urlscan.io logo urlscan.io
SecurityTrails logo

www.sawfirst.com Open in urlscan Pro
66.206.12.119  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://sawfirst.com/
Effective URL: https://www.sawfirst.com/
Submission: On May 07 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 23 IPs in 5 countries across 34 domains to perform 126 HTTP transactions. The main IP is 66.206.12.119, located in United States and belongs to HVC-AS, US. The main domain is www.sawfirst.com.
TLS certificate: Issued by cPanel, Inc. Certification Authority on March 3rd 2021. Valid for: 3 months.
This is the only time www.sawfirst.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 13 66.206.12.119 29802 (HVC-AS)
1 2a00:1450:400... 15169 (GOOGLE)
6 35.190.55.95 15169 (GOOGLE)
17 172.67.39.17 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
3 2606:4700:303... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:303... 13335 (CLOUDFLAR...)
2 2606:4700:303... 13335 (CLOUDFLAR...)
1 208.100.17.188 32748 (STEADFAST)
2 9 2.18.234.21 16625 (AKAMAI-AS)
1 51.89.9.251 16276 (OVH)
4 4 185.64.189.216 62713 (AS-PUBMATIC)
5 5 216.58.212.162 15169 (GOOGLE)
1 1 185.64.190.80 62713 (AS-PUBMATIC)
2 2 185.64.189.114 62713 (AS-PUBMATIC)
4 4 37.252.172.45 29990 (ASN-APPNEX)
3 3 3.126.56.137 16509 (AMAZON-02)
3 3 213.19.147.44 3356 (LEVEL3)
2 3 34.241.88.205 16509 (AMAZON-02)
1 1 64.202.112.159 22075 (AS-OUTBRAIN)
1 1 178.162.133.149 60781 (LEASEWEB-...)
1 54.194.137.128 16509 (AMAZON-02)
1 174.137.133.49 27257 (WEBAIR-IN...)
2 2 35.156.153.71 16509 (AMAZON-02)
1 38.27.122.158 174 (COGENT-174)
2 2 216.52.2.48 30282 (AS-INAPCD...)
2 2 193.0.160.129 54312 (ROCKETFUEL)
1 67.202.110.24 32748 (STEADFAST)
8 130.211.31.231 15169 (GOOGLE)
1 2 52.94.232.32 16509 (AMAZON-02)
2 2 66.155.71.25 13768 (COGECO-PEER1)
1 1 2620:116:800d... 16509 (AMAZON-02)
2 2 52.19.106.86 16509 (AMAZON-02)
58 2606:4700:303... 13335 (CLOUDFLAR...)
126 23
13    66.206.12.119 (United States)

ASN29802 (HVC-AS, US)
PTR: 66-206-12-119.static.hvvc.us
sawfirst.com
www.sawfirst.com
1    2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
6    35.190.55.95 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 95.55.190.35.bc.googleusercontent.com
www.onclickperformance.com
17    172.67.39.17 (United States)

ASN13335 (CLOUDFLARENET, US)
resources.infolinks.com
router.infolinks.com
1    2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
pagead2.googlesyndication.com
1    2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
3    2606:4700:3037::6815:293c (United States)

ASN13335 (CLOUDFLARENET, US)
superonclick.com
1    2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2606:4700:3037::ac43:8e31 (United States)

ASN13335 (CLOUDFLARENET, US)
ufpcdn.com
2    2606:4700:3038::6815:eb72 (United States)

ASN13335 (CLOUDFLARENET, US)
crrepo.com
1    208.100.17.188 (United States)

ASN32748 (STEADFAST, US)
PTR: ip188.208-100-17.static.steadfastdns.net
de.tynt.com
9    2.18.234.21 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
1    51.89.9.251 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu
onetag-sys.com
4    185.64.189.216 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image8.pubmatic.com
5    216.58.212.162 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f2.1e100.net
cm.g.doubleclick.net
1    185.64.190.80 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
2    185.64.189.114 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)
image4.pubmatic.com
4    37.252.172.45 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 693.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
ib.adnxs.com
3    3.126.56.137 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com
ups.analytics.yahoo.com
3    213.19.147.44 (United Kingdom)

ASN3356 (LEVEL3, US)
sync.1rx.io
sync.targeting.unrulymedia.com
3    34.241.88.205 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-241-88-205.eu-west-1.compute.amazonaws.com
match.adsrvr.org
1    64.202.112.159 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
b1sync.zemanta.com
1    178.162.133.149 (Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-sync.go.sonobi.com
sync.go.sonobi.com
1    54.194.137.128 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-137-128.eu-west-1.compute.amazonaws.com
s.cpx.to
1    174.137.133.49 (United States)

ASN27257 (WEBAIR-INTERNET, US)
dsp.adkernel.com
2    35.156.153.71 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-156-153-71.eu-central-1.compute.amazonaws.com
pixel.advertising.com
1    38.27.122.158 (United States)

ASN174 (COGENT-174, US)
match.bnmla.com
2    216.52.2.48 (United States)

ASN30282 (AS-INAPCDN-OCY, US)
ap.lijit.com
2    193.0.160.129 (United States)

ASN54312 (ROCKETFUEL, US)
p.rfihub.com
1    67.202.110.24 (United States)

ASN32748 (STEADFAST, US)
PTR: ip24.67-202-110.static.steadfastdns.net
ssc-cms.33across.com
8    130.211.31.231 (Kansas City, United States)

ASN15169 (GOOGLE, US)
discovernative.com
2    52.94.232.32 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
2    66.155.71.25 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)
pixel-sync.sitescout.com
1    2620:116:800d:21:8c6e:cf2c:8d6:9fb5 (United States)

ASN16509 (AMAZON-02, US)
pixel.quantserve.com
2    52.19.106.86 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-19-106-86.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
58    2606:4700:3034::ac43:81e7 (United States)

ASN13335 (CLOUDFLARENET, US)
cdnativ.com
Apex Domain
Subdomains		 Transfer
58 cdnativ.com
cdnativ.com
6 MB
17 infolinks.com
resources.infolinks.com
router.infolinks.com
275 KB
13 sawfirst.com
sawfirst.com
www.sawfirst.com
588 KB
9 casalemedia.com
ssum-sec.casalemedia.com
dsum-sec.casalemedia.com
10 KB
8 discovernative.com
discovernative.com
15 KB
7 pubmatic.com
image8.pubmatic.com
image2.pubmatic.com
image4.pubmatic.com
4 KB
6 doubleclick.net
googleads.g.doubleclick.net
cm.g.doubleclick.net
6 KB
6 onclickperformance.com
www.onclickperformance.com
9 KB
4 adnxs.com
ib.adnxs.com
4 KB
3 adsrvr.org
match.adsrvr.org
1 KB
3 yahoo.com
ups.analytics.yahoo.com
3 KB
3 superonclick.com
superonclick.com
18 KB
2 bidr.io
match.prod.bidr.io
1 KB
2 sitescout.com
pixel-sync.sitescout.com
890 B
2 amazon-adsystem.com
s.amazon-adsystem.com
1 KB
2 rfihub.com
p.rfihub.com
2 KB
2 lijit.com
ap.lijit.com
1 KB
2 advertising.com
pixel.advertising.com
677 B
2 1rx.io
sync.1rx.io
1 KB
2 crrepo.com
crrepo.com
147 KB
2 google-analytics.com
www.google-analytics.com
19 KB
1 quantserve.com
pixel.quantserve.com
510 B
1 33across.com
ssc-cms.33across.com
72 B
1 bnmla.com
match.bnmla.com
114 B
1 adkernel.com
dsp.adkernel.com
233 B
1 cpx.to
s.cpx.to
945 B
1 sonobi.com
sync.go.sonobi.com
724 B
1 zemanta.com
b1sync.zemanta.com
288 B
1 unrulymedia.com
sync.targeting.unrulymedia.com
475 B
1 onetag-sys.com
onetag-sys.com
818 B
1 tynt.com
de.tynt.com
446 B
1 ufpcdn.com
ufpcdn.com
2 KB
1 googlesyndication.com
pagead2.googlesyndication.com
47 KB
1 googletagmanager.com
www.googletagmanager.com
35 KB
126 34
Domain Requested by
58 cdnativ.com www.sawfirst.com
superonclick.com
14 router.infolinks.com resources.infolinks.com
router.infolinks.com
ssum-sec.casalemedia.com
11 www.sawfirst.com www.sawfirst.com
8 discovernative.com www.sawfirst.com
superonclick.com
6 dsum-sec.casalemedia.com 1 redirects ssum-sec.casalemedia.com
6 www.onclickperformance.com www.sawfirst.com
www.onclickperformance.com
5 cm.g.doubleclick.net 5 redirects
4 ib.adnxs.com 4 redirects
4 image8.pubmatic.com 4 redirects
3 match.adsrvr.org 2 redirects ssum-sec.casalemedia.com
3 ups.analytics.yahoo.com 3 redirects
3 ssum-sec.casalemedia.com 1 redirects router.infolinks.com
ssum-sec.casalemedia.com
3 superonclick.com www.sawfirst.com
superonclick.com
3 resources.infolinks.com www.sawfirst.com
resources.infolinks.com
2 match.prod.bidr.io 2 redirects
2 pixel-sync.sitescout.com 2 redirects
2 s.amazon-adsystem.com 1 redirects ssum-sec.casalemedia.com
2 p.rfihub.com 2 redirects
2 ap.lijit.com 2 redirects
2 pixel.advertising.com 2 redirects
2 sync.1rx.io 2 redirects
2 image4.pubmatic.com 2 redirects
2 crrepo.com www.onclickperformance.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 sawfirst.com 2 redirects
1 pixel.quantserve.com 1 redirects
1 ssc-cms.33across.com router.infolinks.com
1 match.bnmla.com router.infolinks.com
1 dsp.adkernel.com router.infolinks.com
1 s.cpx.to router.infolinks.com
1 sync.go.sonobi.com 1 redirects
1 b1sync.zemanta.com 1 redirects
1 sync.targeting.unrulymedia.com 1 redirects
1 image2.pubmatic.com 1 redirects
1 onetag-sys.com router.infolinks.com
1 de.tynt.com router.infolinks.com
1 ufpcdn.com superonclick.com
1 googleads.g.doubleclick.net pagead2.googlesyndication.com
1 pagead2.googlesyndication.com www.sawfirst.com
1 www.googletagmanager.com www.sawfirst.com
126 40

This site contains no links.

