.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Mon, 08 Nov 2021 09:56:07 GMT
x-content-type-options
nosniff
server
nginx
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS

Redirect headers

date
Mon, 08 Nov 2021 09:56:07 GMT
x-content-type-options
nosniff
server
nginx
location
/no_match_opted_out
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Sun, 07 Nov 2021 09:56:07 GMT
crum
dsum-sec.casalemedia.com/ Frame B4D0
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D&gdpr=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=116e6188-f436-4e00-b748-983ff3724c10&gdpr=1&gdpr_consent=
43 B
1008 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=116e6188-f436-4e00-b748-983ff3724c10&gdpr=1&gdpr_consent=
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D2728411cce617bb8%26uid%3D
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 09:56:07 GMT

Redirect headers

Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
MT3 4067 88cc6bf master zrh-pixel-x2 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=116e6188-f436-4e00-b748-983ff3724c10&gdpr=1&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 09:56:06 GMT
um
u-ams02.e-planning.net/ Frame B4D0 		42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://u-ams02.e-planning.net/um?dc=99e41df815fd80b4&fi=2728411cce617bb8&uid=YYj0NoqWajl63Okm9fiWUAAA%26710
Requested by
Host: ssum.casalemedia.com
URL: https://ssum.casalemedia.com/usermatch?s=190243&cb=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D99e41df815fd80b4%26fi%3D2728411cce617bb8%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
46.249.52.249 Aalsmeer, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
server
openresty
content-type
image/gif
csync
sync.console.adtarget.com.tr/ Frame E93A 		0
0
w_480_00004.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/ 		483 KB
484 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/w_480_00004.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
Tengine /
Resource Hash
f56ca818087834a737c9427dcf1aca0b5620455e029e2b7c3f95aac4ad8bbf70

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 a7ed0e2562a9e213a639323d1327bbbc.cloudfront.net (CloudFront)
x-amz-cf-pop
OTP50-C1
content-length
495004
last-modified
Sun, 07 Nov 2021 20:32:58 GMT
server
Tengine
etag
"3d383cc4b5bab96fcd85501843ae2278"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
Wmd_jGlRVV7JjHDHNteiABj7dkmQfOHz1LRSqMUApI1nk1oq9tHaIQ==
expires
Mon, 22 Nov 2021 09:56:07 GMT
/
insight.adsrvr.org/track/pxl/ Frame 5DE0 		70 B
260 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://insight.adsrvr.org/track/pxl/?adv=2tetedh&ct=0:g27akpq&fmt=3
Requested by
Host: d1eoo1tco6rr5e.cloudfront.net
URL: https://d1eoo1tco6rr5e.cloudfront.net/2tetedh/g27akpq/iframe
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://d1eoo1tco6rr5e.cloudfront.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
cmp
spl.zeotap.com/ Frame 22E5 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361&cmp=0
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://spl.zeotap.com
vary
Origin
via
1.1 google
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6aadedf7ff795a2b-MXP
cc.js
tags.crwdcntrl.net/c/15238/ Frame 8D2B 		38 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.crwdcntrl.net/c/15238/cc.js?ns=_cc15238
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/1/3fb8/69b1486c74a3b7dc/lotame.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-111.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 02:25:04 GMT
content-encoding
gzip
etag
W/"2b2f816f40499d384e118ce88a266e02"
last-modified
Thu, 02 Jul 2020 15:35:12 GMT
server
AmazonS3
age
27063
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
via
1.1 ee6ddabcc69c6aa1c28ad24a4a8f86b2.cloudfront.net (CloudFront)
cache-control
max-age: 86400
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
_EvN2k3D3bDmYT3-YqTfk-cqHxMWGsOwrNnr0-ZXIZh8S8vrUe_Pyw==
sirdata_03022021.html
s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/ Frame 2253 		636 B
577 B 		Document
General
Check archive.org
Download Go to
Full URL
https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.252 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
i.e-planning.net
Software
openresty /
Resource Hash
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

server
openresty
date
Mon, 08 Nov 2021 09:56:06 GMT
content-type
text/html
last-modified
Wed, 03 Feb 2021 21:18:20 GMT
etag
W/"601b131c-27c"
expires
Sat, 07 Nov 2026 09:56:06 GMT
cache-control
max-age=157680000
access-control-allow-origin
*
content-encoding
gzip
e-planning
sync.quantumdex.io/usersync/ Frame F07C 		2 KB
946 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.quantumdex.io/usersync/e-planning
Requested by
Host: ads.us.e-planning.net
URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fsync.console.adtarget.com.tr%2Fcsync%3Ft%3Da%26ep%3D307442%26extuid%3D%24UID
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
19e05f4f3f58e18def4cb9c276045d3bfb61738e922753d78cf0622fdf4e5dd3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://ads.us.e-planning.net/

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
content-type
text/html
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6aadedf868c80f82-MXP
content-encoding
gzip
csync
sync.console.adtarget.com.tr/ Frame 72D3 		0
0
w_480_00005.ts
video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/ 		517 KB
518 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://video.primis.tech/uploads/cn19/video/users/hls/29909/video_5f6af001aae1b264352045/vid61883753e79ee081421673.mp4/w_480_00005.ts
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/video/hls/hls.0.12.4_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.167.98.14 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
Tengine /
Resource Hash
416f737d3a2459a6215f3a4ecf5e8b4dbb8227c3af23671b7408c276d2e44ba7

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 968007545c497b68cc41825f11e930ba.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
content-length
529032
last-modified
Sun, 07 Nov 2021 20:32:58 GMT
server
Tengine
etag
"c042cc3f226c7eae2c4ed28a3385bd06"
access-control-max-age
604800
access-control-allow-methods
GET, HEAD
content-type
video/mp2t
access-control-allow-origin
*
cache-control
max-age=1209600
x-proxy-cache
HIT
accept-ranges
bytes
x-amz-cf-id
sFrj5Y5JVlr2ScJzv4MxXeoLqXYdMI0i6BMBqgMRwgp3OL4RxzfRDg==
expires
Mon, 22 Nov 2021 09:56:07 GMT
GS.d
js.cookieless-data.com/ Frame 2253 		0
535 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.cookieless-data.com/GS.d?pa=24492&cmp=0&si=1&u=https%3A%2F%2Fs.e-planning.net%2Fesb%2F4%2F0%2F1992d%2Fbb6e7a161f794f56%2Fsirdata_03022021.html&r=https%3A%2F%2Fads.us.e-planning.net%2F&s=&rand=1636365367046
Requested by
Host: s.e-planning.net
URL: https://s.e-planning.net/esb/4/0/1992d/bb6e7a161f794f56/sirdata_03022021.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.158.29.13 Paris, France, ASN12876 (Online SAS, FR),
Reverse DNS
51-158-29-13.rev.poneytelecom.eu
Software
nginx/1.11.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains; preload
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://s.e-planning.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
nginx/1.11.3
Strict-Transport-Security
max-age=15724800; includeSubDomains; preload
P3p
CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
0
X-Xss-Protection
0
Expires
Tue, 01 Jan 2000 00:00:00 GMT
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame A236
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D108%26tpuid%3D%5BMM_UUID%5D&uid=afc4dca470d851bc36229f4...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=116e6188-f436-4e00-b748-983ff3724c10&gdpr=0&gdpr_consent=
49 B
563 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=116e6188-f436-4e00-b748-983ff3724c10&gdpr=0&gdpr_consent=
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.193.208.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-208-211.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
MT3 4067 88cc6bf master zrh-pixel-x25 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=108&tpuid=116e6188-f436-4e00-b748-983ff3724c10&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 09:56:06 GMT
khaos.jpg
token.rubiconproject.com/ Frame 9891 		284 B
536 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://token.rubiconproject.com/khaos.jpg?
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
284
X-RPHost
a66cbf3142c6ef39e3614b84a34262cf
Content-Type
image/jpg
img
ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/ Frame A236
Redirect Chain
  • https://adscale-emea.adnxs.com/getuid?https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37ac5138d2d167321d%2F1636365366797%2F0%2Fimg%3Ftpid%3D75%26tpuid%3D%24UID&gdpr=0
  • https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/img?tpid=75&tpuid=845234657020092272&gdpr=0
49 B
572 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/img?tpid=75&tpuid=845234657020092272&gdpr=0
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.193.208.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-208-211.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
X-Proxy-Origin
95.174.64.203; 95.174.64.203; 887.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
014e2aee-6874-43fc-baad-e38900f01183
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/img?tpid=75&tpuid=845234657020092272&gdpr=0
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
us
sync.go.sonobi.com/ Frame F07C 		0
478 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsonobi%26uid%3D%5BUID%5D
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
setuid
sync.quantumdex.io/ Frame F07C
Redirect Chain
  • https://sync.1rx.io/usersync2/rmphb?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3D%5BRX_UUID%5D
  • https://x.bidswitch.net/sync?ssp=adconductor&user_id=RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003&rndcb=2881287287
  • https://x.bidswitch.net/ul_cb/sync?ssp=adconductor&user_id=RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003&rndcb=2881287287
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=adconductor&bsw_param=f7fae9b2-873f-4bef-938d-c40df8f159e7&google_hm=ZjdmYWU5YjItODczZi00YmVmLTkzOGQtYzQwZGY4ZjE1...
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEJgwKJ4XhRTN8zMUrIWkTKU&google_cver=1&ssp=adconductor&bsw_param=f7fae9b2-873f-4bef-938d-c40df8f159e7
  • https://sync.1rx.io/usersync/bidswitch/f7fae9b2-873f-4bef-938d-c40df8f159e7?gdpr=&gdpr_consent=
  • https://sync.targeting.unrulymedia.com/csync/RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003?redir=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dunruly%26uid%3DRX-fd7553de-fd63-4482-93c8-11a50ca...
  • https://sync.quantumdex.io/setuid?bidder=unruly&uid=RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.quantumdex.io/setuid?bidder=unruly&uid=RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aadedfafe350f82-MXP
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

location
https://sync.quantumdex.io/setuid?bidder=unruly&uid=RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003
date
Mon, 08 Nov 2021 09:56:07 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RXfd7553defd63448293c811a50ca786bb003
content-type
text/html
setuid
sync.quantumdex.io/ Frame F07C
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58424/occ
  • https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-0JMbv2VE2uExf9J4SsFS8jDzzvg06RXHoOOXUGA-~A
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-0JMbv2VE2uExf9J4SsFS8jDzzvg06RXHoOOXUGA-~A
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aadedf9ab250f82-MXP
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

location
https://sync.quantumdex.io/setuid?bidder=verizon-display&uid=y-0JMbv2VE2uExf9J4SsFS8jDzzvg06RXHoOOXUGA-~A
date
Mon, 08 Nov 2021 09:56:07 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
1.gif
id5-sync.com/c/495/0/0/ Frame F07C
Redirect Chain
  • https://id5-sync.com/i/495/0.gif?callback=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dinmobi%26uid%3D%7BID5UID%7D
  • https://id5-sync.com/c/495/0/0/1.gif?gdpr=1&gdpr_consent=
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id5-sync.com/c/495/0/0/1.gif?gdpr=1&gdpr_consent=
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
HTTP/1.1
Server
51.89.42.86 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
p26.id5-sync.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 09:56:22 GMT
Transfer-Encoding
chunked
Content-Type
image/gif;charset=UTF-8
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
P3P
CP="CAO PSA OUR"

Redirect headers

Location
https://id5-sync.com/c/495/0/0/1.gif?gdpr=1&gdpr_consent=
Date
Mon, 08 Nov 2021 09:56:21 GMT
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
P3P
CP="CAO PSA OUR"
setuid
sync.quantumdex.io/ Frame F07C
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dappnexus%26uid%3D%24UID
  • https://sync.quantumdex.io/setuid?bidder=appnexus&uid=845234657020092272
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=845234657020092272
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aadedfa0c060f82-MXP
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
X-Proxy-Origin
95.174.64.203; 95.174.64.203; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
9e060e30-2cb8-4dc7-8dfa-471a1eea2c5a
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.quantumdex.io/setuid?bidder=appnexus&uid=845234657020092272
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
setuid
sync.quantumdex.io/ Frame F07C
Redirect Chain
  • https://match.sharethrough.com/FGMrCMMc/v1?redirectUri=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dsharethrough%26uid%3D%24UID
  • https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=fb53d013-07a5-4577-ac61-24465c7bd8e4
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=fb53d013-07a5-4577-ac61-24465c7bd8e4
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aadedfa3c5a0f82-MXP
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

location
https://sync.quantumdex.io/setuid?bidder=sharethrough&uid=fb53d013-07a5-4577-ac61-24465c7bd8e4
date
Mon, 08 Nov 2021 09:56:07 GMT
content-length
0
setuid
sync.quantumdex.io/ Frame F07C
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Danswermedia%26uid%3D%24UID
  • https://sync.quantumdex.io/setuid?bidder=answermedia&uid=845234657020092272
43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=845234657020092272
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Server
2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aadedfa1c130f82-MXP
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
X-Proxy-Origin
95.174.64.203; 95.174.64.203; 728.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
b9de4f83-c0ec-4e9b-866b-1e97ef107606
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://sync.quantumdex.io/setuid?bidder=answermedia&uid=845234657020092272
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
um
sync.e-planning.net/ Frame F07C 		42 B
103 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.e-planning.net/um?dc=bcf310d1654d268f&iss=1&uid=d31fc849-2dce-4a3d-96ff-d92412bd3a2c
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
5.178.65.245 Woerden, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://sync.quantumdex.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
server
openresty
content-type
image/gif
uc.html
sync.go.sonobi.com/ Frame 345F 		43 B
555 B 		Document
General
Check archive.org
Download Go to
Full URL
https://sync.go.sonobi.com/uc.html?pubid=4d443a3ea2
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.162.133.149 Rotterdam, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS
ams-1-sync.go.sonobi.com
Software
sonobi-go /
Resource Hash
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://sync.quantumdex.io/

Response headers

Date
Mon, 08 Nov 2021 09:56:07 GMT
Content-Type
text/html
Transfer-Encoding
chunked
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control
no-cache, no-store, private
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma
no-cache
Tcn
Choice
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-129
X-Xss-Protection
0
Content-Encoding
gzip
Server
sonobi-go
usermatch
ssum-sec.casalemedia.com/ Frame 3221 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
30ba4bfc42454eaf143cb6f62250840e3f05a5f456e63075b63c32647511c5be

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://sync.quantumdex.io/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
46|73|4|130|13|123|190|88
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1602
Expires
Mon, 08 Nov 2021 09:56:07 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Connection
keep-alive
/
onetag-sys.com/usync/ Frame C44B 		2 KB
823 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=2bb78272a859ca6
Requested by
Host: sync.quantumdex.io
URL: https://sync.quantumdex.io/usersync/e-planning
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip253.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://sync.quantumdex.io/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
ads
pagead2.googlesyndication.com/gampad/ Frame C77E 		136 B
656 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/gampad/ads?iu=%2F21734706084%2C22144266561%2Fworldintersportsnetwork&description_url=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&env=vp&correlator=3950963762466354&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=1x1&unviewed_position_start=1&cust_params=prmsig%3Dtnlubl&sdkv=h.3.487.0&osd=2&frm=0&vis=1&sdr=1&hl=en&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&u_so=l&ctv=0&gdpr=1&gdpr_consent=tcunavailable&addtl_consent=1~&sdki=44d&adk=131214266&sdk_apis=2%2C8&sid=B8F55CFC-DBC8-4B97-B9B5-9DAB8160C8D6&eid=44750820&url=https%3A%2F%2Fwin.gg%2Fnews%2Fhas-corpse-husband-ever-shown-his-face-question-mark-we-investigate%2F&dlt=1636365365319&idt=1534&dt=1636365367228&scor=1800303211284872&ged=ve4_td2_tt0_pd2_la2000_er964.-2757.1117.-2457_vi0.0.1200.1600_vp0_eb16491
Requested by
Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.487.0_en.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
106b39f48e91ecd4e58145357095e1014ceba98a7b71c81e2a9388a36be77732
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://imasdk.googleapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
98
x-xss-protection
0
google-lineitem-id
-2
pragma
no-cache
server
cafe
google-creative-id
-2
content-type
text/html; charset=UTF-8
access-control-allow-origin
https://imasdk.googleapis.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
getuid
secure.adnxs.com/ Frame 3221 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.14 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
730.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB
pr-bh.ybp.yahoo.com/sync/casale/ Frame 3221 		43 B
873 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB?gdpr_consent=&us_privacy=&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3605:15eb:8f8e:fe0:229e Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff
rum
dsum-sec.casalemedia.com/ Frame 3221
Redirect Chain
  • https://ad.turn.com/r/cs?pid=21&gdpr=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3988650457849312171
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3988650457849312171
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 09:56:07 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=3988650457849312171
pragma
no-cache
date
Mon, 08 Nov 2021 09:56:06 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame 3221
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1
  • https://match.prod.bidr.io/cookie-sync/ie?gdpr=1&_bee_ppp=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAFVok7DEegAABsJfHUO9Q&expiration=1637574967&gdpr=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAFVok7DEegAABsJfHUO9Q&expiration=1637574967&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 09:56:07 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAFVok7DEegAABsJfHUO9Q&expiration=1637574967&gdpr=1
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
indexexchange
sync.adotmob.com/cookie/ Frame 3221 		0
0
rum
dsum-sec.casalemedia.com/ Frame 3221
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=68
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=7Cuh5R7pSTZ4wy5TfIuoJl-uQMs
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=7Cuh5R7pSTZ4wy5TfIuoJl-uQMs
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 09:56:07 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=123&external_user_id=7Cuh5R7pSTZ4wy5TfIuoJl-uQMs
Date
Mon, 08 Nov 2021 09:56:07 GMT
Connection
keep-alive
Content-Length
122
Content-Type
text/html; charset=utf-8
getuid
ib.adnxs.com/ Frame 3221 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.50 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
728.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
rum
dsum-sec.casalemedia.com/ Frame 3221
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1
  • https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&gdpr=1&_test=YYj0NwADA7lHDQBG
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YYj0NwADA7lHDQBG&gdpr=1&_test=YYj0NwADA7lHDQBG
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YYj0NwADA7lHDQBG&gdpr=1&_test=YYj0NwADA7lHDQBG
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Mon, 08 Nov 2021 09:56:07 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 varnish
server
Varnish
x-timer
S1636365367.447171,VS0,VE0
x-served-by
cache-mxp6950-MXP
x-cache
HIT
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=YYj0NwADA7lHDQBG&gdpr=1&_test=YYj0NwADA7lHDQBG
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
setuid
sync.quantumdex.io/ Frame 3221 		43 B
95 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.quantumdex.io/setuid?bidder=ix&uid=YYj0NoqWajl63Okm9fiWUAAAAsYAAAAB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192922&cb=https%3A%2F%2Fsync.quantumdex.io%2Fsetuid%3Fbidder%3Dix%26uid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:2ac6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6aadedf9db9a0f82-MXP
content-length
43
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame A236
Redirect Chain
  • https://ssum.casalemedia.com/usermatchredir?s=183592&cb=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D63%26tpuid%3D__UID__&uid=d9a91467a9c567569ef1a3a19...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YYj0NoqWajl63Okm9fiWUAAA%26710
49 B
590 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YYj0NoqWajl63Okm9fiWUAAA%26710
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.193.208.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-208-211.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?gdpr=0&tpid=63&tpuid=YYj0NoqWajl63Okm9fiWUAAA%26710
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
309
Expires
Mon, 08 Nov 2021 09:56:07 GMT
img
ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/ Frame A236
Redirect Chain
  • https://track.adform.net/serving/cookie/match/?party=9&uid=9a7b7c77d16baa24c7f35ad7a3702ed4851ec2749b0470d9bd6ee708da6e6c79&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37ac5138...
  • https://track.adform.net/serving/cookie/match/?CC=1&party=9&uid=9a7b7c77d16baa24c7f35ad7a3702ed4851ec2749b0470d9bd6ee708da6e6c79&tpid=42&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f37a...
  • https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/img?tpid=42&gdpr=0&tpuid=5362326409740733592
49 B
599 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/img?tpid=42&gdpr=0&tpuid=5362326409740733592
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.193.208.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-208-211.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
server
nginx
location
https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/img?tpid=42&gdpr=0&tpuid=5362326409740733592
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
json
gum.criteo.com/sid/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwin.gg%2F&domain=win.gg&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::13 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
https://win.gg
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
strict-transport-security
max-age=31536000
access-control-allow-origin
https://win.gg
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1419
date
Mon, 08 Nov 2021 09:56:07 GMT
content-encoding
gzip
vary
Accept-Encoding
sid
mug.criteo.com/ Frame C8B1
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwin.gg%2F&domain=win.gg&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=tygo6nxHYUl3SVE4REpJL1pFcHoyMTJ6WHNOREVvSzFjVUJpTUxYT2NwcWxCOUJ3YjhLQ2RhN3RWUEZnYVdDYnV1WXFCcTM4a1V0R3JaNlNYaWRVb3NrRVZNVUw3U0lVSmZLZ3FsakVObjVFOWJtc1cvaWx2R290bnd4bV...
334 B
593 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=tygo6nxHYUl3SVE4REpJL1pFcHoyMTJ6WHNOREVvSzFjVUJpTUxYT2NwcWxCOUJ3YjhLQ2RhN3RWUEZnYVdDYnV1WXFCcTM4a1V0R3JaNlNYaWRVb3NrRVZNVUw3U0lVSmZLZ3FsakVObjVFOWJtc1cvaWx2R290bnd4bVJNRmY2VzJVNDZaaU1KTWNrK0pqWE80NDdrMEhGM1hRZlVPRDdjdHpaY2t3ckREblZHKy9FRGxCMG5hUTQwb0dsRTcyMjZhRG1DcWM3cXdIeUp2T3V2SDNjRVJNWDVMK3FJYU13aE1nbEZCU1JNSnFPenZVPXw&cppv=2
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
b238f7b9d2394cf4a3686735e13dba96f74720c0a6905303b699ac7fc1564d95
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Mon, 08 Nov 2021 09:56:06 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2340
expires
0