Subject Issuer Validity Valid
sawfirst.com
cPanel, Inc. Certification Authority		 2021-03-03 -
2021-06-01		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-04-13 -
2021-07-06		 3 months crt.sh
onclickperformance.com
Sectigo RSA Domain Validation Secure Server CA		 2021-01-22 -
2022-01-22		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2020-08-15 -
2021-08-15		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2021-04-13 -
2021-07-06		 3 months crt.sh
*.google.com
GTS CA 1O1		 2021-04-13 -
2021-07-06		 3 months crt.sh
*.tynt.com
Sectigo RSA Domain Validation Secure Server CA		 2020-06-01 -
2021-09-30		 a year crt.sh
san.casalemedia.com
GeoTrust RSA CA 2018		 2021-02-05 -
2022-02-09		 a year crt.sh
onetag-sys.com
R3		 2021-05-02 -
2021-07-31		 3 months crt.sh
s.cpx.to
Sectigo RSA Domain Validation Secure Server CA		 2021-02-03 -
2022-02-09		 a year crt.sh
*.adkernel.com
Sectigo RSA Domain Validation Secure Server CA		 2020-12-22 -
2022-01-05		 a year crt.sh
*.bnmla.com
Go Daddy Secure Certificate Authority - G2		 2021-01-06 -
2022-02-07		 a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA		 2020-06-01 -
2021-09-30		 a year crt.sh
discovernative.com
Sectigo RSA Domain Validation Secure Server CA		 2021-03-04 -
2022-03-04		 a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2021-03-18 -
2022-04-19		 a year crt.sh
s.amazon-adsystem.com
Amazon		 2020-08-28 -
2021-08-20		 a year crt.sh

This page contains 13 frames:

Primary Page: https://www.sawfirst.com/
Frame ID: 1AB7678263735B6039729237A6AA468B
Requests: 63 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20210505/r20190131/zrt_lookup.html
Frame ID: 76877C9782164AC94E8ABF0F0F34FA09
Requests: 1 HTTP requests in this frame

Frame: https://www.onclickperformance.com/ad/display.php?stamat=m%7C%2C843d_IjZrB1dAN0dEdHP3xP.97d%2CZMkKdRAQlkuDbgTABrav5PJVGYpTe0dUb_MNz-F-YkXGsYpN4ZXuutoO33dMQQXhJOLbIvaqoBtbvbUjUAXlx6f_sxoFmL_0otrmB43OOqk%2C&cbrandom=0.1158597196998965&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbref=
Frame ID: 192BA9A33998733298C15DC412E8024D
Requests: 3 HTTP requests in this frame

Frame: https://www.onclickperformance.com/ad/display.php?stamat=m%7C%2CoNhP2djZrB1dAN0dEdHP3xP.30c%2CZMkKdRAQlkuDbgTABrav5FCzYGWu2YPQx1pCyBkrQJfEDIFY9rZomXvHq0nTzJQ5SImQYZ-Tm-GAgksI_HEUp35gYXzH2DHRKVnlJHOs164%2C&cbrandom=0.6175855089040949&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbref=
Frame ID: 2349F67178005A03662D2D07E380BB00
Requests: 3 HTTP requests in this frame

Frame: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Frame ID: 0D181CF3D84BA3FAF64121348196AD5F
Requests: 16 HTTP requests in this frame

Frame: https://ufpcdn.com/script/identify.html?frmt=0
Frame ID: 06C2222C4D9248C691AE12F7E336F0C4
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Frame ID: 0996697C2308F481BB892FDF8961AD09
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Frame ID: E3F811291616D92B961EAF22AB3920FE
Requests: 10 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Frame ID: F61F9C962D77CB3C287DFFEB6E217D9E
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 92BE65552B512B9468883C8CE87655E5
Requests: 10 HTTP requests in this frame

Frame: data://truncated
Frame ID: FEB074141316310A24534CC5157EFB28
Requests: 6 HTTP requests in this frame

Frame: data://truncated
Frame ID: 296479D9280B4462597EB4BC5CC4B4F9
Requests: 6 HTTP requests in this frame

Frame: data://truncated
Frame ID: C68976D126B5FB7FC2B8DBF2B024BC04
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://sawfirst.com/ HTTP 301
    https://sawfirst.com/ HTTP 301
    https://www.sawfirst.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i
Overall confidence: 100%
Detected patterns
  • headers server /^LiteSpeed$/i

Page Statistics

126
Requests

100 %
HTTPS

27 %
IPv6

34
Domains

40
Subdomains

23
IPs

5
Countries

7531 kB
Transfer

8459 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://sawfirst.com/ HTTP 301
    https://sawfirst.com/ HTTP 301
    https://www.sawfirst.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 30
  • https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Request Chain 32
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fpbm-usync%253Fuid%253D%2523PMUID&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=M0FBMURBRjAtRDE5Mi00ODM0LTkwMzQtRjg0OEIyOEJBNjIy&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=M0FBMURBRjAtRDE5Mi00ODM0LTkwMzQtRjg0OEIyOEJBNjIy&gdpr=0&gdpr_consent=&google_tc= HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3D3AA1DAF0-D192-4834-9034-F848B28BA622 HTTP 302
  • https://router.infolinks.com/dyn/pbm-usync?uid=3AA1DAF0-D192-4834-9034-F848B28BA622
Request Chain 33
  • https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID HTTP 302
  • https://router.infolinks.com/dyn/apn-usync?user_id=7711948308978000793
Request Chain 34
  • https://ups.analytics.yahoo.com/ups/58422/occ HTTP 302
  • https://ups.analytics.yahoo.com/ups/58422/occ?verify=true HTTP 302
  • https://router.infolinks.com/dyn/VR-usync?uid=y-c8iToQRE2uHjXrHYBAlw.iVvVCIZErJSW7pke1o-~A
Request Chain 35
  • https://sync.1rx.io/usersync2/infolinks HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5296743380 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5296743380 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/01132d66-6ba0-41dd-a03e-faad19d61546 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-c462faef-4ab7-4649-9f8c-6e6e5950bb43-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-c462faef-4ab7-4649-9f8c-6e6e5950bb43-003 HTTP 302
  • https://router.infolinks.com/dyn/r1-usync?uid=RX-c462faef-4ab7-4649-9f8c-6e6e5950bb43-003
Request Chain 36
  • https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__ HTTP 302
  • https://router.infolinks.com/dyn/zmn-usync?uid=
Request Chain 37
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsonobi-usync%3Fuid%3D%5BUID%5D HTTP 302
  • https://router.infolinks.com/dyn/sonobi-usync?uid=444bc2b6-8815-4ff4-8ec3-afc1224e1c54
Request Chain 38
  • https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.sawfirst.com%252F&pid=12306&adnxs_uid=$UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.sawfirst.com%25252F%26pid%3D12306%26adnxs_uid%3D%24UID HTTP 302
  • https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.sawfirst.com%2F&pid=12306&adnxs_uid=6176158611501960343
Request Chain 40
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP02a6bd9e-af48-11eb-bdd7-02ff53e5df28 HTTP 302
  • https://router.infolinks.com/dyn/outh-usync?uid=y-OoXU7JFE2uHszuu9gybVSHDg30IxWT.i~A~UP02a6bd9e-af48-11eb-bdd7-02ff53e5df28
Request Chain 42
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID HTTP 307
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true HTTP 307
  • https://router.infolinks.com/dyn/sovrn-usync?uid=9ef80cf9c44c5205002d353e
Request Chain 43
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fusersync%253Fpmuservalue%253D%2523PMUID HTTP 302
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D3AA1DAF0-D192-4834-9034-F848B28BA622 HTTP 302
  • https://router.infolinks.com/dyn/usersync?pmuservalue=3AA1DAF0-D192-4834-9034-F848B28BA622
Request Chain 45
  • https://p.rfihub.com/cm?pub=43153&in=1 HTTP 302
  • https://router.infolinks.com/dyn/zeta-usync?uid=1875819619595833070
Request Chain 49
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YJVbKuzp03YnJo4ueB9cJAAA HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMdoCe89oN_NdQiWaOD0xpo&google_cver=1
Request Chain 51
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YJVbKuzp03YnJo4ueB9cJAAABJ4AAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YJVbKuzp03YnJo4ueB9cJAAABJ4AAAIB&dcc=t
Request Chain 52
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YJVbKuzp03YnJo4ueB9cJAAABJ4AAAIB HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YJVbKuzp03YnJo4ueB9cJAAABJ4AAAIB&google_tc= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESENjsRBHpSb2EHdmpn2n-FGg&google_cver=1
Request Chain 53
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48 HTTP 302
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=48 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=c8c25c63-3ae9-4bef-89de-6aa5d0291181-60955b2a-4348&expiration=1622992938
Request Chain 54
  • https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=ioJndonQbCKRhjtz34RzIY7RaieRgDwn3dCEpmZ6
Request Chain 55
  • https://match.prod.bidr.io/cookie-sync/ie HTTP 303
  • https://match.prod.bidr.io/cookie-sync/ie?_bee_ppp=1 HTTP 303
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAAzFE7BKrYAACxMY9RKPQ&expiration=1621610538
Request Chain 56
  • https://p.rfihub.com/cm?in=1&pub=2079 HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1875819619595833070

126 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.sawfirst.com/
Redirect Chain
  • http://sawfirst.com/
  • https://sawfirst.com/
  • https://www.sawfirst.com/
48 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.206.12.119 , United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-206-12-119.static.hvvc.us
Software
LiteSpeed /
Resource Hash
27bd9e7a36e52bf4b15e9e89e9eaffe861b636eb69a13e8bd407b9bcceda310d

Request headers

:method
GET
:authority
www.sawfirst.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
link
<https://www.sawfirst.com/wp-json/>; rel="https://api.w.org/" </wp-content/litespeed/cssjs/0fa76.css?d2f25>; rel=preload; as=style
cache-control
public, max-age=0,public
expires
Fri, 07 May 2021 14:48:54 GMT
etag
"785004-1620398934;br"
x-litespeed-cache
hit
content-encoding
br
vary
Accept-Encoding
content-length
6839
date
Fri, 07 May 2021 15:22:17 GMT
server
LiteSpeed
set-cookie
ls_smartpush=10000; path=/; expires=Tue, 06 Jul 2021 15:22:17 GMT
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000

Redirect headers

content-type
text/html; charset=UTF-8
x-redirect-by
WordPress
location
https://www.sawfirst.com/
vary
Accept-Encoding
cache-control
public, max-age=0,public
expires
Fri, 07 May 2021 14:50:11 GMT
x-litespeed-cache
hit
content-encoding
br
content-length
1
date
Fri, 07 May 2021 15:22:17 GMT
server
LiteSpeed
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
0fa76.css
www.sawfirst.com/wp-content/litespeed/cssjs/ 		69 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.sawfirst.com/wp-content/litespeed/cssjs/0fa76.css?d2f25
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.206.12.119 , United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-206-12-119.static.hvvc.us
Software
LiteSpeed /
Resource Hash
e9cd0faddcec01f98997264ee0265690499d4f7adede1fe651719c0a3d4d044b

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:17 GMT
content-encoding
br
last-modified
Fri, 07 May 2021 14:48:52 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000,public
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length
10817
expires
Sat, 07 May 2022 15:22:17 GMT
js
www.googletagmanager.com/gtag/ 		88 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-39697070-1
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c3fb7d6131b22bdaadc7e26b42c28cc9f5403434a23f473493636c513462ad00
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:17 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35810
x-xss-protection
0
last-modified
Fri, 07 May 2021 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 07 May 2021 15:22:17 GMT
facebook-in.gif
www.sawfirst.com/ 		219 B
332 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sawfirst.com/facebook-in.gif
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.206.12.119 , United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-206-12-119.static.hvvc.us
Software
LiteSpeed /
Resource Hash
fea721b7d25d7646e10655fdc461a3a98adf0598cd9e0ef273b08dd7f6cedf7b