Redirect headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Mon, 08 Nov 2021 09:56:07 GMT
location
https://mug.criteo.com/sid?cpp=tygo6nxHYUl3SVE4REpJL1pFcHoyMTJ6WHNOREVvSzFjVUJpTUxYT2NwcWxCOUJ3YjhLQ2RhN3RWUEZnYVdDYnV1WXFCcTM4a1V0R3JaNlNYaWRVb3NrRVZNVUw3U0lVSmZLZ3FsakVObjVFOWJtc1cvaWx2R290bnd4bVJNRmY2VzJVNDZaaU1KTWNrK0pqWE80NDdrMEhGM1hRZlVPRDdjdHpaY2t3ckREblZHKy9FRGxCMG5hUTQwb0dsRTcyMjZhRG1DcWM3cXdIeUp2T3V2SDNjRVJNWDVMK3FJYU13aE1nbEZCU1JNSnFPenZVPXw&cppv=2
access-control-allow-methods
GET
content-type
text/html; charset=utf-8
access-control-allow-origin
https://win.gg
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2017
content-length
482
expires
0
212.json
id5-sync.com/g/v2/ Frame C8B1 		213 B
524 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id5-sync.com/g/v2/212.json
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
51.89.42.86 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
p26.id5-sync.com
Software
/
Resource Hash
79a869051b710d637d41dccf75f21b67399615e4ecc81fa665912a36011fabe4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

Access-Control-Allow-Origin
https://win.gg
Date
Mon, 08 Nov 2021 09:56:22 GMT
Access-Control-Allow-Credentials
true
Vary
Origin
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Type
application/json;charset=UTF-8
id
id.crwdcntrl.net/ Frame C8B1 		154 B
526 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://id.crwdcntrl.net/id
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.14.23 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-14-23.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
d4b94a0b34b2853994bc87e953988f29c7ac1b47ad32e61a8cb8e40b5a216e46

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://win.gg
cache-control
no-cache
x-server
10.45.16.251
access-control-allow-credentials
true
content-type
application/json;charset=utf-8
content-length
154
expires
0
rid
match.adsrvr.org/track/ Frame C8B1 		108 B
657 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=j6w8ta9&fmt=json
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
feb904c32100f35aa735defd1402510a06a81bb1d8e1d4cfa79150ba0c0278cb

Request headers

Referer
https://win.gg/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://win.gg
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
108
expires
Wed, 08 Dec 2021 09:56:07 GMT
pd
u.openx.net/w/1.0/ Frame 16F5 		668 B
719 B 		Document
General
Check archive.org
Download Go to
Full URL
https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
b104e5c824697b5c886b14becd2e8442a4e74417dd25e5b44f25ef54899ea75a

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/

Response headers

vary
Accept, Accept-Encoding
server
OXGW/16.218.0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Mon, 08 Nov 2021 09:56:07 GMT
content-type
text/html
content-length
415
content-encoding
gzip
via
1.1 google
alt-svc
clear
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 2784 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=156595&gdpr=1&gdpr_consent=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-233-180.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/

Response headers

last-modified
Tue, 15 Jun 2021 06:08:03 GMT
etag
"1300708-3945-5c4c7cc02bd56"
server
Apache/2.2.15 (CentOS)
accept-ranges
bytes
content-encoding
gzip
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
5054
content-type
text/html; charset=UTF-8
cache-control
max-age=157519
expires
Wed, 10 Nov 2021 05:41:26 GMT
date
Mon, 08 Nov 2021 09:56:07 GMT
vary
Accept-Encoding
usync.html
eus.rubiconproject.com/ Frame 89F4 		281 B
554 B 		Document
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.5.18.0_2.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.117.200.100 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-200-100.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 26 Oct 2021 17:01:05 GMT
ETag
"40019-119-5cf446c48f640"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Mon, 08 Nov 2021 09:56:07 GMT
Connection
keep-alive
Vary
Accept-Encoding
91e8b24c4ecf5c510bb80bb9bee8244&gdpr=0&gdpr_consent=
pr-bh.ybp.yahoo.com/sync/stickyads/ Frame C8B1
Redirect Chain
  • https://ads.stickyadstv.com/auto-user-sync?gdpr=1&gdpr_consent=
  • https://1f2e7.v.fwmrm.net/ad/u?_dv=2&dsp_user_mapping=true&127719=91e8b24c4ecf5c510bb80bb9bee8244&rdU=https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D1169%26userId%3d%23%7bu...
  • https://ads.stickyadstv.com/user-registering?dataProviderId=1169&userId=a101_7028135735572477205
  • https://cm.g.doubleclick.net/pixel?google_nid=stickyxchange_dbm&google_cm=&google_sc&google_hm=OTFlOGIyNGM0ZWNmNWM1MTBiYjgwYmI5YmVlODI0NA==&gdpr=0&gdpr_consent=
  • https://ads.stickyadstv.com/user-registering?dataProviderId=141&userId=CAESEMjaMY-DkkCMxWa1QtbftAs&google_cver=1&gdpr=0&gdpr_consent=
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=stickyads&ttd_tpi=1&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent=
  • https://ads.stickyadstv.com/user-registering?dataProviderId=208&userId=9954d0a5-3bda-4478-a00d-7a44ba5cedad
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.stickyadstv.com%2Fuser-registering%3FdataProviderId%3D209&gdpr=0&gdpr_consent=%26userId%3D$UID
  • https://ads.stickyadstv.com/user-registering?dataProviderId=209&gdpr=0&gdpr_consent=&userId=845234657020092272
  • https://pr-bh.ybp.yahoo.com/sync/stickyads/91e8b24c4ecf5c510bb80bb9bee8244&gdpr=0&gdpr_consent=?gdpr=0&gdpr_consent=
43 B
322 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pr-bh.ybp.yahoo.com/sync/stickyads/91e8b24c4ecf5c510bb80bb9bee8244&gdpr=0&gdpr_consent=?gdpr=0&gdpr_consent=
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Server
2a05:d018:d29:3605:15eb:8f8e:fe0:229e Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:08 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
content-type
image/gif
x-xss-protection
1; mode=block
content-length
43
x-content-type-options
nosniff

Redirect headers

Pragma
no-cache
Date
Mon, 08 Nov 2021 09:56:08 GMT
Server
nginx
Access-Control-Allow-Origin
*
Location
https://pr-bh.ybp.yahoo.com/sync/stickyads/91e8b24c4ecf5c510bb80bb9bee8244&gdpr=0&gdpr_consent=?gdpr=0&gdpr_consent=
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
x-sticky-vk
1636365368321058-419
Expires
Mon, 08 Nov 2021 09:56:08 GMT
sync
ups.analytics.yahoo.com/ups/55953/ Frame C8B1
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adaptv&ttd_tpi=1
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=9954d0a5-3bda-4478-a00d-7a44ba5cedad&_origin=1&gdpr=1&gdpr_consent=
0
15 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55953/sync?uid=9954d0a5-3bda-4478-a00d-7a44ba5cedad&_origin=1&gdpr=1&gdpr_consent=
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ups.analytics.yahoo.com/ups/55953/sync?uid=9954d0a5-3bda-4478-a00d-7a44ba5cedad&_origin=1&gdpr=1&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
267
m7y5t93k
sync-tm.everesttech.net/upi/pid/ Frame C8B1 		85 B
236 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync-tm.everesttech.net/upi/pid/m7y5t93k?gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fpixel.advertising.com%2Fups%2F55986%2Fsync%3Fuid%3D%24%7BUSER_ID%7D%26_origin%3D0&gdpr=1&gdpr_consent=
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Jetty(9.4.35.v20201120) /
Resource Hash
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 varnish
server
Jetty(9.4.35.v20201120)
x-timer
S1636365368.570193,VS0,VE98
x-served-by
cache-mxp6950-MXP
x-cache
MISS
p3p
CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
access-control-allow-origin
*
cache-control
no-cache
accept-ranges
bytes
content-type
image/png
content-length
85
x-cache-hits
0
sync
ups.analytics.yahoo.com/ups/57304/ Frame C8B1
Redirect Chain
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true
  • https://pixel.advertising.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/57304/sync?gdpr=&gdpr_consent=&_origin=0&redir=true&apid=UP181ffd8b-407a-11ec-adf7-02cc138d7c5c
  • https://cm.g.doubleclick.net/pixel?google_nid=adaptv_dbm&google_cm&google_hm=VVAxODFmZmQ4Yi00MDdhLTExZWMtYWRmNy0wMmNjMTM4ZDdjNWM%3D
  • https://pixel.advertising.com/ups/57304/sync?uid=CAESEIReJfIlcVXOw4RP-o1nYt4&google_cver=1
  • https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEIReJfIlcVXOw4RP-o1nYt4&google_cver=1&apid=UP181ffd8b-407a-11ec-adf7-02cc138d7c5c
0
20 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEIReJfIlcVXOw4RP-o1nYt4&google_cver=1&apid=UP181ffd8b-407a-11ec-adf7-02cc138d7c5c
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/57304/sync?uid=CAESEIReJfIlcVXOw4RP-o1nYt4&google_cver=1&apid=UP181ffd8b-407a-11ec-adf7-02cc138d7c5c
date
Mon, 08 Nov 2021 09:56:07 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame A236
Redirect Chain
  • https://dis.criteo.com/dis/usersync.aspx?r=17&p=32&cp=adscale&url=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D40%26tpuid%3D%40%40CRITEO_USERID%40%40&u...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=f0470e5e-df45-4cb5-b3ba-2b2d3eebc957&gdpr=0
49 B
621 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=f0470e5e-df45-4cb5-b3ba-2b2d3eebc957&gdpr=0
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.193.208.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-208-211.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:06 GMT
server
Kestrel
x-errorlevel
0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=40&tpuid=f0470e5e-df45-4cb5-b3ba-2b2d3eebc957&gdpr=0
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
1619163
content-length
0
expires
Mon, 08 Nov 2021 00:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 16F5
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=5&redir=https%3A%2F%2Feu-u.openx.net%2Fw%2F1.0%2Fsd%3Fid%3D536872786%26val%3D%5BMM_UUID%5D
  • https://eu-u.openx.net/w/1.0/sd?id=536872786&val=116e6188-f436-4e00-b748-983ff3724c10
43 B
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=116e6188-f436-4e00-b748-983ff3724c10
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
MT3 4067 88cc6bf master zrh-pixel-x27 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://eu-u.openx.net/w/1.0/sd?id=536872786&val=116e6188-f436-4e00-b748-983ff3724c10
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 09:56:06 GMT
sd
us-u.openx.net/w/1.0/ Frame 16F5
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-25CIknq_eSg16.gif?idmatch=0&gdpr=1
  • https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=8nI0rKJ3P6PpITmn_SUh9fxwPPDpdDuspXEZ3EJk
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=8nI0rKJ3P6PpITmn_SUh9fxwPPDpdDuspXEZ3EJk
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://us-u.openx.net/w/1.0/sd?id=537072956&gdpr=1&val=8nI0rKJ3P6PpITmn_SUh9fxwPPDpdDuspXEZ3EJk
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
sd
eu-u.openx.net/w/1.0/ Frame 16F5
Redirect Chain
  • https://c1.adform.net/serving/cookie/match?party=22
  • https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5362326409740733592
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5362326409740733592
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
server
nginx
location
https://eu-u.openx.net/w/1.0/sd?id=537113484&val=5362326409740733592
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
openx
match.adsrvr.org/track/cmf/ Frame 16F5 		70 B
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/openx?oxid=504298e9-96c9-74fb-c733-44e075e5d338&gdpr=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pixel
cm.g.doubleclick.net/ Frame 16F5 		170 B
188 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=N2MyZDRiMjMtNWZiZS0yYTVmLWQyZDMtMWU1OWJmMDcxZDU4
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 16F5
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK828labqsyijjqMT93jtaE&google_cver=1
43 B
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK828labqsyijjqMT93jtaE&google_cver=1
Requested by
Host: u.openx.net
URL: https://u.openx.net/w/1.0/pd?gdpr=1&gdpr_consent=
Protocol
H2
Server
34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/16.218.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://u.openx.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
via
1.1 google
server
OXGW/16.218.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
clear
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK828labqsyijjqMT93jtaE&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame 89F4 		32 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.117.200.100 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-117-200-100.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
4ac95c59a70b7c78d9dcfce05d1dcfd512e8f083d1525cf5d34ee3f57bf8e325