Request headers

:path
/facebook-in.gif
pragma
no-cache
cookie
ls_smartpush=10000
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.sawfirst.com
referer
https://www.sawfirst.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:17 GMT
last-modified
Wed, 10 Jul 2019 22:39:45 GMT
server
LiteSpeed
content-type
image/gif
cache-control
public, max-age=2592000,public
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length
219
expires
Sun, 06 Jun 2021 15:22:17 GMT
twitter-in.jpeg
www.sawfirst.com/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sawfirst.com/twitter-in.jpeg
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.206.12.119 , United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-206-12-119.static.hvvc.us
Software
LiteSpeed /
Resource Hash
53e60faa688b7a75e27878f5575b3bf4ff068c2ffc7a0094eac3546e31e87ffe

Request headers

:path
/twitter-in.jpeg
pragma
no-cache
cookie
ls_smartpush=10000
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.sawfirst.com
referer
https://www.sawfirst.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:17 GMT
last-modified
Mon, 08 Jul 2019 18:03:38 GMT
server
LiteSpeed
content-type
image/jpeg
cache-control
public, max-age=2592000,public
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length
2026
expires
Sun, 06 Jun 2021 15:22:17 GMT
pinterest-in.png
www.sawfirst.com/ 		890 B
956 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sawfirst.com/pinterest-in.png
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.206.12.119 , United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-206-12-119.static.hvvc.us
Software
LiteSpeed /
Resource Hash
7b06a655db7277250b3fccf043fcf65f0710c93c4466699c88319187229ce24a

Request headers

:path
/pinterest-in.png
pragma
no-cache
cookie
ls_smartpush=10000
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.sawfirst.com
referer
https://www.sawfirst.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:17 GMT
last-modified
Wed, 10 Jul 2019 22:39:50 GMT
server
LiteSpeed
content-type
image/png
cache-control
public, max-age=2592000,public
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length
890
expires
Sun, 06 Jun 2021 15:22:17 GMT
mail-in.png
www.sawfirst.com/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sawfirst.com/mail-in.png
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.206.12.119 , United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-206-12-119.static.hvvc.us
Software
LiteSpeed /
Resource Hash
b0e675d8fcaec6e54624c3421ce55ca293bdd7757eb936708c778cbe4465cf0a

Request headers

:path
/mail-in.png
pragma
no-cache
cookie
ls_smartpush=10000
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.sawfirst.com
referer
https://www.sawfirst.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:17 GMT
last-modified
Wed, 10 Jul 2019 22:39:47 GMT
server
LiteSpeed
content-type
image/png
cache-control
public, max-age=2592000,public
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length
1046
expires
Sun, 06 Jun 2021 15:22:17 GMT
display.php
www.onclickperformance.com/a/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.onclickperformance.com/a/display.php?r=2465775
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.55.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
95.55.190.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
650ab12af9bbbd150cc8c5984419d6703331f7ec3ce59a936f806c90fe97cd3b

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 07 May 2021 15:22:17 GMT
content-encoding
gzip
server
openresty
alt-svc
clear
via
1.1 google
content-type
application/javascript; charset=utf-8
display.php
www.onclickperformance.com/a/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.onclickperformance.com/a/display.php?r=3846727
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.55.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
95.55.190.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
4cb2ad9ae7db50a48198d14ccce4acae2a37c36a516d4b9c1df713d9d6668fe4

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 07 May 2021 15:22:17 GMT
content-encoding
gzip
server
openresty
alt-svc
clear
via
1.1 google
content-type
application/javascript; charset=utf-8
infolinks_main.js
resources.infolinks.com/js/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/infolinks_main.js
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0099381a07c695e5af4b91cfed8c8ecf97fc7e923b65e503e2241d5a357be0f7

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray
64bb71645f30cc42-ZRH
date
Fri, 07 May 2021 15:22:17 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Thu, 06 May 2021 08:38:57 GMT
server
cloudflare
age
9782
etag
W/"c3c-5c1a53dfb3588"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=3600
content-encoding
gzip
cf-request-id
09e90532b70000cc42f3bd6000000001
expires
Fri, 07 May 2021 13:39:15 GMT
jquery.min.js
www.sawfirst.com/wp-includes/js/jquery/ 		87 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sawfirst.com/wp-includes/js/jquery/jquery.min.js
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.206.12.119 , United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-206-12-119.static.hvvc.us
Software
LiteSpeed /
Resource Hash
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Request headers

:path
/wp-includes/js/jquery/jquery.min.js
pragma
no-cache
cookie
ls_smartpush=10000
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.sawfirst.com
referer
https://www.sawfirst.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:17 GMT
content-encoding
br
last-modified
Thu, 10 Dec 2020 09:21:02 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000,public
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length
30287
expires
Sat, 07 May 2022 15:22:17 GMT
8eaba.js
www.sawfirst.com/wp-content/litespeed/cssjs/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sawfirst.com/wp-content/litespeed/cssjs/8eaba.js?b2d32
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.206.12.119 , United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-206-12-119.static.hvvc.us
Software
LiteSpeed /
Resource Hash
7f0644e1001c127a6b328acc18e9c4ea666f406d355cc78b167a251c64953857

Request headers

:path
/wp-content/litespeed/cssjs/8eaba.js?b2d32
pragma
no-cache
cookie
ls_smartpush=10000
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
www.sawfirst.com
referer
https://www.sawfirst.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:17 GMT
content-encoding
br
last-modified
Fri, 07 May 2021 14:48:54 GMT
server
LiteSpeed
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000,public
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length
5875
expires
Sat, 07 May 2022 15:22:17 GMT
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/ 		132 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c7ebc079457063bc247f938930e7266947beebcc8742afc8e38131b9087fb5df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47896
x-xss-protection
0
server
cafe
etag
15007715462895006765
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 07 May 2021 15:22:17 GMT
Bella-Thorne-162-scaled.jpg
www.sawfirst.com/wp-content/uploads/2021/05/ 		190 KB
190 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sawfirst.com/wp-content/uploads/2021/05/Bella-Thorne-162-scaled.jpg
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.206.12.119 , United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-206-12-119.static.hvvc.us
Software
LiteSpeed /
Resource Hash
c3ce74fdd526493fa1314834c44184ed66af5b945b960b3d6e34094adb86e468

Request headers

:path
/wp-content/uploads/2021/05/Bella-Thorne-162-scaled.jpg
pragma
no-cache
cookie
ls_smartpush=10000; _ga=GA1.2.967488998.1620400938; _gid=GA1.2.1404075126.1620400938; _gat_gtag_UA_39697070_1=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.sawfirst.com
referer
https://www.sawfirst.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:17 GMT
last-modified
Fri, 07 May 2021 14:47:41 GMT
server
LiteSpeed
content-type
image/jpeg
cache-control
public, max-age=2592000,public
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length
194861
expires
Sun, 06 Jun 2021 15:22:17 GMT
Eiza-Gonzalez-Booty-in-Jeans-8-scaled.jpg
www.sawfirst.com/wp-content/uploads/2021/05/ 		191 KB
191 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sawfirst.com/wp-content/uploads/2021/05/Eiza-Gonzalez-Booty-in-Jeans-8-scaled.jpg
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.206.12.119 , United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-206-12-119.static.hvvc.us
Software
LiteSpeed /
Resource Hash
78b3c9637e6cfb0ab07f51b3911ba7fd90fa2bba04ac05928c708257ace9506e

Request headers

:path
/wp-content/uploads/2021/05/Eiza-Gonzalez-Booty-in-Jeans-8-scaled.jpg
pragma
no-cache
cookie
ls_smartpush=10000; _ga=GA1.2.967488998.1620400938; _gid=GA1.2.1404075126.1620400938; _gat_gtag_UA_39697070_1=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.sawfirst.com
referer
https://www.sawfirst.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:17 GMT
last-modified
Fri, 07 May 2021 14:41:28 GMT
server
LiteSpeed
content-type
image/jpeg
cache-control
public, max-age=2592000,public
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length
195548
expires
Sun, 06 Jun 2021 15:22:17 GMT
Chloe-Ferry-2-scaled.jpg
www.sawfirst.com/wp-content/uploads/2021/05/ 		148 KB
148 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.sawfirst.com/wp-content/uploads/2021/05/Chloe-Ferry-2-scaled.jpg
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.206.12.119 , United States, ASN29802 (HVC-AS, US),
Reverse DNS
66-206-12-119.static.hvvc.us
Software
LiteSpeed /
Resource Hash
fac319670d1cc20185c1d996eaf2d1c3c8285d242c6a44c33742d9af365cf935

Request headers

:path
/wp-content/uploads/2021/05/Chloe-Ferry-2-scaled.jpg
pragma
no-cache
cookie
ls_smartpush=10000; _ga=GA1.2.967488998.1620400938; _gid=GA1.2.1404075126.1620400938; _gat_gtag_UA_39697070_1=1
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode
no-cors
accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control
no-cache
sec-fetch-dest
image
:authority
www.sawfirst.com
referer
https://www.sawfirst.com/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:17 GMT
last-modified
Fri, 07 May 2021 13:48:05 GMT
server
LiteSpeed
content-type
image/jpeg
cache-control
public, max-age=2592000,public
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="39,43,46", h3-Q039=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-22=":443"; ma=2592000
content-length
151230
expires
Sun, 06 Jun 2021 15:22:17 GMT
analytics.js
www.google-analytics.com/ 		48 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-39697070-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 09 Apr 2021 23:59:54 GMT
server
Golfe2
age
6741
date
Fri, 07 May 2021 13:29:56 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19569
expires
Fri, 07 May 2021 15:29:56 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20210505/r20190131/ Frame 7687 		10 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20210505/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
googleads.g.doubleclick.net
:scheme
https
:path
/pagead/html/r20210505/r20190131/zrt_lookup.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.sawfirst.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.sawfirst.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
date
Fri, 07 May 2021 02:19:20 GMT
expires
Fri, 21 May 2021 02:19:20 GMT
content-type
text/html; charset=UTF-8
etag
10446291943670460780
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4644
x-xss-protection
0
age
46977
cache-control
public, max-age=1209600
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
native_render.js
superonclick.com/script/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://superonclick.com/script/native_render.js
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:293c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7965b4334f08b3c398843d721ab3b5535461f4183ec6bb0923d1ae092b9cfd51

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash
crc32c=rXethw==, md5=i4AdaMb2P574qaeqSEucdQ==
date
Fri, 07 May 2021 15:22:17 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
2870
x-guploader-uploadid
ABg5-Ux3ugDbjZHv9rpPo7PWt7S1qud12-Vw4b8rTYh-k2UMds-oGdb-EGzLhtVd-VxsPwU_T52pajAPwTcwsdI7qDL8U18q4g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905330b000024840ba36000000001
last-modified
Wed, 13 Feb 2019 10:15:50 GMT
server
cloudflare
etag
W/"8b801d68c6f63f9ef8a9a7aa484b9c75"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9VQlYabJOgnFl82dE8YpY9GvUHKlKqJBeQP88Fhlhty%2FLPcCGOBWZ7dHX1xuSzkOt4WMBraXh47g%2FSET2%2BY7N9wOxv9R1BfO4SIEmgoroDRkTZz3ANcyugAHqN4R"}],"max_age":604800}
x-goog-generation
1550052950916101
access-control-allow-origin
*
content-type
application/javascript
cache-control
public, max-age=14400
x-goog-stored-content-length
4285
cf-ray
64bb7164da292484-FRA
expires
Fri, 07 May 2021 15:17:02 GMT
native_server.js
superonclick.com/script/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://superonclick.com/script/native_server.js
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:293c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e282545f9f7c4117db91f8a2c33e5a1dad31f3c6edbe74b9776c1f8b85c166bd