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?gdpr=1&gdpr_consent=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 08 Nov 2021 09:56:07 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Nov 2021 21:03:19 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=83680
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9506
Expires
Tue, 09 Nov 2021 09:10:47 GMT
sid
mug.criteo.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://mug.criteo.com/sid?cpp=tygo6nxHYUl3SVE4REpJL1pFcHoyMTJ6WHNOREVvSzFjVUJpTUxYT2NwcWxCOUJ3YjhLQ2RhN3RWUEZnYVdDYnV1WXFCcTM4a1V0R3JaNlNYaWRVb3NrRVZNVUw3U0lVSmZLZ3FsakVObjVFOWJtc1cvaWx2R290bnd4bVJNRmY2VzJVNDZaaU1KTWNrK0pqWE80NDdrMEhGM1hRZlVPRDdjdHpaY2t3ckREblZHKy9FRGxCMG5hUTQwb0dsRTcyMjZhRG1DcWM3cXdIeUp2T3V2SDNjRVJNWDVMK3FJYU13aE1nbEZCU1JNSnFPenZVPXw&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type
Origin
null
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
content-type
application/json; charset=utf-8
expires
0
strict-transport-security
max-age=31536000
access-control-allow-origin
null
access-control-allow-headers
content-type
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
1088
date
Mon, 08 Nov 2021 09:56:07 GMT
content-encoding
gzip
vary
Accept-Encoding
img
ih.adscale.de/sium/429371437437189942/1437437190794/0/ Frame A236
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=26&redir=https%3A%2F%2Fih.adscale.de%2Fsium%2F429371437437189942%2F1437437190794%2F0%2Fimg%3Ftpid%3D39%26tpuid%3D%5BMM_UUID%5D&uid=47d32aa039bac7147d71e433...
  • https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=116e6188-f436-4e00-b748-983ff3724c10&gdpr=0&gdpr_consent=
49 B
642 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=116e6188-f436-4e00-b748-983ff3724c10&gdpr=0&gdpr_consent=
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.193.208.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-208-211.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
p3p
CP=NOI PSA OUR
content-length
49
content-type
image/gif

Redirect headers

Date
Mon, 08 Nov 2021 09:56:07 GMT
Server
MT3 4067 88cc6bf master zrh-pixel-x9 config:1.0.0
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ih.adscale.de/sium/429371437437189942/1437437190794/0/img?tpid=39&tpuid=116e6188-f436-4e00-b748-983ff3724c10&gdpr=0&gdpr_consent=
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Mon, 08 Nov 2021 09:56:06 GMT
js
ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/ Frame A236
Redirect Chain
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=8072093137ab4dbee2a7bc86ffbd460f1eea68789ea533fd6878801780cddd9b&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f...
  • https://tracking.m6r.eu/sync/adscaleRedirect?gdprFallback=true&uid=8072093137ab4dbee2a7bc86ffbd460f1eea68789ea533fd6878801780cddd9b&tpid=48&cburl=https%3A%2F%2Fih.adscale.de%2Fsium%2F2e8dd39423634f...
  • https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/js?tpid=48&tpuid=ac8714ddb19f0ee02b92ef57f200d052
44 B
587 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/js?tpid=48&tpuid=ac8714ddb19f0ee02b92ef57f200d052
Requested by
Host: ih.adscale.de
URL: https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Protocol
H2
Server
18.193.208.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-208-211.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
141cf9b243d4032cbf2323028698a0be7b15eb42a2bb46092654bf8df267c0f0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://ih.adscale.de/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:08 GMT
p3p
CP=NOI PSA OUR
content-length
44
content-type
text/javascript

Redirect headers

Date
Mon, 08 Nov 2021 09:56:08 GMT
Server
nginx
Vary
Accept
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location
https://ih.adscale.de/sium/2e8dd39423634f37ac5138d2d167321d/1636365366797/0/js?tpid=48&tpuid=ac8714ddb19f0ee02b92ef57f200d052
Connection
close
Content-Type
text/plain; charset=utf-8
Content-Length
147
liveView.php
live.primis.tech/live/ 		0
226 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTM2JaNypaZypyRcoWU9MTYmNwM2NTM2NSZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTA0NwY5JaN0YT0jJat9NmUjJax9NDI0JaZcZF9jYXNmRG9gYWyhPXqcov5aZlZmqWJJZD13nW4hZ2pzZGVvqWqJozZipz1uqGyiow0znXNBpHA9MCZ1p2VlSXBBZGRlPTx1LwE3NC42NC4lMDMzqXNypyVBPU1irzyfoGEyMxY1LwAyMwAyMwuXnW5xo3qmJTIjTyQyMwAkMC4jJTNCJTIjV2yhNwQyM0IyMwB4NwQyMwxyMwBBpHBfZVqyYxgcqCUlRwUmNl4mNvUlMCUlOEgIVE1MJTJDJTIjoGyeZSUlMEqyY2giJTI5JTIjQ2ulo21yJTJGODxhMC40Mmt5LwplJTIjU2FzYXJcJTJGNTM3LwM2JzNmqXVcZD02MTt4ZwQmNTYmNGY2JzNioaRyoaRGnWkySWQ9MCZgZWRcYVBfYXyMnXN0SWQ9MCZgZWRcYUkcp3RJZD0jJzqxpHI9MSZaZHBlQ29hp2VhqD0znXNXZVBup3NHZHBlPTAzY2NjYT0jJzNwpGFDo25mZW50PSZwYaVmqGVlPTE2MmYmNwUmNwp4MTtzqWyxPVNyn2yhZG9TUGkurWVlNwE4OGY0MmU4N2M5YSZjqWJVpzj9nHR0pHMyM0EyMxYyMxZ3nW4hZ2pyMxZhZXqmJTJGnGFmLWNipaBmZS1bqXNvYW5xLWV2ZXIgp2uiq24gnGymLWZuY2UgpXVyp3Rco24goWFlnl13ZS1coaZyp3RcZ2F0ZSUlRvZzoG9uqFN0YXR1pm1zYWkmZSZynWRmpD1jpzVvnWQ=
Requested by
Host: win.gg
URL: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.220.204.220 Amsterdam, Netherlands, ASN41436 (CLOUDWEBMANAGE-EU, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://win.gg/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 08 Nov 2021 09:56:07 GMT
content-encoding
gzip
server
nginx
age
0
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin
*
cache-control
no-store
content-type
text/html; charset=UTF-8
user
ads3.admatic.com.tr/ Frame E93A
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=admatic
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=admatic&bsw_custom_parameter=f7fae9b2-873f-4bef-938d-c40df8f159e7
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=admatic&bsw_custom_parameter=f7fae9b2-873f-4bef-938d-c40df8f159e7
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=bcc7969b-b386-473c-9afb-992de47ff0ad&ssp=admatic&expires=30&user_group=5&bsw_param=f7fae9b2-873f-4bef-938d-c40df8f159e7
  • https://ads4.admatic.com.tr/showad/px/ums/sync/bsw?bsw_uuid=f7fae9b2-873f-4bef-938d-c40df8f159e7&dsp_uuid=&dsp_id=
  • https://ads3.admatic.com.tr/user?bsw_uuid=f7fae9b2-873f-4bef-938d-c40df8f159e7&dsp_uuid=&dsp_id=
35 B
82 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads3.admatic.com.tr/user?bsw_uuid=f7fae9b2-873f-4bef-938d-c40df8f159e7&dsp_uuid=&dsp_id=
Requested by
Host: s.console.adtarget.com.tr
URL: https://s.console.adtarget.com.tr/sync.html?aid=556966
Protocol
H2
Server
188.132.147.227 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
static-227-147-132-188.sadecehosting.net
Software
AdMatic / AdMatic
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://cdn.admatic.com.tr/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Mon, 08 Nov 2021 09:56:07 GMT
server
AdMatic
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
x-powered-by
AdMatic
content-type
image/gif
cache-control
no-cache
timing-allow-origin
*
content-length
35

Redirect headers

timing-allow-origin
*
date
Mon, 08 Nov 2021 09:56:07 GMT
location
https://ads3.admatic.com.tr/user?bsw_uuid=f7fae9b2-873f-4bef-938d-c40df8f159e7&dsp_uuid=&dsp_id=
x-powered-by
AdMatic
access-control-max-age
86400
access-control-allow-methods
GET, POST
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
https://cdn.admatic.com.tr
cache-control
no-cache
access-control-allow-credentials
true
content-type
text/html; charset=utf-8
access-control-allow-headers
Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
content-length
221
sium
ih.adscale.de/ Frame A236 		0
190 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ih.adscale.de/sium
Requested by
Host: js.adscale.de
URL: https://js.adscale.de/match.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.193.208.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-193-208-211.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ih.adscale.de/map?format=display&ssl=1&ref=https%3A%2F%2Fs.console.adtarget.com.tr%2F&gdpr=0
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://ih.adscale.de
date
Mon, 08 Nov 2021 09:56:08 GMT
access-control-allow-credentials
true
access-control-allow-headers
x-openrtb-version
content-length
0
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api-images.win.gg
URL
https://api-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/pathfinders-voice-actor-on-working-apex-legends-next-respawn-game.jpg
Domain
sync.console.adtarget.com.tr
URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=502624&extuid=${USER_ID}
Domain
sync.console.adtarget.com.tr
URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=307080&extuid=kmDPZth0VZqYMBjLduFX&pi=admatic&tc=1
Domain
sync.console.adtarget.com.tr
URL
https://sync.console.adtarget.com.tr/csync?redir=
Domain
cs.admanmedia.com
URL
https://cs.admanmedia.com/sync/eplanning?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D227acb3d18564968%26fi%3D2728411cce617bb8%26uid%3D%7B%24UID%7D
Domain
sync.console.adtarget.com.tr
URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=307565&extuid=7e9bbb5efcf2448e980c068d45512089
Domain
sync.console.adtarget.com.tr
URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=314221&extuid=MQf34twX3MRbLW4QMGQZafcXsMbC45f8YGZCvzpF4YgOGaAuN6AJnMQaENdp0VgbbvBs3zGKE5652H2Z9NwmvA
Domain
sync.console.adtarget.com.tr
URL
https://sync.console.adtarget.com.tr/csync?t=a&ep=307442&extuid=ANTDjccfZc81qu4J
Domain
sync.adotmob.com
URL
https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d&gdpr=1

Verdicts & Comments Add Verdict or Comment

231 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler function| __tcfapi object| __ez boolean| ezoicTestActive object| _ezaq object| _ezim_d object| _ezat string| gtm4wp_datalayer_name object| dataLayer boolean| gtm4wp_scrollerscript_debugmode number| gtm4wp_scrollerscript_callbacktime number| gtm4wp_scrollerscript_readerlocation string| gtm4wp_scrollerscript_contentelementid number| gtm4wp_scrollerscript_scannertime object| _wpemojiSettings object| PDFObject function| $ function| jQuery object| st object| __stdos__ boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus function| __sharethis__docReady object| __sharethis__ number| gtm4wp_youtube_percentage_tracking object| gtm4wp_youtube_percentage_tracking_timeouts object| gtm4wp_youtube_percentage_tracking_marks object| tag object| firstScriptTag undefined| gtm4wp_err function| gtm4wp_onYouTubePlayerReady function| gtm4wp_onYouTubePlayerStateChange function| gtm4wp_onYouTubePlaybackQualityChange function| gtm4wp_onYouTubePlaybackRateChange function| gtm4wp_onYouTubeError function| gtm4wp_onYouTubeApiChange function| gtm4wp_onYouTubePercentageChange function| onYouTubeIframeAPIReady object| wpp_params object| WordPressPopularPosts object| misha_loadmore_params object| dataLayer_content boolean| __ez_conestreq object| adsbygoogle string| ezouid string| ezoTemplate string| ezoFormfactor object| ezo_elements_to_check string| soc_app_id number| did string| ezdomain number| ezoicSearchable function| create_ezolpl function| attach_ezolpl boolean| cmpIsOn object| ezConsentCategories object| __ezconsent function| ezConsentSettings object| paramMatch object| viewPortSize object| debugIp object| debugId number| sekindoDisplayedPlacement function| constructsekindoParent784 number| uidEvent object| bootstrap function| insert_ads_in_repeater function| insertParam object| wp function| b2a function| a2b function| ai_run_scripts function| ai_wait_for_jquery function| b64e function| b64d object| ai_front number| ai_jquery_waiting_counter undefined| Cookies function| AiCookies function| ai_check_block function| ai_check_and_insert_block function| ai_get_cookie_text function| ai_insert function| ai_insert_code function| ai_insert_list_code function| ai_insert_viewport_code function| ai_insert_code_by_class function| ai_insert_client_code boolean| ai_process_elements_active boolean| ai_tracking_finished boolean| ai_js_code boolean| __inScopeForCCPA function| __uspapi function| __receiveUspapiMessage object| ezRBA function| __ez_addAllListeners undefined| __ez_dims boolean| ezCanEngagePage object| cmpCookies object| __ezCmpConfig function| uglipop string| ezoScriptHost object| IL11ILILIIlLLLILILLLLIILLLIIL11111LLILiiLIliLlILlLiiLLIiILL string| ezobv object| ezomash function| ezbanger function| ezvt function| ezvb function| ezsr function| ezosethbbid function| ezosethbbids function| ezoSyncToDfp function| ezoGetDFPSlot function| ezGetSlotViewedTime function| formatBid function| adjustHbValues function| ezorefgsl function| ai_process_rotation function| ai_process_single_rotation function| ai_process_rotations function| ai_process_rotations_in_element function| ai_process_lists function| ai_process_ip_addresses function| ai_install_standard_click_trackers function| ai_install_click_trackers function| ai_process_impressions object| __ezcl object| twemoji function| ez_attachEvent function| ez_attachEventWithCapture function| ez_detachEvent function| ez_getQueryString function| __ezDotData object| ezux function| _ez_TOS_TrackEvent function| ezocfol number| netStartTime function| hashCode function| ezogetrqbykey function| ezorqs function| ezorqe function| _fEzDt object| metricNameMap function| ezlogVital object| _ezfd object| riveted number| ez_tos_track_count number| ez_last_activity_count function| ES6Promise function| EzoIvent function| _findOverlappingQuietPeriods function| _findNetworkQuietPeriods function| ezoFetchConst function| loadCSS object| webVitals number| indexKey function| EzoicMash object| ezoic_mash function| onmessagefunc function| SetSlotTargeting object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| google_tag_manager object| ct object| ezmt object| ezua object| ezuxgoals object| ezdent object| ezDenty object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| nunjucksPrecompiled object| ezCMP boolean| ai_ip_data_requested object| google_tag_data string| GoogleAnalyticsObject function| ga object| ORIBI object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportGELQueue_ object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingGelSequenceIdObj_ object| ytglobal object| ytPubsub2Pubsub2Instance object| ytPubsub2Pubsub2SubscribedKeys object| ytPubsub2Pubsub2TopicToKeys object| ytPubsub2Pubsub2IsAsync object| ytPubsub2Pubsub2SkipSubKey object| ytNetworklessLoggingInitializationOptions boolean| sekindoFlowingPlayerOn string| ai_ip_data object| ensBootstraps object| Bootstrapper object| gaplugins object| gaGlobal object| gaData object| freewheelssp_cache object| google_optimize number| google_global_correlator object| closure_lm_686838 function| arrive function| unbindArrive function| leave function| unbindLeave