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash
crc32c=RAjq/g==, md5=Udh+nr2DH8yragFgeaYHkw==
date
Fri, 07 May 2021 15:22:17 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
791
x-guploader-uploadid
ABg5-UztHarEA9WAL61ya9rea4JSaKO43c4uJRU5ju3QmZnd8lU0dTs1xERvBaCgxHtc9Mw1kzkD_hnNAYAJCEBbKOXI6RQA2w
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905330b000024840e056000000001
last-modified
Wed, 13 Feb 2019 10:15:52 GMT
server
cloudflare
etag
W/"51d87e9ebd831fccab6a016079a60793"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TAfed9tkn%2BAoyNCQpnnfYbyo1Gplz3qPIPqOf4dINjKCfi93GrXDTBK8RgNJ589XOFBLPoPCQLETPSrAL0rvvxlmLs%2Fe0HEbxCzo4lRQCh0yBd8bFMiCAig49oFU"}],"max_age":604800}
x-goog-generation
1550052952705094
access-control-allow-origin
*
content-type
application/javascript
cache-control
public, max-age=14400
x-goog-stored-content-length
9260
cf-ray
64bb7164da2b2484-FRA
expires
Fri, 07 May 2021 15:56:47 GMT
collect
www.google-analytics.com/j/ 		1 B
21 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j90&a=1199442778&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sawfirst.com%2F&ul=en-us&de=UTF-8&dt=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=2091152337&gjid=1382776275&cid=967488998.1620400938&tid=UA-39697070-1&_gid=1404075126.1620400938&_r=1&gtm=2ou4s0&z=751989646
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:17 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.sawfirst.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
display.php
www.onclickperformance.com/ad/ Frame 192B 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.onclickperformance.com/ad/display.php?stamat=m%7C%2C843d_IjZrB1dAN0dEdHP3xP.97d%2CZMkKdRAQlkuDbgTABrav5PJVGYpTe0dUb_MNz-F-YkXGsYpN4ZXuutoO33dMQQXhJOLbIvaqoBtbvbUjUAXlx6f_sxoFmL_0otrmB43OOqk%2C&cbrandom=0.1158597196998965&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbref=
Requested by
Host: www.onclickperformance.com
URL: https://www.onclickperformance.com/a/display.php?r=2465775
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.55.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
95.55.190.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
3c5de0973f3c296091cf1e158611932246a47fae25d3c3abb134c8e0ef883265

Request headers

:method
GET
:authority
www.onclickperformance.com
:scheme
https
:path
/ad/display.php?stamat=m%7C%2C843d_IjZrB1dAN0dEdHP3xP.97d%2CZMkKdRAQlkuDbgTABrav5PJVGYpTe0dUb_MNz-F-YkXGsYpN4ZXuutoO33dMQQXhJOLbIvaqoBtbvbUjUAXlx6f_sxoFmL_0otrmB43OOqk%2C&cbrandom=0.1158597196998965&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbref=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.sawfirst.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.sawfirst.com/

Response headers

server
openresty
date
Fri, 07 May 2021 15:22:17 GMT
content-type
text/html; charset=utf-8
access-control-allow-origin
*
link
<//www.onclickperformance.com>; rel=dns-prefetch,<//www.onclickperformance.com>; rel=preconnect,<//www.MeetNiceRussian.com>; rel=dns-prefetch,<//www.MeetNiceRussian.com>; rel=preconnect
content-encoding
gzip
via
1.1 google
alt-svc
clear
display.php
www.onclickperformance.com/ad/ Frame 2349 		3 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.onclickperformance.com/ad/display.php?stamat=m%7C%2CoNhP2djZrB1dAN0dEdHP3xP.30c%2CZMkKdRAQlkuDbgTABrav5FCzYGWu2YPQx1pCyBkrQJfEDIFY9rZomXvHq0nTzJQ5SImQYZ-Tm-GAgksI_HEUp35gYXzH2DHRKVnlJHOs164%2C&cbrandom=0.6175855089040949&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbref=
Requested by
Host: www.onclickperformance.com
URL: https://www.onclickperformance.com/a/display.php?r=3846727
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.55.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
95.55.190.35.bc.googleusercontent.com
Software
openresty /
Resource Hash
d22cdcca04fbe6cbb0ee4e667d0a506212b8ec6886c308b1fa5b77804498736e

Request headers

:method
GET
:authority
www.onclickperformance.com
:scheme
https
:path
/ad/display.php?stamat=m%7C%2CoNhP2djZrB1dAN0dEdHP3xP.30c%2CZMkKdRAQlkuDbgTABrav5FCzYGWu2YPQx1pCyBkrQJfEDIFY9rZomXvHq0nTzJQ5SImQYZ-Tm-GAgksI_HEUp35gYXzH2DHRKVnlJHOs164%2C&cbrandom=0.6175855089040949&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbref=
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.sawfirst.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.sawfirst.com/

Response headers

server
openresty
date
Fri, 07 May 2021 15:22:17 GMT
content-type
text/html; charset=utf-8
access-control-allow-origin
*
link
<//www.onclickperformance.com>; rel=dns-prefetch,<//www.onclickperformance.com>; rel=preconnect,<//www.MeetNiceRussian.com>; rel=dns-prefetch,<//www.MeetNiceRussian.com>; rel=preconnect
content-encoding
gzip
via
1.1 google
alt-svc
clear
ice.js
resources.infolinks.com/js/1745.002-3.012/ 		588 KB
188 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/1745.002-3.012/ice.js
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27077d36b6dc6e75dcff223709a767433517d0444b80e4e2f489994cf6fd47ad

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray
64bb71657843cc42-ZRH
date
Fri, 07 May 2021 15:22:17 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Wed, 21 Apr 2021 16:33:05 GMT
server
cloudflare
age
8322
etag
W/"92fe7-5c07e1e007b42"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
cf-request-id
09e90533680000cc42f3bdd000000001
expires
Sun, 06 Jun 2021 13:03:35 GMT
pbice.js
resources.infolinks.com/js/pbice/3.012/ 		253 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.infolinks.com/js/pbice/3.012/pbice.js
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1745.002-3.012/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef22755bc9501f967f1cb92530ea9a24c98432e12dfa2b35a71482b3e5579b21

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

cf-ray
64bb7166290bcc42-ZRH
date
Fri, 07 May 2021 15:22:17 GMT
via
1.1 google
cf-cache-status
HIT
last-modified
Thu, 25 Feb 2021 13:31:34 GMT
server
cloudflare
age
246
etag
W/"3f394-5bc292b988e82"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=2592000
content-encoding
gzip
cf-request-id
09e90533dc0000cc42f1b1a000000001
expires
Sun, 06 Jun 2021 15:18:11 GMT
manage
router.infolinks.com/usync/ Frame 0D18 		8 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1745.002-3.012/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
194098486a9bf0977a009766b5c8859531892768f34f1a6bca4797d31636a5f0

Request headers

:method
GET
:authority
router.infolinks.com
:scheme
https
:path
/usync/manage?pid=3137868&wsid=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.sawfirst.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.sawfirst.com/

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
content-type
text/html;charset=UTF-8
set-cookie
__cfduid=d39ec7e4e07d574ce729a3328d76823211620400937; expires=Sun, 06-Jun-21 15:22:17 GMT; path=/; domain=.infolinks.com; HttpOnly; SameSite=Lax
cache-control
no-store
p3p
CP="NON DSP NID OUR COR"
via
1.1 google
cf-cache-status
DYNAMIC
cf-request-id
09e90533fd0000cc426c9b4000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
64bb71666945cc42-ZRH
content-encoding
gzip
lcmanage
router.infolinks.com/usync/ 		0
101 B 		Script
General
Check archive.org
Download Go to
Full URL
https://router.infolinks.com/usync/lcmanage?pid=3137868&wsid=0
Requested by
Host: resources.infolinks.com
URL: https://resources.infolinks.com/js/1745.002-3.012/ice.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control
no-store
cf-ray
64bb71666948cc42-ZRH
content-length
0
cf-request-id
09e90533fe0000cc425814c000000001
identify.html
ufpcdn.com/script/ Frame 06C2 		2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ufpcdn.com/script/identify.html?frmt=0
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/native_server.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::ac43:8e31 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffb16355784a4a89472be6cb28c3408234ec0518326a3a1908797b8d8c78a76a

Request headers

:method
GET
:authority
ufpcdn.com
:scheme
https
:path
/script/identify.html?frmt=0
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.sawfirst.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://www.sawfirst.com/

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
content-type
text/html
set-cookie
__cfduid=ddda7fef780226463de80f9a6eaccc1eb1620400938; expires=Sun, 06-Jun-21 15:22:18 GMT; path=/; domain=.ufpcdn.com; HttpOnly; SameSite=Lax __cf_bm=829cb0aa8fdd5f3062e10ed781bf5ff14de895c6-1620400938-1800-AW6dY60Xxzt0eI9ykd+RJX7TRh5bmluYJ7bDiiSCsIDu1d8yD94t8Odq6/n1ttbbW8H+E1XtvK4fym0J3EUwyMw=; path=/; expires=Fri, 07-May-21 15:52:18 GMT; domain=.ufpcdn.com; HttpOnly; Secure; SameSite=None
last-modified
Tue, 15 May 2018 06:39:25 GMT
cf-cache-status
DYNAMIC
cf-request-id
09e905341200002c36409aa000000001
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=P5FK6oRQftvJEARd%2FQU%2FYkgdJO2CX9Uku1V9Eyacgd4rqsIea%2Bw4VW%2F%2BTiA5rIsTLZv2yF%2FSXsCwNiuAxMIKnYlORrrnFk2flHvMzG4NLQ4VFGzrKJSL"}],"max_age":604800,"group":"cf-nel"}
nel
{"max_age":604800,"report_to":"cf-nel"}
server
cloudflare
cf-ray
64bb71668ab92c36-FRA
content-encoding
br
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
bff7119c984a72da7b4b7553f31b6481_6908.jpg
crrepo.com/extban/258254220/creatives/23262950/ Frame 192B 		54 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crrepo.com/extban/258254220/creatives/23262950/bff7119c984a72da7b4b7553f31b6481_6908.jpg
Requested by
Host: www.onclickperformance.com
URL: https://www.onclickperformance.com/ad/display.php?stamat=m%7C%2C843d_IjZrB1dAN0dEdHP3xP.97d%2CZMkKdRAQlkuDbgTABrav5PJVGYpTe0dUb_MNz-F-YkXGsYpN4ZXuutoO33dMQQXhJOLbIvaqoBtbvbUjUAXlx6f_sxoFmL_0otrmB43OOqk%2C&cbrandom=0.1158597196998965&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbref=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3038::6815:eb72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
adf031f7b4d8245bcfdfab6bcbd3bef478c683f4942bc90d165ee2ce934b883a

Request headers

Referer
https://www.onclickperformance.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
2776
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905341400001f3da58a7000000001
last-modified
Tue, 27 Apr 2021 08:48:31 GMT
server
cloudflare
etag
W/"6087cfdf-d79e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fcX7em9ZEII3IXMXZ3dBO1QvHScz2yO4k25nlaq8cbrNGwqHgAVwQ9Eeuv49G3H4nWi7m6NdnuyI0f689LuU2z0lZo94tGMFkbD7Ai2kwUSISiSGJjxs"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb71668c8e1f3d-FRA
e5d00c67c92feb1fe5b4d1a1205934fe_6832.jpg
crrepo.com/extban/258254220/creatives/23262966/ Frame 2349 		92 KB
93 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://crrepo.com/extban/258254220/creatives/23262966/e5d00c67c92feb1fe5b4d1a1205934fe_6832.jpg
Requested by
Host: www.onclickperformance.com
URL: https://www.onclickperformance.com/ad/display.php?stamat=m%7C%2CoNhP2djZrB1dAN0dEdHP3xP.30c%2CZMkKdRAQlkuDbgTABrav5FCzYGWu2YPQx1pCyBkrQJfEDIFY9rZomXvHq0nTzJQ5SImQYZ-Tm-GAgksI_HEUp35gYXzH2DHRKVnlJHOs164%2C&cbrandom=0.6175855089040949&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbref=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3038::6815:eb72 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8bf0609a09c7ba2d55d54fe33b01115ba02711eb452cb1d51461b5d685907cbc

Request headers

Referer
https://www.onclickperformance.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6394
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905341400001f3d6f055000000001
last-modified
Tue, 27 Apr 2021 08:50:43 GMT
server
cloudflare
etag
W/"6087d063-17038"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Mko9QpkT61TmAxyWr%2FKzOMrjxmbWG9VjB6Wm8QXex%2FVEI4om5%2B%2BHddTezWgGszm7XWBohojGWALrrh3DZiCH0msbtaCFRk3xeLBf4lgrzXw8rod%2FGhcK"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb71668c921f3d-FRA
/
de.tynt.com/deb/ Frame 0996 		75 B
446 B 		Document
General
Check archive.org
Download Go to
Full URL
https://de.tynt.com/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.100.17.188 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip188.208-100-17.static.steadfastdns.net
Software
/
Resource Hash

Request headers

:method
GET
:authority
de.tynt.com
:scheme
https
:path
/deb/?m=xch&rt=html&sid=0010b00002CpYhEAAV
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://router.infolinks.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://router.infolinks.com/

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
expires
Sat, 26 Jul 1997 05:00:00 GMT
referrer-policy
unsafe-url
set-cookie
uid=yRF/NmCVWyrq62/XGpaMyQ==;Version=1;Domain=tynt.com;Path=/;Max-Age=31536000;Secure;SameSite=None
content-type
text/html
content-length
75
date
Fri, 07 May 2021 15:22:18 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
Cookie set usermatch
ssum-sec.casalemedia.com/ Frame E3F8
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatch?s=191306&cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D
  • https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
74651e1fe7743ca562d8607848f470d230a3bbde52e59975e2ea85d369d902aa

Request headers

Host
ssum-sec.casalemedia.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://router.infolinks.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
CMID=YJVbKuzp03YnJo4ueB9cJAAA; CMPS=3202
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://router.infolinks.com/

Response headers

Server
Apache
Content-Type
text/html
Dropped-Udsids
45|39|241|230|64|81|130|57
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Vary
Is-Traffic-Usersync
Content-Length
1564
Expires
Fri, 07 May 2021 15:22:18 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
Connection
keep-alive
Set-Cookie
CMID=YJVbKuzp03YnJo4ueB9cJAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 07 May 2022 15:22:18 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 05 Aug 2021 15:22:18 GMT CMPRO=1182;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 05 Aug 2021 15:22:18 GMT CMST=YJVbKmCVWyoA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 08 May 2021 15:22:18 GMT CMRUM3=2760955b2a0b40&4060955b2a05a0&2d60955b2a05a0&5160955b2a05a0&3960955b2a05a0&e660955b2a27600&f160955b2a05a0&8260955b2aa8c0;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 07 May 2022 15:22:18 GMT

Redirect headers

Server
Apache
Content-Length
311
Content-Type
text/html; charset=iso-8859-1
Location
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Expires
Fri, 07 May 2021 15:22:18 GMT
Cache-Control
max-age=0, no-cache, no-store
Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
Connection
keep-alive
Set-Cookie
CMID=YJVbKuzp03YnJo4ueB9cJAAA;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Sat, 07 May 2022 15:22:18 GMT CMPS=3202;domain=casalemedia.com;path=/;sameSite=None;Secure;expires=Thu, 05 Aug 2021 15:22:18 GMT
/
onetag-sys.com/usync/ Frame F61F 		2 KB
818 B 		Document
General
Check archive.org
Download Go to
Full URL
https://onetag-sys.com/usync/?pubId=598ce3ddaee8c90
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),
Reverse DNS
ip251.ip-51-89-9.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

:method
GET
:authority
onetag-sys.com
:scheme
https
:path
/usync/?pubId=598ce3ddaee8c90
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://router.infolinks.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer
https://router.infolinks.com/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
strict-transport-security
max-age=15552000
pbm-usync
router.infolinks.com/dyn/ Frame 0D18
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
  • https://image8.pubmatic.com/AdServer/ImgSync?p=156872&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D156872%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infoli...
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=M0FBMURBRjAtRDE5Mi00ODM0LTkwMzQtRjg0OEIyOEJBNjIy&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=M0FBMURBRjAtRDE5Mi00ODM0LTkwMzQtRjg0OEIyOEJBNjIy&gdpr=0&gdpr_consent=&google_tc=
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
  • https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
  • https://image4.pubmatic.com/AdServer/SPug?p=156872&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fpbm-usync%3Fuid%3D3AA1DAF0-D192-4834-9034-F848B28BA622
  • https://router.infolinks.com/dyn/pbm-usync?uid=3AA1DAF0-D192-4834-9034-F848B28BA622
0
262 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/pbm-usync?uid=3AA1DAF0-D192-4834-9034-F848B28BA622
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
text/html;charset=UTF-8
cache-control
no-store, no-cache, private
cf-ray
64bb716a6d3acc42-ZRH
content-length
0
cf-request-id
09e90536830000cc420d3e5000000001
expires
Thu, 07 May 2020 15:22:18 GMT

Redirect headers

Location
https://router.infolinks.com/dyn/pbm-usync?uid=3AA1DAF0-D192-4834-9034-F848B28BA622
Date
Fri, 07 May 2021 15:22:17 GMT
X-Cnection
close
Server
Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.1e-fips mod_fastcgi/2.4.6
Content-Length
403
Content-Type
text/html; charset=iso-8859-1
apn-usync
router.infolinks.com/dyn/ Frame 0D18
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fapn-usync%3Fuser_id%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Frouter.infolinks.com%252Fdyn%252Fapn-usync%253Fuser_id%253D%2524UID
  • https://router.infolinks.com/dyn/apn-usync?user_id=7711948308978000793
35 B
388 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/apn-usync?user_id=7711948308978000793
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
64bb7167fad4cc42-ZRH
content-length
35
cf-request-id
09e90534f90000cc4278be8000000001
expires
Thu, 07 May 2020 15:22:18 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
X-Proxy-Origin
185.156.175.107; 185.156.175.107; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.155:80
AN-X-Request-Uuid
a2d05e9c-281c-4cb4-9a25-fd41f4b19745
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://router.infolinks.com/dyn/apn-usync?user_id=7711948308978000793
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
VR-usync
router.infolinks.com/dyn/ Frame 0D18
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58422/occ
  • https://ups.analytics.yahoo.com/ups/58422/occ?verify=true
  • https://router.infolinks.com/dyn/VR-usync?uid=y-c8iToQRE2uHjXrHYBAlw.iVvVCIZErJSW7pke1o-~A
35 B
236 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/VR-usync?uid=y-c8iToQRE2uHjXrHYBAlw.iVvVCIZErJSW7pke1o-~A
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
64bb71680ae3cc42-ZRH
content-length
35
cf-request-id
09e90535020000cc42a8303000000001
expires
Thu, 07 May 2020 15:22:18 GMT

Redirect headers

Date
Fri, 07 May 2021 15:22:18 GMT
Server
ATS/7.1.2.128
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://router.infolinks.com/dyn/VR-usync?uid=y-c8iToQRE2uHjXrHYBAlw.iVvVCIZErJSW7pke1o-~A
Connection
keep-alive
Content-Length
0
r1-usync
router.infolinks.com/dyn/ Frame 0D18
Redirect Chain
  • https://sync.1rx.io/usersync2/infolinks
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5296743380
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=5296743380
  • https://sync.1rx.io/usersync/tradedesk/01132d66-6ba0-41dd-a03e-faad19d61546
  • https://sync.targeting.unrulymedia.com/csync/RX-c462faef-4ab7-4649-9f8c-6e6e5950bb43-003?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fr1-usync%3Fuid%3DRX-c462faef-4ab7-4649-9f8c-6e6e5950bb43-003
  • https://router.infolinks.com/dyn/r1-usync?uid=RX-c462faef-4ab7-4649-9f8c-6e6e5950bb43-003
35 B
231 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/r1-usync?uid=RX-c462faef-4ab7-4649-9f8c-6e6e5950bb43-003
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
64bb716a8d62cc42-ZRH
content-length
35
cf-request-id
09e90536980000cc42f332d000000001
expires
Thu, 07 May 2020 15:22:18 GMT

Redirect headers

location
https://router.infolinks.com/dyn/r1-usync?uid=RX-c462faef-4ab7-4649-9f8c-6e6e5950bb43-003
date
Fri, 07 May 2021 15:22:18 GMT
server
Tengine
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag
RXc462faef4ab746499f8c6e6e5950bb43003
content-type
text/html
zmn-usync
router.infolinks.com/dyn/ Frame 0D18
Redirect Chain
  • https://b1sync.zemanta.com/usersync/infolinks/?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fzmn-usync%3Fuid%3D__ZUID__
  • https://router.infolinks.com/dyn/zmn-usync?uid=
35 B
378 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/zmn-usync?uid=
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
64bb7169fcc5cc42-ZRH
content-length
35
cf-request-id
09e90536460000cc42f3bff000000001
expires
Thu, 07 May 2020 15:22:18 GMT