124 Cookies

Domain/Path Name / Value
.win.gg/ Name: ezoadgid_255604
Value: -1
.win.gg/ Name: ezoref_255604
Value:
.win.gg/ Name: ezoab_255604
Value: mod12-c
.win.gg/ Name: ezopvc_255604
Value: 1
.win.gg/ Name: ezepvv
Value: 0
.win.gg/ Name: ezovid_255604
Value: 953777235
.win.gg/ Name: lp_255604
Value: https://win.gg/news/has-corpse-husband-ever-shown-his-face-question-mark-we-investigate/
.win.gg/ Name: ezovuuidtime_255604
Value: 1636365365
.win.gg/ Name: ezovuuid_255604
Value: 95f2e462-6c57-4a81-44eb-7cc151151620
.win.gg/ Name: ezCMPCCS
Value: false
.win.gg/ Name: ezosuigeneris-0
Value: 2bfbef86a0e0188cd2280f4a1112d50d
.win.gg/ Name: active_template::255604
Value: pub_site.1636365365
win.gg/ Name: ezds
Value: ffid%3D1%2Cw%3D1600%2Ch%3D1200
win.gg/ Name: ezohw
Value: w%3D1600%2Ch%3D1200
win.gg/ Name: ezouspvv
Value: 0
win.gg/ Name: ezouspva
Value: 0
.youtube.com/ Name: YSC
Value: DSofag6PLt0
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: FUSzo0oOurc
.openx.net/ Name: i
Value: 83eea7b0-3f4e-4b0c-9de5-8c0811c2e0c5|1636365365
.spotxchange.com/ Name: audience
Value: 171962b6-407a-11ec-b79a-16ae82d30406
win.gg/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.adnxs.com/ Name: uuid2
Value: 845234657020092272
.casalemedia.com/ Name: CMID
Value: YYj0NoqWajl63Okm9fiWUAAA
.casalemedia.com/ Name: CMPS
Value: 324
.win.gg/ Name: _gid
Value: GA1.2.1752130741.1636365366
.win.gg/ Name: _gat_UA-125662552-1
Value: 1
.casalemedia.com/ Name: CMPRO
Value: 710
ads.stickyadstv.com/ Name: UID
Value: 91e8b24c4ecf5c510bb80bb9bee8244
.win.gg/ Name: oribi_user_guid
Value: e2a30c82-7b20-d242-931e-e10f4f7bfd8e
.win.gg/ Name: oribi_session
Value: 423ed4d2-d90c-ff4b-9e75-222994ef82d3
.win.gg/ Name: _ga_916JLHZYLF
Value: GS1.1.1636365366.1.0.1636365366.60
.win.gg/ Name: _ga
Value: GA1.1.619682733.1636365366
.creativecdn.com/ Name: u
Value: kmDPZth0VZqYMBjLduFX
.creativecdn.com/ Name: ts
Value: 1636365366
ads.us.e-planning.net/ Name: CT
Value: 1
.e-planning.net/ Name: E
Value: ANTDjccfZc81qu4J
.adscale.de/ Name: uu
Value: 7e9bbb5efcf2448e980c068d45512089
.yahoo.com/ Name: A3
Value: d=AQABBDb0iGECEFVeKF1Lx0-VQCJW1eHwnZoFEgEBAQFFimGSYQAAAAAA_eMAAA&S=AQAAAk9UVKMqCuMj2IJ0Ib9DF2k
.ads3.admatic.com.tr/ Name: ARRAffinity
Value: 2e25d12d61a27898215929d22f53ea590a56c829be315653c07e15cae5cb3700
gw.oribi.io/ Name: bridge_sid_Xy0xODg1MDA0Nzk1
Value: 795dc8ec-d8ae-4489-af4f-ae922dbbd5db
gw.oribi.io/ Name: bridge_uid_Xy0xODg1MDA0Nzk1
Value: 0567c519-f554-407b-b0bb-aed86e1e2342
.adsrvr.org/ Name: TDID
Value: 9954d0a5-3bda-4478-a00d-7a44ba5cedad
.zeotap.com/ Name: zc
Value: 38d6b847-8611-4981-776c-da5a1f9ce866
.zeotap.com/ Name: zsc
Value: %3B%C3%5D%F8%A5%86%BF%B9%A2%86%C7v%A3d%8D9%86zo%5E%FD%28%B8%0C%CE%9F%B5%25%D2%B9%A3%0C%2AD%83%80%FD%3Ey%81%24%98%08%FC%0B%E4%8C%D86%C9%F5%09%E5%A7%DEb%8Bv%F8%E3%F9T%A1F%C9%0D%19%BC%82%82%FCr%2C%0Cs%A1%BC%E2%FD%9Dqi1%D2%D66%FD%E7%DDc%BF%02%AE%0C9%A7%10%DA%A1%92%C3x2%8E%83%B1%C2%DD%E74%CD%EA%F0wy%C8%DC9%01%E1%1A%A4%B7F%D3%D6I%E4W%1Bx%2APa%18y%DF%0F%DAC%C4%AA%E3%D1%16%CB%97Bt%A2B%0B%7D%B7%CF%81+%3D%7C%28%9F%09yP
.richaudience.com/ Name: avcid-zeo-uid
Value: 38d6b847-8611-4981-776c-da5a1f9ce866
.weborama.fr/ Name: AFFICHE_W
Value: z0-hQhTrbdTP64
.ibillboard.com/ Name: ibbid
Value: BBID-01-03110793670774975-16441020
.owneriq.net/ Name: si
Value: Q6896517671019144208
.owneriq.net/ Name: p2
Value: cc
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.tapad.com/ Name: TapAd_TS
Value: 1636365367038
.tapad.com/ Name: TapAd_DID
Value: 85b51a37-d0da-4891-9ae2-f1ed8dd3ff28
.casalemedia.com/ Name: CMST
Value: YYj0NmGI9DcA
.mathtag.com/ Name: uuid
Value: 116e6188-f436-4e00-b748-983ff3724c10
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003%22%7D
.doubleclick.net/ Name: IDE
Value: AHWqTUm6tx_fwY4klwuyn-O4EM60Fx41LMehtt9MGF8oRMY5-hJISCIjPh3zvcSxA-M
.simpli.fi/ Name: suid
Value: FCCED086B4E747BE9C03B5C0C75351B4
.demdex.net/ Name: demdex
Value: 73258897604003962834278498049206564074
.exelator.com/ Name: EE
Value: "12e25d445b5559b4fade0f312841b44e"
.quantumdex.io/ Name: uid
Value: d31fc849-2dce-4a3d-96ff-d92412bd3a2c
.dpm.demdex.net/ Name: dpm
Value: 73258897604003962834278498049206564074
.agkn.com/ Name: ab
Value: 0001%3ACCRirKA%2FGymibJNd0ZE3dFFtcwB2wjKO
.exelator.com/ Name: ud
Value: "eJxrXxzq6XKLQcHQKNXINMXExDTJ1NTUMskkLTEl1SDN2NDIwsQwycQkdXFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq0yMJySX5RZvoiz5DFRSlpDItKik8F76uvBQBqcCoD"
.krxd.net/ Name: _kuid_
Value: OeCJKqD1
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: 6d4ea94c07a4edc74a34b7ab495ea304
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4XmNQMEsxSU20NEk2ME80SU1JNjdJNDZJMk9MMrE0TU00NjBhAILEji%2FmIBoKAGldC08%3D"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4XmNgYGBI7PhiDqSgAAAaFQIV"
.bidswitch.net/ Name: tuuid
Value: f7fae9b2-873f-4bef-938d-c40df8f159e7
.bidswitch.net/ Name: c
Value: 1636365367
.bidswitch.net/ Name: tuuid_lu
Value: 1636365367
.id5-sync.com/ Name: cf
Value:
.id5-sync.com/ Name: cip
Value:
.id5-sync.com/ Name: cnac
Value:
.id5-sync.com/ Name: car
Value:
.id5-sync.com/ Name: gdpr
Value:
.id5-sync.com/ Name: id5
Value: 30e37fa9-1e8c-474f-9525-e9cb7cf4fcb8#1636365382374#1
.sharethrough.com/ Name: stx_user_id
Value: fb53d013-07a5-4577-ac61-24465c7bd8e4
.id5-sync.com/ Name: callback
Value:
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~YYj0NwADA7lHDQBG
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-fd7553de-fd63-4482-93c8-11a50ca786bb-003%22%7D
.turn.com/ Name: uid
Value: 3988650457849312171
.adform.net/ Name: C
Value: 1
.fwmrm.net/ Name: _uid
Value: "a101_7028135735572477205"
.adform.net/ Name: uid
Value: 5362326409740733592
.openx.net/ Name: pd
Value: v2|1636365367|gekin0vNiygu
ads.stickyadstv.com/ Name: sessionId
Value: 6b3ed32b8e2c2d44e81bbcca611a7c
.bidr.io/ Name: bito
Value: AAFVok7DEegAABsJfHUO9Q
.bidr.io/ Name: bitoIsSecure
Value: ok
win.gg/ Name: pbjs-unifiedid
Value: %7B%22TDID%22%3A%229954d0a5-3bda-4478-a00d-7a44ba5cedad%22%2C%22TDID_LOOKUP%22%3A%22TRUE%22%2C%22TDID_CREATED_AT%22%3A%222021-10-08T09%3A56%3A07%22%7D
win.gg/ Name: pbjs-unifiedid_last
Value: Mon%2C%2008%20Nov%202021%2009%3A56%3A07%20GMT
.win.gg/ Name: panoramaId_expiry
Value: 1636970167578
.win.gg/ Name: _cc_id
Value: 6d4ea94c07a4edc74a34b7ab495ea304
.win.gg/ Name: panoramaId
Value: 31140a791e507faa695e48138c5e4945a702944b665513ced073d6d78f280259
.choozle.com/ Name: chzdpsync
Value: eyJjaG9vemxlQ29va2llSWQiOiJiZWRlZGQxZS1iYzBhLTQyMDEtYWIwZC01YjY2M2RiOTM1YzQiLCJwcm92aWRlckNvb2tpZU1ldGEiOnsiT1JBQ0xFIjp7InByb3ZpZGVyIjoiT1JBQ0xFIiwicHJvdmlkZXJDb29raWVJZCI6IiRfQktfVVVJRCIsInByb3ZpZGVyUmVkaXJlY3RSZXF1ZXN0ZWQiOmZhbHNlLCJwcm92aWRlclJlZGlyZWN0U2VudCI6ZmFsc2V9LCJUVEQiOnsicHJvdmlkZXIiOiJUVEQiLCJwcm92aWRlckNvb2tpZUlkIjoiOTk1NGQwYTUtM2JkYS00NDc4LWEwMGQtN2E0NGJhNWNlZGFkIiwicHJvdmlkZXJSZWRpcmVjdFJlcXVlc3RlZCI6ZmFsc2UsInByb3ZpZGVyUmVkaXJlY3RTZW50IjpmYWxzZX19LCJ2ZXJpZmllZCI6dHJ1ZSwic3BlY2lmaWNQcm92aWRlcnMiOltdfQ==
.advertising.com/ Name: APID
Value: UP181ffd8b-407a-11ec-adf7-02cc138d7c5c
.analytics.yahoo.com/ Name: IDSYNC
Value: "192m~21ex:192w~21ex:187s~21ex"
.yahoo.com/ Name: APID
Value: UP181ffd8b-407a-11ec-adf7-02cc138d7c5c
.yahoo.com/ Name: APIDTS
Value: 1636365367
.rlcdn.com/ Name: rlas3
Value: L6u7ot88jxylBPiTSHWsE1Er9m/GPIrZjEyFAg/2NaA=
.criteo.com/ Name: uid
Value: f0470e5e-df45-4cb5-b3ba-2b2d3eebc957
.quantserve.com/ Name: d
Value: EPgBDAHWJIqsMA
.quantserve.com/ Name: mc
Value: 6188f437-b539f-a830d-778a2
.rlcdn.com/ Name: pxrc
Value: CLfoo4wGEgUI6AcQABIGCLrqARAA
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-ec2ba1e5-1ee9-4936-78c3-2e537c8ba826.6nj4dg8M4OKsJlpiHmlN9Ec5VEVGQlqBmFJVH9%2FTibM
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3A0-ec2ba1e5-1ee9-4936-78c3-2e537c8ba826%24ip%2495.174.64.203.GZUd%2BS4NJswWdQsdHuCFZ9iMKmAlnEZY58vgR5e3%2FxQ
.casalemedia.com/ Name: CMRUM3
Value: e66188f4362760&036188f43605a0&046188f43705a0&2e6188f43705a0&826188f4372760AAFVok7DEegAABsJfHUO9Q&496188f43705a0&7b6188f43727607Cuh5R7pSTZ4wy5TfIuoJl-uQMs&0d6188f43705a0&586188f43705a0&5a6188f43605a0&1f6188f43605a00&2d6188f4372760CAESEGhYqpkGAxmi8CodOgbYTdQ&f16188f43605a0&986188f4372760a141ab0b-3b43-45b7-8fda-878cfa123bf9&be6188f43705a0&276188f4360b40
.adscale.de/ Name: cct
Value: 1636365367845
win.gg/ Name: cto_bundle
Value: XuWZZF9oTlhqTndnam1lJTJGN1pGWWlubk9UaFJrbDc1WkpwQlVIZnhaJTJGcDFpazExZkczTWhaWG4zRkNEMENYVEhlJTJCaDJ0R204U0trTHplSG5UY2JlNFp3RnhlQm1YUWpYVmF4RHFQRTFkbjRKejdFTSUzRA
win.gg/ Name: cto_bidid
Value: InAaE19lMll6SXolMkZnVGZaZTQ2Sjc4UGElMkYzTU1aMG5jU3glMkIlMkJMa3B5S25Pd0dObmNQUGZITEQlMkZxR3VsalElMkZ4Y25FSHJTa2VlYXNGbiUyQkNrOE9ia01QTlFMUlN3JTNEJTNE
ads.stickyadstv.com/ Name: uid-bp-36033
Value: a101_7028135735572477205
ads.stickyadstv.com/ Name: MRM_UID
Value: a101_7028135735572477205
.m6r.eu/ Name: test
Value: true
.creative-serving.com/ Name: tuuid
Value: bcc7969b-b386-473c-9afb-992de47ff0ad
.creative-serving.com/ Name: c
Value: 1636365368
.creative-serving.com/ Name: tuuid_lu
Value: 1636365368
ads.stickyadstv.com/ Name: uid-bp-159
Value: CAESEMjaMY-DkkCMxWa1QtbftAs
.m6r.eu/ Name: cct
Value: 1636365368109
.m6r.eu/ Name: id
Value: ac8714ddb19f0ee02b92ef57f200d052
.ih.adscale.de/ Name: tu
Value: 4#1912836473#48~ac8714ddb19f0ee02b92ef57f200d052~454545~0~0#101~BBID-01-03110793670774975-16441020~454545~0~0#39~116e6188-f436-4e00-b748-983ff3724c10~454545~0~0#40~f0470e5e-df45-4cb5-b3ba-2b2d3eebc957~454545~0~0#42~5362326409740733592~454545~0~0#75~845234657020092272~454545~0~0#108~116e6188-f436-4e00-b748-983ff3724c10~454545~0~0#63~YYj0NoqWajl63Okm9fiWUAAA&710~454545~0~0
.adsrvr.org/ Name: TDCPM
Value: CAEYASABKAIyCwimztz8lqqROhAFOAFaCXN0aWNreWFkc2AC
.ads4.admatic.com.tr/ Name: ARRAffinity
Value: 924054ab073178b36f762fbfe5f015b9bb65ad662424aac7b4c0ebbb113bfe31
ads.stickyadstv.com/ Name: uid-bp-892
Value: 9954d0a5-3bda-4478-a00d-7a44ba5cedad
ads.stickyadstv.com/ Name: uid-bp-951
Value: 845234657020092272

9 Console Messages

Source Level URL
Text
deprecation warning URL: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js(Line 1)
Message:
Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end user's experience. For more help, check https://xhr.spec.whatwg.org/.
network error URL: https://api-images.win.gg/resize/w/1000/format/webp/type/progressive/fit/cover/path/wp/uploads/2021/08/pathfinders-voice-actor-on-working-apex-legends-next-respawn-game.jpg
Message:
Failed to load resource: net::ERR_CONNECTION_RESET
other warning URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 74)
Message:
Origin trial controlled feature not enabled: 'trust-token-redemption'.
other warning URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js(Line 74)
Message:
Unrecognized feature: 'conversion-measurement'.
network error URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=38d6b847-8611-4981-776c-da5a1f9ce866&reqId=ce460c15-80b0-4908-6794-bd6f11754c65&zdid=1361
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID&gdpr=1
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://ib.adnxs.com/getuid?https://dsum.casalemedia.com/crum?cm_dsp_id=190&external_user_id=$UID&gdpr=1
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://cs.admanmedia.com/sync/eplanning?redir=https%3A%2F%2Fu-ams02.e-planning.net%2Fum%3Fdc%3D227acb3d18564968%26fi%3D2728411cce617bb8%26uid%3D%7B%24UID%7D
Message:
Failed to load resource: net::ERR_CONNECTION_CLOSED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=300