Redirect headers

Location
https://router.infolinks.com/dyn/zmn-usync?uid=
Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
70
Content-Type
text/html; charset=utf-8
sonobi-usync
router.infolinks.com/dyn/ Frame 0D18
Redirect Chain
  • https://sync.go.sonobi.com/us?loc=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsonobi-usync%3Fuid%3D%5BUID%5D
  • https://router.infolinks.com/dyn/sonobi-usync?uid=444bc2b6-8815-4ff4-8ec3-afc1224e1c54
35 B
229 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/sonobi-usync?uid=444bc2b6-8815-4ff4-8ec3-afc1224e1c54
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
64bb71681af6cc42-ZRH
content-length
35
cf-request-id
09e905350b0000cc420a09b000000001
expires
Thu, 07 May 2020 15:22:18 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
Server
sonobi-go
Vary
negotiate,Accept-Encoding
X-Go-Server
xcp-ams-1-7-9
P3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://router.infolinks.com/dyn/sonobi-usync?uid=444bc2b6-8815-4ff4-8ec3-afc1224e1c54
Cache-Control
no-cache, no-store, private
Tcn
Choice
Content-Type
text/plain; charset=utf8
Content-Length
0
X-Xss-Protection
0
Expires
Sat, 26 Jul 1997 05:00:00 GMT
ca.png
s.cpx.to/ Frame 0D18
Redirect Chain
  • https://ib.adnxs.com/getuid?https://s.cpx.to/ca.png?ref=https%253A%252F%252Fwww.sawfirst.com%252F&pid=12306&adnxs_uid=$UID
  • https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fs.cpx.to%2Fca.png%3Fref%3Dhttps%25253A%25252F%25252Fwww.sawfirst.com%25252F%26pid%3D12306%26adnxs_uid%3D%24UID
  • https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.sawfirst.com%2F&pid=12306&adnxs_uid=6176158611501960343
95 B
945 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.sawfirst.com%2F&pid=12306&adnxs_uid=6176158611501960343
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.137.128 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-137-128.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache, no-cache
Content-Security-Policy
default-src 'self'
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Date
Fri, 07 May 2021 15:22:18 GMT
X-Frame-Options
sameorigin
Connection
keep-alive
P3P
CP="NOI DEV ADM"
Cache-Control
no-store, must-revalidate, private, max-age=0, no-store, must-revalidate, private, max-age=0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/png
Content-Length
95
Expires
Fri, 07 May 2021 15:22:18 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
X-Proxy-Origin
185.156.175.107; 185.156.175.107; 693.bm-nginx-loadbalancer.mgmt.fra1; adnxs.com; 37.252.172.239:80
AN-X-Request-Uuid
6785a959-64cb-47a0-8f9b-322b3c9712c7
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://s.cpx.to/ca.png?ref=https%3A%2F%2Fwww.sawfirst.com%2F&pid=12306&adnxs_uid=6176158611501960343
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sync
dsp.adkernel.com/ Frame 0D18 		42 B
233 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsp.adkernel.com/sync?exchange=202&r=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fearn-usync%3Fuid%3D%7BUID%7D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
Server
nginx
Age
0
Content-Type
image/gif
Cache-Control
no-store
Connection
keep-alive
Content-Length
42
outh-usync
router.infolinks.com/dyn/ Frame 0D18
Redirect Chain
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true
  • https://pixel.advertising.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
  • https://ups.analytics.yahoo.com/ups/58237/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP02a6bd9e-af48-11eb-bdd7-02ff53e5df28
  • https://router.infolinks.com/dyn/outh-usync?uid=y-OoXU7JFE2uHszuu9gybVSHDg30IxWT.i~A~UP02a6bd9e-af48-11eb-bdd7-02ff53e5df28
35 B
261 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/outh-usync?uid=y-OoXU7JFE2uHszuu9gybVSHDg30IxWT.i~A~UP02a6bd9e-af48-11eb-bdd7-02ff53e5df28
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
64bb71688b4ecc42-ZRH
content-length
35
cf-request-id
09e90535550000cc42f1b2a000000001
expires
Thu, 07 May 2020 15:22:18 GMT

Redirect headers

Date
Fri, 07 May 2021 15:22:18 GMT
Server
ATS/7.1.2.128
Age
0
Strict-Transport-Security
max-age=31536000
P3P
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location
https://router.infolinks.com/dyn/outh-usync?uid=y-OoXU7JFE2uHszuu9gybVSHDg30IxWT.i~A~UP02a6bd9e-af48-11eb-bdd7-02ff53e5df28
Connection
keep-alive
Content-Length
0
usersync
match.bnmla.com/ Frame 0D18 		0
114 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.bnmla.com/usersync?sspid=1000361&redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fenbd-usync%3Fuid%3D%5BUUID%5D
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
38.27.122.158 , United States, ASN174 (COGENT-174, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Fri, 07 May 2021 15:22:18 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
sovrn-usync
router.infolinks.com/dyn/ Frame 0D18
Redirect Chain
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID
  • https://ap.lijit.com/pixel?redir=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fsovrn-usync%3Fuid%3D%24UID&sovrn_retry=true
  • https://router.infolinks.com/dyn/sovrn-usync?uid=9ef80cf9c44c5205002d353e
35 B
219 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/sovrn-usync?uid=9ef80cf9c44c5205002d353e
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
64bb7169dc84cc42-ZRH
content-length
35
cf-request-id
09e90536250000cc422e143000000001
expires
Thu, 07 May 2020 15:22:18 GMT

Redirect headers

Date
Fri, 07 May 2021 15:22:18 GMT
Server
nginx
Location
https://router.infolinks.com/dyn/sovrn-usync?uid=9ef80cf9c44c5205002d353e
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap5ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Content-Length
0
usersync
router.infolinks.com/dyn/ Frame 0D18
Redirect Chain
  • https://image8.pubmatic.com/AdServer/ImgSync?p=60809&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D60809%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Frouter.infolink...
  • https://image4.pubmatic.com/AdServer/SPug?p=60809&pmc=1&pr=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fusersync%3Fpmuservalue%3D3AA1DAF0-D192-4834-9034-F848B28BA622
  • https://router.infolinks.com/dyn/usersync?pmuservalue=3AA1DAF0-D192-4834-9034-F848B28BA622
0
182 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/usersync?pmuservalue=3AA1DAF0-D192-4834-9034-F848B28BA622
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
cache-control
no-store
cf-ray
64bb7169bc65cc42-ZRH
content-length
0
cf-request-id
09e90536170000cc42f605f000000001

Redirect headers

Location
https://router.infolinks.com/dyn/usersync?pmuservalue=3AA1DAF0-D192-4834-9034-F848B28BA622
Date
Fri, 07 May 2021 15:22:17 GMT
Cache-Control
no-store, no-cache, private
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
P3P
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
iq-usync
router.infolinks.com/dyn/ Frame 0D18 		0
248 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/iq-usync
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cache-control
no-store
cf-ray
64bb71690bb5cc42-ZRH
content-length
0
cf-request-id
09e90535a20000cc42801bf000000001
zeta-usync
router.infolinks.com/dyn/ Frame 0D18
Redirect Chain
  • https://p.rfihub.com/cm?pub=43153&in=1
  • https://router.infolinks.com/dyn/zeta-usync?uid=1875819619595833070
35 B
214 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/zeta-usync?uid=1875819619595833070
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
64bb71698c27cc42-ZRH
content-length
35
cf-request-id
09e90535f30000cc42f4232000000001
expires
Thu, 07 May 2020 15:22:18 GMT

Redirect headers

Location
https://router.infolinks.com/dyn/zeta-usync?uid=1875819619595833070
Date
Fri, 07 May 2021 15:22:18 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
/
ssc-cms.33across.com/ps/ Frame 0D18 		0
72 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssc-cms.33across.com/ps/?ri=0010b00002CpYhEAAV&ru=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2F33a-usync%3Fuid%3D33XUSERID33X
Requested by
Host: router.infolinks.com
URL: https://router.infolinks.com/usync/manage?pid=3137868&wsid=0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.110.24 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip24.67-202-110.static.steadfastdns.net
Software
33XP002 /
Resource Hash

Request headers

Referer
https://router.infolinks.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-33x-status
2020008
date
Fri, 07 May 2021 15:22:17 GMT
server
33XP002
native.php
discovernative.com/script/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://discovernative.com/script/native.php?nwpsv=1&r=3840087&cbrandom=0.09752744647759992&cbWidth=1600&cbHeight=1200&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbref=&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbiframe=0&&callback=jsonp3607
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.31.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
openresty /
Resource Hash
d2051829c14b9ebcf712364f1f25fc760a9ee023995943d87a1fe45bb985047f

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
content-encoding
gzip
alt-svc
clear
server
openresty
content-type
application/json; charset=utf-8
access-control-allow-origin
*
link
<//discovernative.com>; rel=dns-prefetch,<//discovernative.com>; rel=preconnect,<//cdnativ.com>; rel=dns-prefetch,<//cdnativ.com>; rel=preconnect
via
1.1 google
native.php
discovernative.com/script/ 		8 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://discovernative.com/script/native.php?nwpsv=1&r=3843963&cbrandom=0.4810836664096907&cbWidth=1600&cbHeight=1200&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbref=&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbiframe=0&&callback=jsonp19233
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.31.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
openresty /
Resource Hash
5feac986fdd4a49ab07d9a85e6d75ceb7febbffc9dae0f8f963cf689690998c2

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
content-encoding
gzip
alt-svc
clear
server
openresty
content-type
application/json; charset=utf-8
access-control-allow-origin
*
link
<//discovernative.com>; rel=dns-prefetch,<//discovernative.com>; rel=preconnect,<//cdnativ.com>; rel=dns-prefetch,<//cdnativ.com>; rel=preconnect
via
1.1 google
crum
dsum-sec.casalemedia.com/ Frame E3F8
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=YJVbKuzp03YnJo4ueB9cJAAA
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMdoCe89oN_NdQiWaOD0xpo&google_cver=1
43 B
1000 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMdoCe89oN_NdQiWaOD0xpo&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 07 May 2021 15:22:18 GMT

Redirect headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEMdoCe89oN_NdQiWaOD0xpo&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame E3F8 		70 B
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/casale?cm_callback_url=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum&cm_dsp_id=39&cm_user_id=YJVbKuzp03YnJo4ueB9cJAAA
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.241.88.205 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-241-88-205.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
dcm
s.amazon-adsystem.com/ Frame E3F8
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YJVbKuzp03YnJo4ueB9cJAAABJ4AAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YJVbKuzp03YnJo4ueB9cJAAABJ4AAAIB&dcc=t
43 B
720 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YJVbKuzp03YnJo4ueB9cJAAABJ4AAAIB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.94.232.32 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
Server
Server
Vary
User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
Server
Server
Vary
User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=YJVbKuzp03YnJo4ueB9cJAAABJ4AAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame E3F8
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=YJVbKuzp03YnJo4ueB9cJAAABJ4AAAIB
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm=&google_hm=YJVbKuzp03YnJo4ueB9cJAAABJ4AAAIB&google_tc=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESENjsRBHpSb2EHdmpn2n-FGg&google_cver=1
43 B
315 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESENjsRBHpSb2EHdmpn2n-FGg&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
43
Expires
Fri, 07 May 2021 15:22:18 GMT