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1f2e7.v.fwmrm.net
a.audrte.com
aa.agkn.com
aax-eu.amazon-adsystem.com
ad.turn.com
ads.adaptv.advertising.com
ads.creative-serving.com
ads.pubmatic.com
ads.stickyadstv.com
ads.us.e-planning.net
ads3.admatic.com.tr
ads4.admatic.com.tr
adscale-emea.adnxs.com
ajax.googleapis.com
analytics.google.com
api-images.win.gg
bbnaut.ibillboard.com
bcp.crwdcntrl.net
beacon.krxd.net
bn01.er.bemail.it
buttons-config.sharethis.com
c.amazon-adsystem.com
c1.adform.net
cdn-images.win.gg
cdn.admatic.com.tr
cdn.gin.bet
cdn.jsdelivr.net
cdn.oribi.io
cm.adform.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
cs.admanmedia.com
cs.choozle.com
csync.loopme.me
d1eoo1tco6rr5e.cloudfront.net
dis.criteo.com
dmp.adform.net
dmp.v.fwmrm.net
dpm.demdex.net
dsum-sec.casalemedia.com
engine.widespace.com
eu-u.openx.net
eus.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
g.ezodn.com
gum.criteo.com
gvl.ezodn.com
gw.oribi.io
hbopenbid.pubmatic.com
ib.adnxs.com
id.crwdcntrl.net
id5-sync.com
idsync.frontend.weborama.fr
idsync.rlcdn.com
ih.adscale.de
image6.pubmatic.com
imasdk.googleapis.com
img.youtube.com
insight.adsrvr.org
js.adscale.de
js.cookieless-data.com
l.sharethis.com
live.primis.tech
loadeu.exelator.com
match.adsrvr.org
match.prod.bidr.io
match.sharethrough.com
mug.criteo.com
mwzeom.zeotap.com
nexus.ensighten.com
obgpm76tt0a0sgozk8l.redinuid.imrworldwide.com
odr.mookie1.com
onetag-sys.com
pagead2.googlesyndication.com
pixel.advertising.com
pixel.mathtag.com
pixel.quantserve.com
pixel.sitescout.com
pixel.tapad.com
platform-api.sharethis.com
platform-cdn.sharethis.com
pr-bh.ybp.yahoo.com
prebid-match.dotomi.com
prebid-server.rubiconproject.com
primis-d.openx.net
px.owneriq.net
rtb.openx.net
s.amazon-adsystem.com
s.console.adtarget.com.tr
s.e-planning.net
s0.2mdn.net
search.spotxchange.com
secure-assets.rubiconproject.com
secure.adnxs.com
spl.zeotap.com
ssum-sec.casalemedia.com
ssum.casalemedia.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.1rx.io
sync.adotmob.com
sync.console.adtarget.com.tr
sync.e-planning.net
sync.extend.tv
sync.go.sonobi.com
sync.mathtag.com
sync.quantumdex.io
sync.richaudience.com
sync.search.spotxchange.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
tags.bluekai.com
tags.crwdcntrl.net
token.rubiconproject.com
track.adform.net
tracking.m6r.eu
trc.taboola.com
u-ams02.e-planning.net
u.openx.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
video.primis.tech
win.gg
www.google-analytics.com
www.google.com
www.google.it
www.googletagmanager.com
www.youtube.com
x.bidswitch.net
api-images.win.gg
cs.admanmedia.com
sync.adotmob.com
sync.console.adtarget.com.tr
104.111.215.191
104.111.242.53
104.117.200.100
108.128.79.28
142.250.184.194
143.204.95.188
143.204.97.29
143.204.98.111
143.204.98.98
151.1.205.165
151.101.194.49
162.55.6.210
168.119.146.39
169.50.137.184
178.162.133.149
178.250.0.157
178.250.0.163
18.134.84.18
18.156.0.31
18.159.80.129
18.169.90.17
18.193.208.211
18.195.42.228
18.196.67.255
18.200.233.208
184.24.15.122
185.167.98.14
185.220.204.220
185.29.132.245
185.33.220.218
185.33.221.14
185.33.221.50
185.64.189.112
185.64.190.78
185.94.180.123
185.94.180.125
188.132.147.227
194.213.62.34
2.18.233.180
2.18.233.201
2.18.234.21
2.18.234.233
2001:678:cb4:bbbb::11
212.82.100.182
213.19.147.44
2600:9000:2156:5a00:f:4f64:8940:93a1
2600:9000:2156:6600:13:c079:7880:93a1
2600:9000:2156:b600:c:abe:f440:93a1
2600:9000:2156:c00:1d:85c3:6640:93a1
2600:9000:2156:c400:12:b1b7:8800:93a1
2606:4700:10::6816:1857
2606:4700:10::ac43:2ac6
2606:4700:3031::6815:496e
2606:4700:3036::ac43:a1d1
2606:4700::6810:5714
2607:ae80:5::149
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:801::2003
2a00:1450:4001:802::2006
2a00:1450:4001:808::200e
2a00:1450:4001:80e::200a
2a00:1450:4001:80e::200e
2a00:1450:4001:810::200a
2a00:1450:4001:811::2003
2a00:1450:4001:827::200e
2a00:1450:4001:828::2004
2a00:1450:4001:828::2008
2a00:1450:4001:830::2002
2a00:1450:4001:830::200a
2a00:1450:400c:c0c::9d
2a02:2638:1::13
2a02:fa8:8806:12::1400
2a04:4e42:600::300
2a05:d018:d29:3605:15eb:8f8e:fe0:229e
2a07:180:27b:71f4:967e:7b66:dbda:fbaf
2a0c:5c81:5095:0:225:90ff:fefa:245d
3.124.181.115
3.126.38.41
3.127.51.194
3.213.248.174
3.216.128.157
3.33.220.150
34.98.64.218
34.98.67.61
35.201.81.244
35.227.248.159
35.227.252.103
35.244.174.68
35.71.131.137
35.81.242.146
37.157.2.236
37.157.6.251
46.249.52.249
5.178.65.245
5.178.65.252
51.158.29.13
51.89.42.86
51.89.9.253
52.214.126.220
52.215.68.151
52.23.121.248
52.30.14.23
52.46.154.242
52.57.255.59
52.86.150.190
52.95.115.196
54.217.170.69
54.78.254.47
54.81.207.173
54.93.133.131
54.93.151.69
66.155.71.150
69.173.144.138
72.251.244.141
89.187.169.47
026b86883e9a229fa0788ba6fb68e51d8dea063a746234c0c0d1c258874c30b0
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
05bdc489509bd02988ef2b2c0010840d7accc9bcd39c4090392a7270180858cc
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
076286a0e2f64b457cf12071c42f4d3ebbb616a437bb31bc9e3d3e007840cfc1
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0cae5fa60b7fe1d9bd45050df69e07fc2b0358e6b85cd6eecf6b5d5bf4d73dea
0e4df2c57f22311384b1c79a1e882fb4c20809817d555456ca31a96c7591037f
0e91990a1d7118d1a8b8e4f8b3f1c650f0d575624213daa957363fd9833bc24f
0ead993a38ac2331daec6b258056b9015c3ca70d84f6ce47299a157feab33efe
0eef35992b214af5251445fa6edda217dec37eb85de291752f74a9193d04d27c
0f4ea72595b897c003af2e0ec5e89574e208237b22b2192be022750894c2c206
106b39f48e91ecd4e58145357095e1014ceba98a7b71c81e2a9388a36be77732
115ccd207fe3b7633eaa48b7a44f27c163274f2d35d20368a00a40b83d8afbf1
126c2f717e7156d14ab6202014846c69b291675708e42e8168a29b466eb8aebe
13ab06913444b6e3b4139e5487813073f11e082878ae8a5bf5213fdc6f95f5e0
141cf9b243d4032cbf2323028698a0be7b15eb42a2bb46092654bf8df267c0f0
14d79e2cf47df339b79d25ffc6d0136e5d2e70a96b75e6782198ea6bbda3ca0a
154212eb976f7df7c79f5844fcb356740bcb6c51edacb2e8515108e2d7effa67
15770468a1704759435695a14f23c4fa7ec3059b1cbd2dd85faf4db3a2eda98b
16910f012ec529e4bef4051c3f178f72302c5ef55973277ba7aa36b5d19b91e2
175c1838f8a29dc3943d08fc552c13a38d0dfcfa1809456f9f60a146c195399c
17d28d80565aea246a542b61a9d2f93c98fb30887bd662de52191d4e87a6fb45
1844237c138bd410bc7fcfecd38156aa58aa2968d59889386b17de5c796e3c84
18cbfcb608af5885f7916274b60578d32006c90e8fce3d98dbcc89a646707608
19e05f4f3f58e18def4cb9c276045d3bfb61738e922753d78cf0622fdf4e5dd3
1c5ad2fd42dffdf04a0f1d757c1cccb4d840218d7ecada79d6cc9db33ca40319
1f5b6267968f60e8c5f023222caa8cfdd05574076c8ea3740894ef93fd4b8ba3
21f1b794b9ebdb7b238c6e280a775d581605595e542a4c94bf1881d2879279e9
22460c9c4d8a343b378271dd691d8870253cfef422393cbd73644b8c4b9b6a3c
2295c7a89c8ac4a19e2641283109be472d8f58bd78e42a38a0d16e34203e4bba
24302a009863150046e73b021927c5b2840c4ffbbfbfd3fe05f4cbf42b19fcc0
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe
29319580ce848cd69d06fd75aff5626eaa1af5ebefb0136dc1ca332478d2acf3
2986551fd9e82929eabb8cba7c44f74a28d8496c744893432f067b320dff55da
2aee396045e8313003eda4d9b0acc42c7a9cbd7c29b4a32480ba2489baacbecc
2af77703de4d55fb43b5128428d9e3e7570b5732dac454ca0597ded15af9a2d4
2d27694d44fa22602efcc92caf61eff0b9c2bc85455e964f78a092040c1a9592
2fb07bc2036b6b6338b8632cdb49566bb1a3fdaa471b628345de4459692362c8
30ba4bfc42454eaf143cb6f62250840e3f05a5f456e63075b63c32647511c5be
34d421a3b0ead306cef4a445313ca5809756632f7c4ac677ec066ba05be73ec1
3516496d97f72bf509cf5d6902b5deebf53355ccb21127dc777d265cd96ca2d8
356ce5e8970cc7ae0067519b144668c732ff1f202d188bd4443fca430b5c3aa3
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
383472db86bc19b822592340828e1a9d680ece8e6a5114eb4744351081fdea3c
3881d4ebc20dc4b40e4856c3c946492ae6932e8aafc787dc84600f2d76fbfb60
3b176aaa639598399777a9038810cc766df54fcba4e602fb826ce3335d4cf75b