Redirect headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&google_gid=CAESENjsRBHpSb2EHdmpn2n-FGg&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
314
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame E3F8
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48
  • https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=48
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=c8c25c63-3ae9-4bef-89de-6aa5d0291181-60955b2a-4348&expiration=1622992938
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=c8c25c63-3ae9-4bef-89de-6aa5d0291181-60955b2a-4348&expiration=1622992938
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 07 May 2021 15:22:18 GMT

Redirect headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=64&external_user_id=c8c25c63-3ae9-4bef-89de-6aa5d0291181-60955b2a-4348&expiration=1622992938
cache-control
max-age=0,no-cache,no-store
content-length
0
expires
Tue, 11 Oct 1977 12:34:56 GMT
rum
dsum-sec.casalemedia.com/ Frame E3F8
Redirect Chain
  • https://pixel.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=ioJndonQbCKRhjtz34RzIY7RaieRgDwn3dCEpmZ6
43 B
1013 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=ioJndonQbCKRhjtz34RzIY7RaieRgDwn3dCEpmZ6
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 07 May 2021 15:22:18 GMT

Redirect headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&gdpr=1&external_user_id=ioJndonQbCKRhjtz34RzIY7RaieRgDwn3dCEpmZ6
cache-control
private, no-cache, no-store, proxy-revalidate
content-length
0
expires
Fri, 04 Aug 1978 12:00:00 GMT
crum
dsum-sec.casalemedia.com/ Frame E3F8
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/ie
  • https://match.prod.bidr.io/cookie-sync/ie?_bee_ppp=1
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAAzFE7BKrYAACxMY9RKPQ&expiration=1621610538
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAAzFE7BKrYAACxMY9RKPQ&expiration=1621610538
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 07 May 2021 15:22:18 GMT

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=130&external_user_id=AAAzFE7BKrYAACxMY9RKPQ&expiration=1621610538
Date
Fri, 07 May 2021 15:22:18 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
crum
dsum-sec.casalemedia.com/ Frame E3F8
Redirect Chain
  • https://p.rfihub.com/cm?in=1&pub=2079
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1875819619595833070
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1875819619595833070
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 07 May 2021 15:22:18 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 07 May 2021 15:22:18 GMT

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=57&external_user_id=1875819619595833070
Date
Fri, 07 May 2021 15:22:18 GMT
Server
Jetty(9.3.29.v20201019)
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
ix-usync
router.infolinks.com/dyn/ Frame E3F8 		35 B
337 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://router.infolinks.com/dyn/ix-usync?uid=YJVbKuzp03YnJo4ueB9cJAAA%261182
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Frouter.infolinks.com%2Fdyn%2Fix-usync%3Fuid%3D&s=191306&C=1
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.67.39.17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d

Request headers

Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NON DSP NID OUR COR"
content-type
image/gif
cache-control
no-store, no-cache, private
cf-ray
64bb71685b2fcc42-ZRH
content-length
35
cf-request-id
09e905353b0000cc4203203000000001
expires
Thu, 07 May 2020 15:22:18 GMT
native.php
discovernative.com/script/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://discovernative.com/script/native.php?nwpsv=1&r=3840087&cbrandom=0.6061809771265154&cbWidth=1600&cbHeight=1200&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbref=&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbiframe=0&&ufp=2040104647276067080449587167&callback=jsonp171949
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.31.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
openresty /
Resource Hash
c9f12c14fd7453b501896a6f8710db47db880c8a25c5aadef971bdf41c01c362

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
content-encoding
gzip
alt-svc
clear
server
openresty
content-type
application/json; charset=utf-8
access-control-allow-origin
*
link
<//discovernative.com>; rel=dns-prefetch,<//discovernative.com>; rel=preconnect,<//cdnativ.com>; rel=dns-prefetch,<//cdnativ.com>; rel=preconnect
via
1.1 google
native.php
discovernative.com/script/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://discovernative.com/script/native.php?nwpsv=1&r=3843963&cbrandom=0.6193389904124118&cbWidth=1600&cbHeight=1200&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbref=&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbiframe=0&&ufp=2040104647276067080449587167&callback=jsonp544119
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.31.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
content-encoding
gzip
alt-svc
clear
server
openresty
content-type
application/json; charset=utf-8
access-control-allow-origin
*
link
<//discovernative.com>; rel=dns-prefetch,<//discovernative.com>; rel=preconnect,<//cdnativ.com>; rel=dns-prefetch,<//cdnativ.com>; rel=preconnect
via
1.1 google
style.js
superonclick.com/script/ 		40 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://superonclick.com/script/style.js
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/native_render.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3037::6815:293c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
07e8d6ea069f651d48ad47731cce6d24417176b3a353554f40fe2d5f8b81afb1

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-goog-hash
crc32c=r+9kWg==, md5=9vnEM2N/er/68OuRi4OHTA==
date
Fri, 07 May 2021 15:22:18 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"max_age":604800,"report_to":"cf-nel"}
age
3401
x-guploader-uploadid
ABg5-UzK_ZrcCVCauhLePG--Ux2MRLyyQJZxsdzL8wMGFtGjRkADxsXRV1k5UyXdBNmy1pYbs-Qcn8Ok0VglbFSByPRdJdq_qQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90535b500002c4a80883000000001
last-modified
Thu, 10 Oct 2019 07:15:34 GMT
server
cloudflare
etag
W/"f6f9c433637f7abffaf0eb918b83874c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5JRX6cpjvpOrdN5bYhkFrE9F57yI%2BErwpUAvQEQVKQYzThXkaR0cGzAxuuYomANWSD6nQRPEAm%2BcNJhkjglGvL6QJcq5i9FNfRDxtjaIkx7bZvt%2FeEH1hKZRh6LT"}],"group":"cf-nel"}
x-goog-generation
1570691734888336
access-control-allow-origin
*
content-type
text/javascript
cache-control
public, max-age=14400
x-goog-stored-content-length
41280
cf-ray
64bb71692d5a2c4a-FRA
expires
Fri, 07 May 2021 15:25:37 GMT
7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
cdnativ.com/extban/239683620/creatives/23179834/ 		363 KB
363 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179834/7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6680
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90535f0000006141db72000000001
last-modified
Mon, 16 Nov 2020 12:52:41 GMT
server
cloudflare
etag
W/"5fb27619-5aaff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5fsh7l9LeVARrlFxyx%2BKYI17nwBmZptZQ3eesKYS1uXTzjkn3jzNB5k79xIltMIwukfP%2FeRHykxtmA0nK4NBCp%2BTvTHDbn%2BJZ46SWraYLg4w4v9oSryPng%3D%3D"}]}
content-type
image/png
cache-control
max-age=14400
cf-ray
64bb71697d4e0614-FRA
f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
cdnativ.com/extban/239683620/creatives/23179830/ 		75 KB
75 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179830/f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6928
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90535ed00000614380a0000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-12b79"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CzDrEU%2BPPnoZFbAkvunBBEoMYApDgtfwSPoUR1PvZCmZHfCowywn8RsWQ8xnmFp7pbId3vyTM9p%2FRo%2FNryMJYvMlfSo%2F041pP77A7RPD0gFYhJe9ibL4eg%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb71697d560614-FRA
ebc5000b0b68219bf2d5ef7c88b3d513_3936.jpg
cdnativ.com/extban/239683620/creatives/23179828/ 		104 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179828/ebc5000b0b68219bf2d5ef7c88b3d513_3936.jpg
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3588
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90535ed000006141a04e000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-1a053"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dGqWJsaC9SqKkApF4%2FwLAN%2FEJdFI6RWOtqsxYwHiM0g4tZBgqgFEV%2BCSR8qrtp4ZwxL0OkDLB3UnB8yxegRLjPryQ2qKAA2TZtnhwxyOw%2Fw6ovMe8XFtiQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb71697d580614-FRA
9728faf5e1ee67b2138b0c8923878c15_6081.jpg
cdnativ.com/extban/240842820/creatives/23185374/ 		39 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/240842820/creatives/23185374/9728faf5e1ee67b2138b0c8923878c15_6081.jpg
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
85a798dbaf61d64cf6f6bf7d0ca57de472b5d15ffa3ed24bfaccaa66870ee5a5