3cdbb68e93d9fb8a81d427448443a41d21a66c151d4d7ec865e648833f854b2c
3e8c7c4773e3e97ad0d9aaf4ab471c5f065f9e9e3f079e3aecb40ad4f10fa693
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
4098a1bac66df8c517bb37d59d5a915ac296d00a8526b08d8272f9e2c4e2adc1
416f737d3a2459a6215f3a4ecf5e8b4dbb8227c3af23671b7408c276d2e44ba7
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
43b348d194f4e2c50da38d2a5e596635df86baee4de5839d73d19aa6285dbd4f
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
492abbc30ace41332a8f68b7f34f56333a037aebac34e0bc9b9cedb0d1c3b032
4a19a7aff7822fad5a9c7c2c0453177cef72e10fcfdc2f3eb5c31b2a8e4f24f0
4a7300bc3d6addbe32fe20ccf8888f19ff2a7e11220552d68579b97c4d0eea8d
4a829aec4a48b2ab3be4fd0e18836bd04b384cfaccd8822944d382818eb046ab
4ac95c59a70b7c78d9dcfce05d1dcfd512e8f083d1525cf5d34ee3f57bf8e325
4b526e9e3f769d1f08a58b16c65bc4d4ecf2ec999b3d0eb8efcad80da5bf084f
4bccfd351ab603b339f3307bbf8da34450cd9d2deae5ad5f5400b5fd6e25845e
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
4f7cd55655bafca4db9b67255125ed52cd91d21b1727e9f28f71219aa1341de5
522b7e3ff459e82d26f3daa82b3f8c8ea0df6d4ff12c981e4dddeaf9c8a25421
53fd83eaca8a5b5d851df8710ee239da10fa09d446e6fa2f4a014bf66a9c8140
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
57a50c99a31ef4e89e86664e96f6dfbdde163a2eb96e88b3b492c49aa4be2f37
58ed344732766704ee535508e3dcd8d4a8ec0c9c79d16adf02293adde110926c
5bb08412d18881e3fc69fdb44226bfc6f66a77d45dfff3f10b98a100c09bc970
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
5f5012132c752db2433e17712d91ef8689f1bc95167b2720e23224c2ae62e009
60e1017c6585464aa240b13f4074ab5ea100dcbdb72615124ff575bcc891a542
62b58b017cf4d54dc404dbc48e49b0429cbbb46678a868a95bf17664cc6340fd
62c6ababbe88d3d4496203cd685f2b900a0cb382b8e24704ad25e84b8ed80833
644ef600fd425cb6a30b351e54c5110dc5b7e88e65c44989be4c44c8ff54c768
68986dd8f1ef6b05cbc0a2f532b87ea2f93ebe9ccd06f8265b15044dd1f4ab17
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
708f9431e56ac3478c5143ad5e8eb3fd88b3ab4a6b745e9508eb7f929bddeeeb
730fa1f3e8b3c4a223c4e69f4a27e690a4552f96ab97dba05b943dff44967658
768d97ec0916217ae82c70aeda3a61b9b0dab344edc4a3240a4f7cd94af00307
76d1da9e9902ccf3d2983b706151d7c4f1a910c86b757fae4302ccf989c630a7
792e8d90eda8320b9bad0aa1aa9b98cb609ac3a72a642e6d370f40131c88ebe4
79a869051b710d637d41dccf75f21b67399615e4ecc81fa665912a36011fabe4
79d443b15f542c8a8acca8e937f2a3c90ecba78bd49fdbac6c9b878c7f1293e9
79e0b31ed7dd31fb4a8d054b05cf38a6e3fbec7ed680bc8df999505637f5368e
7c93346d4f681a0be90d1dfc19346382a4700f1810f41caa54415688dee1777f
7e0e2fbaa7a89c64df6b30953123d55b39e38cb0933d59425ecb11c9989d477b
80d7fe7545bc4316e85f5abf3e5dc9cb6a0df917c4e715f836f4e0ca418224fd
8293bdedd66b50dcaf53d569261107d3eb3c9b18caa18cbe3479b6f037d233c8
86d7e0bcc044c387f48bc5405b86c1779c827a21db7c8511b72920f05e662dbe
875ca1fe8a85b43fefb0206533f96bd56905305e6e0291c0b5284daf07b0c9e9
8b5cbe512fbb056de7aa42963d3bac7e38adb05e32fbe6f502b4fad3cabf57fc
8c4967c13572e41e718dfbb3d84dddeacc748aa14cb2d65ad91ecdde60f50664
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8dddea515a7535c5f8382cd21e6a362464f3932f4445663f420c1ef0158b0238
8fe61dd7619deb61b9fe75185de7c08c14a46c6ce306a2d2866bf470fc68e27b
91479500536a8e96c6dc6e62c801df8d5a108e33a037a34806c4d50f67b10f1c
9186ad0839410bf3d20f3c5b242b36027562baac85ffb8cba18b50b6e4d7945d
91b4eb09154d5ebef46352e922194ec6dbb9547b63f9776ae10133fe1ca66879
935b2f1cdbf1af0439e86ecbd0ca09a2b3a91807ae651cf3f840f9237a45a667
968fbcdac55faf8697d9c4ceec7040836f549f345701d44194bc45cd7971ae8a
96ae6a03a75db67d90cdae793dabdb904860f79f05feeaea10a4e09428719763
973fe12f5130be123a73261e3956030b8a1c380f8cd8234e319b51bda6892898
97e042e763cc2cf729d788a418763a5b8e64ff4dcfb19f204f95266cca6cb596
98385317c6bdcf8c203beeda9c8e4e8dc2622e7d6405a11b2639e5a7a84c1452
9859bce90c517c92bc2e03c378e158d7927ad582604e9c357435226bd8c7eea8
98f10959d56f5914d9c5dbe05e695bd1e4cc30dc68729f0b22f691d0dea3f19c
9b64f85d8068989c158ba9a881e4b5f4971eb769a6ec9ae697f5a0728ba294fb
9fa24b62299baace7fe5abb6f7ee07864a3dda2bacfe5aa388edc805bc9a9173
9fbd875b574af5dc5a7d8d885c52c88c14c477ee8f8b2a2f4b91949d27aee01c
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a18a746fcdbca1597f56192658dce3f4389d3fa18793c2dcdc76c359583cbc9a
a27c2d80d30fafd29a0791f66d6945213e71c9c7f65a43f36bccd4159cbe0d80
a3336e3373c170b40764f5a62d121335bec4243b0034e561937194dfe2e413fd
a4eab981ff34f8cb5ee9a7d114ebe5f28f4e3a390d81276801de1fd4710d3105
a83bf33080e6fd7aa375b48f11f4ac7b1a186d94a36af178e417cc00d6e09a7d
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a
ace4208545fb0ff5ea87fbe1470d3bf0af8e73d7d52fea869966c4b9d8c78a60
afa7154724b0a7ce743bf2b11250f9af787a3aeb2b12a6391de669cd06bb5285
b104e5c824697b5c886b14becd2e8442a4e74417dd25e5b44f25ef54899ea75a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b238f7b9d2394cf4a3686735e13dba96f74720c0a6905303b699ac7fc1564d95
b3dca6992b4f8770bc3dba5f82f6325a82d2adabf685da88d950f6fe87b16716
b4cd4f889e2c7dd71da12d2b0a29aa6346de2e5d8b3c882d7700d64c700f661d
b6c2c004674f17d54d9905790df57a805fbff7ac2f3022b5d1474213b2a8fa2d
b98d73c9da43ab088e858bcfadfa96208819a10c743b730ccf229e427655cd82
ba87da3ae2bef11156e0ca6440a0212bba1e6eeb051197095ad32c8be1fa061a
bcdf010ba3dc61605c33de9b33e7e76dbc3bb4326dcec49f33970345e517fb25
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
bdb330c6f9f1437527c93b73cdcf04d786b8d802f4d40a4e321a681a0132580c
c10ad7ad72209b5d2ccd624383a0d28ae20b75ff07343c36989e4fd9c767fd1c
c1a86d7c11a5c83b82c7e6f814aff6286a9fe3483b8e0e2c16089370bad4676d
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c31654127300d01cf59bee84cc2691f26493ba20bf30d4f567ccb1f2dee4a912
c555bc295bb01f8cf5343bf7e338efa35182951447d9362a01ab618b31935ed4
c983bccbfa3aeec262e4469747aaf9d860d93fedcf3ba263c84bd7ef21430234
c9ba955bb5e749f1ffdf4d60245b2625b8c5bc2b71fbbf538335faeec3621fa9
cacd900a2587c234c53e9d0108fc51ff6c61420c4f89a1731014b673a7b9a1a8
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cea9c3393f4b0a57475e38dbbff527aca7a3aa2d107b4b4742b937c2507e2063
ceff8f79fc08dd279e8dc90d0e877071ee32398794afb661107f79432daf7289
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d2dffba8a31eb663c59a5494783cbf197c182104edc58f0c0a17b7992429d7af
d4b94a0b34b2853994bc87e953988f29c7ac1b47ad32e61a8cb8e40b5a216e46
d5abddabdb2b594d258497f39378ab882825d08862304ca3ea638e45dabdb051
d86923070cdd3b26c384dfb89877b54c56cc30ebcaca4b9ef0fefeb935d5c7ef
dadbb59b37bfea4c78c6e15c8cbb96dfba84526e43a0767dc244fd062a841aba
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de8bcb64a320b1a2b1e4788b6aaaf8e4ac888a7eb62a66c5e214cc43ce0bb777
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
dfb9840e362eb5cc9a96353c6b89562cb360fbc5c38bc5133fc5a9e6c460a456
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6457d717d017a3e507014ccf5e8903a9f9c4a881ced3d7efd85843a97683feb
e8288594c3165e45994ab70dcbfd3d14b1d902727050e3226e0af0cfcb774c11
ebab19f74d95b1c10457dbf025009438a9479c198c5e96a829c64f4b4298cf46
ecde72bc5d9fd5bc5150218535ae8f75ad9161924b91e64b7995c495fc90c246
ece688f60b3b488b21f3aa30a0a0f7178e6da09b5f67ff98200b09dc69f93e42
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1eec9308aa07093c74acf7f47b64d93a4890b49d6e7b042096470c45b6fdb0c
f436d7ccb58e150e6cabdc18fed5a45fe1d7835adc4a9e15399f84cdb9e41430
f56ca818087834a737c9427dcf1aca0b5620455e029e2b7c3f95aac4ad8bbf70
f62e11b110b6233da7f94fc6715e2d026d3dd3cc22fa394623ba16c9316fa8f8
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f99130a4161663ec1906f66cb043d778984e3fd3e30c85e887ae4e78f97e6717
fbff3ed0ba29af09e05a3080ffbec67eb6e20ac062535baaef3f660b9557e3f6
fc28539981fe33c095b8977e288022fe1dc283a58c4475796401f6d8bd15bf32
fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62
fe1d9d6a59ca420393fe9918c207d04a09e28bb98976edbc58e1a179b0abc405
feb904c32100f35aa735defd1402510a06a81bb1d8e1d4cfa79150ba0c0278cb