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3634
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90535ee000006144e9ce000000001
last-modified
Tue, 24 Nov 2020 13:16:38 GMT
server
cloudflare
etag
W/"5fbd07b6-9b3a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2B%2BGZHWZr5bf3TreZv6gDAjS4QJcYmYrc5I68umCZG4tl9YDzkVOmNC44ouwtSXC7BsQo%2FfvFFI8GbWpotMcxMkpO67Ilp2l%2FldbbwU7IkYWdb1kc1QKTdQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb71697d5b0614-FRA
1cd7712e9337d85c2a8d59556b57889a_6057.jpg
cdnativ.com/extban/237524220/creatives/23169142/ 		37 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/237524220/creatives/23169142/1cd7712e9337d85c2a8d59556b57889a_6057.jpg
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3320
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90535ee000006140a9f2000000001
last-modified
Fri, 30 Oct 2020 12:43:14 GMT
server
cloudflare
etag
W/"5f9c0a62-9465"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iXIZKsc6FKnb9A24%2FKSHbBttesIE9OzXksFoHwZenen8vCg0j85xj7h1UyfRPJ7xqUTjiG%2B2gNcYNscjMgmRLM8EyJOAFzD8m%2FJmvdE3aTCQj6MJP9zWDA%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb71697d5c0614-FRA
e1baa8309e20b8e8c8b7670d5f6ea902_8591.jpg
cdnativ.com/extban/242845620/creatives/23195676/ 		90 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195676/e1baa8309e20b8e8c8b7670d5f6ea902_8591.jpg
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6875
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90535ee000006140d387000000001
last-modified
Thu, 10 Dec 2020 14:21:16 GMT
server
cloudflare
etag
W/"5fd22edc-168c9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"max_age":604800,"group":"cf-nel","endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mOq3GorFcvXcKsJKYCIZoq1QaI6JuV2IMd4IWg37Hrb96%2BM6mCwC8UbBsGuxzfzCsBclyaAq0rk6UOMmQwyW9YIkzKyLYJX56rmlpCbXR1y4NWzq%2B1T%2Fsw%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb71697d5d0614-FRA
6267528ddbd716c9059e0004f868d219_4767.jpg
cdnativ.com/extban/237524220/creatives/23169212/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/237524220/creatives/23169212/6267528ddbd716c9059e0004f868d219_4767.jpg
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3803
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905361600004e494690a000000001
last-modified
Fri, 30 Oct 2020 12:51:59 GMT
server
cloudflare
etag
W/"5f9c0c6f-8b8c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Faa9fb%2FWHul%2FdOwEFuxJvz6BQK0J1%2B27bbbfkgTF7nVML1TMAOhuM1w9DEXkdPZ9kDxqZGwSL4hlv1VtHgBAXzClu6yhA9F9zd27IRhIcjo7AqZ4uZCAjQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb7169be4f4e49-FRA
bf7998c6e8b15bdab3de55637bfed575_5782.jpg
cdnativ.com/extban/237524220/creatives/23169146/ 		50 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/237524220/creatives/23169146/bf7998c6e8b15bdab3de55637bfed575_5782.jpg
Requested by
Host: www.sawfirst.com
URL: https://www.sawfirst.com/
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4354
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905361600004e49f403b000000001
last-modified
Fri, 30 Oct 2020 12:44:15 GMT
server
cloudflare
etag
W/"5f9c0a9f-c75a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LG93rl5fO%2F1CZxdIcS3PvGjEVrYRoxJOg9XgMrg9jJMNQly3tpQOS875oYwtgq6P9AhubWUariL%2Bgg0EjQTk7yIjQ3P8363I3xMMNmHBkXnj%2B37nn6Q%2BIw%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb7169be4d4e49-FRA
truncated
/ 		350 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 92BE 		350 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
cdnativ.com/extban/239683620/creatives/23179834/ Frame 92BE 		363 KB
364 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179834/7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6680
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90536a900004e49473db000000001
last-modified
Mon, 16 Nov 2020 12:52:41 GMT
server
cloudflare
etag
W/"5fb27619-5aaff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ERBY3W4evqgfiznB1YmX6JSlO7vyM9iYZqcnwKLf6yvn9yesPBPoawwg5x0WCHPSqBgooZm2W7tfHcsfEAuvvR2TvdNet2Roeovztzu6SF7YGBsMMb7hJg%3D%3D"}]}
content-type
image/png
cache-control
max-age=14400
cf-ray
64bb716aa9074e49-FRA
f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
cdnativ.com/extban/239683620/creatives/23179830/ Frame 92BE 		75 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179830/f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6928
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90536a900004e491180a000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-12b79"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=fWN4fSFYfHnehvDy%2BETJ84eKiQKHhK8gIqKG7rFUADWsoT6wasjf3BvsC%2BxYZ2YAqZUhs9z2x1wOCTinIdh45m%2FaGdsMIXl4w5KcHLLNfSgv%2FxtQzj%2BJAw%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716aa90c4e49-FRA
ebc5000b0b68219bf2d5ef7c88b3d513_3936.jpg
cdnativ.com/extban/239683620/creatives/23179828/ Frame 92BE 		104 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179828/ebc5000b0b68219bf2d5ef7c88b3d513_3936.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3588
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90536a900004e4968166000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-1a053"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=CnstWuaZESI8GLX3Ea5H4RgtSlswBvbrdLMR4HYr%2FHej2otQY3z%2BmqVKyAoyNxkgCRdfllPDOddWUGuWN4JHvEwQnmxCH2Hzcd2lQzeRcTknAy0QKQoATQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716aa90e4e49-FRA
9728faf5e1ee67b2138b0c8923878c15_6081.jpg
cdnativ.com/extban/240842820/creatives/23185374/ Frame 92BE 		39 KB
39 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/240842820/creatives/23185374/9728faf5e1ee67b2138b0c8923878c15_6081.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3634
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90536aa00004e4955980000000001
last-modified
Tue, 24 Nov 2020 13:16:38 GMT
server
cloudflare
etag
W/"5fbd07b6-9b3a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=k7GuknNUWyr%2FsoveAF6hAsbu%2BsSDVa%2BCx46L58aYci%2FN%2FwWbNNnUHos%2FzGRcA5AZTNkdQ0sYBIdbEs7X2xV%2FBU9pEMbvcrkXnrRZtwppPdd9SsFVOhbB1A%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716aa9104e49-FRA
1cd7712e9337d85c2a8d59556b57889a_6057.jpg
cdnativ.com/extban/237524220/creatives/23169142/ Frame 92BE 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/237524220/creatives/23169142/1cd7712e9337d85c2a8d59556b57889a_6057.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3320
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90536aa00004e49310fa000000001
last-modified
Fri, 30 Oct 2020 12:43:14 GMT
server
cloudflare
etag
W/"5f9c0a62-9465"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dpa9w5ih9OrebTEKAECWos7XnUOWDWAjcDzf8RwywUeXvxD7Y74cIY5%2BfmmuQ6BP5cBaJRS55J3ZkuHzZ4d7Z3Pt5YIB2FOK2jdKzdWwuh5FnbjCAU9woA%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716aa9114e49-FRA
e1baa8309e20b8e8c8b7670d5f6ea902_8591.jpg
cdnativ.com/extban/242845620/creatives/23195676/ Frame 92BE 		90 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195676/e1baa8309e20b8e8c8b7670d5f6ea902_8591.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6875
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90536aa00004e495f91c000000001
last-modified
Thu, 10 Dec 2020 14:21:16 GMT
server
cloudflare
etag
W/"5fd22edc-168c9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=hDzqrZ%2BcxFx3Xl8R%2FwVm8m%2FyPrgWw8TllkAiBzS0BaAD14DBU3iSjIKm%2FWP65YQV7TBqf0qAhesQXJxaQmqekgrNc2gOTzRa2Y5cA4HiSf2DmiYeldmsiw%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716aa9124e49-FRA
6267528ddbd716c9059e0004f868d219_4767.jpg
cdnativ.com/extban/237524220/creatives/23169212/ Frame 92BE 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/237524220/creatives/23169212/6267528ddbd716c9059e0004f868d219_4767.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3803
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90536b200004e4938be0000000001
last-modified
Fri, 30 Oct 2020 12:51:59 GMT
server
cloudflare
etag
W/"5f9c0c6f-8b8c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tFRV5NJwhDlMcU65l7NeQPYk8JXNmD08lRpaMl52k7rlh1eUk7qp2x%2F63aHTKqbI9wSg08%2BcvKPBHSYjddBpsaRrNiDNHLFMmDwrbNsRrwxWPx2UYd1SIg%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716aa9154e49-FRA
bf7998c6e8b15bdab3de55637bfed575_5782.jpg
cdnativ.com/extban/237524220/creatives/23169146/ Frame 92BE 		50 KB
51 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/237524220/creatives/23169146/bf7998c6e8b15bdab3de55637bfed575_5782.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4354
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90536b200004e4905187000000001
last-modified
Fri, 30 Oct 2020 12:44:15 GMT
server
cloudflare
etag
W/"5f9c0a9f-c75a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cc1LpQHkhlUdxCR6AfUiyFzIhacOxyVF%2B1IC31MqFkWlgE7nqYPzi%2B%2BGrnPhaAM3TcS6zuYReDGKU9YHw4fGEnGZsLMnvqf1FfDDZu4%2BnkdlTH6FPmK49A%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716aa9404e49-FRA
i.php
discovernative.com/script/ Frame 92BE 		0
61 B 		Script
General
Check archive.org
Download Go to
Full URL
https://discovernative.com/script/i.php?stamat=m%7C%2C%2CwiLuo3f_oGU3BZ-GH0dEdHP3xP.1e6%2CzC1U6ta043l2ztyHKG3w8iUp_UlhHu5JApfGpIl7Gh_RnT4xRnjiWrFGIaiHZtmljg2xgTmQJlE9XbUh2kQAk6frC-5yWnU5DwWG2r2XW0MNQ2y35k_MPNKV8C_We7ZIFpCPJQdR5mZmpunEVmj5wqvo4LjNx4nM1p0KP6yOYR3urtgp1UfM5kB_9CLsvgaNg_7kICAj2JjJCf9bZKhwtmhKrnb-_Stzvv4isvLFhQRf5vNQD2PtfJIm-7MnWKgl3rdI8_ILTedHu66jcA2RpZIgN1nmlLl4UnpO9U_t8hUpbLJAAelnQgUJs4EnCNelwdi62ENPqA1N2aP5E-Y4wiEeGG6thkHTDsTps3OXQ---Mrqopw6A5dbbP3P_NiokT0Zi6rSpQbmmeLTONm78ddy_bzRZnE_BPVV2_rNuMGiE1lfvnaLMYjzHmnJaz7Pb5qqsxcBlC2dNzOw_4RPvNAosmH9c43VjX7OU_c2fUZWJWi8_PjQU_cigf1y326F93GVmQk76wyxAjCIv1nS15lZVEj1zQ0hbB6KBrRauEnsMCltgLF_mmNmnrHn7GhkoWkHq98wCNGLjnxSWApUtNpF4384AbxvUowgtntCK-9bJmLtU2L_GxGzY3n1XWvw4AT9pabQ5dgWYSFgOE7GSW2ymbrhvB6kSEtV5DiZkpLIq-ufC3oTFIkBdyIbwjb_PWgtugtP4oAQ-grzKcjAhIA%2C%2C&track=0,1,2,3,4,5,6,7
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.31.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
referrer-policy
no-referrer
server
openresty
alt-svc
clear
ebc5000b0b68219bf2d5ef7c88b3d513_3936.jpg
cdnativ.com/extban/239683620/creatives/23179828/ 		104 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179828/ebc5000b0b68219bf2d5ef7c88b3d513_3936.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3588
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905379800004e49649cf000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-1a053"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dSaecZvnQPAR7%2Bj%2BssDfxElmE0BLKVjn0PZvWIPeY77vbWEn4ZOcShRAdA3Vs%2Bx%2FB%2FYfBfcx5f7LJMiVZrdK5r0sBGJ02Bx52xZR5wGywhg9sn8yb1qlAQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716c2e024e49-FRA
f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
cdnativ.com/extban/239683620/creatives/23179830/ 		75 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179830/f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6928
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905379900004e49473fa000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-12b79"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IJ9ixiacSzGae8gcrpZk2ufWdWQ6%2FskHnX5lHztm8YGLrvYkqjXg5dXhsAkRWRtT4xFjMYgrB%2B22jJM3IUJH3sHqR14%2By02EthLB1mXxzMP9KPLKGtPVzA%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716c2e074e49-FRA
7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
cdnativ.com/extban/239683620/creatives/23179834/ 		363 KB
364 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179834/7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6680
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905379a00004e49589c1000000001
last-modified
Mon, 16 Nov 2020 12:52:41 GMT
server
cloudflare
etag
W/"5fb27619-5aaff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xtl1U9oqzlSpDlNYcxGH5MVs8dng47nlID7%2BKpiYO%2BbLPImcVlXSSKig96xxpkw9%2Bh8e4n6lzvvhrL2YobCIMlatdMawPjSADOeZVFk8f61CCyP5QS8n5w%3D%3D"}]}
content-type
image/png
cache-control
max-age=14400
cf-ray
64bb716c2e0a4e49-FRA
79413ab48d01e399d4b9b04a8a27ad96_3783.jpg
cdnativ.com/extban/242846220/creatives/23195690/ 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242846220/creatives/23195690/79413ab48d01e399d4b9b04a8a27ad96_3783.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
314
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905379a00004e49559a0000000001
last-modified
Thu, 10 Dec 2020 14:22:43 GMT
server
cloudflare
etag
W/"5fd22f33-c123"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=M3HGCLIY8hyjmB78V%2Fp3WyMely4kPpFJQEKp6dlrxVGh6rrbCCg7kBeqyztUWyvB30Wj6L71nx1iUbkf9a%2B6DSYPU%2Bpr%2FNjGvrCRTatAPWjwvO2MpwrvcQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716c2e0c4e49-FRA
ebc5000b0b68219bf2d5ef7c88b3d513_3936.jpg
cdnativ.com/extban/239683620/creatives/23179828/ 		104 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179828/ebc5000b0b68219bf2d5ef7c88b3d513_3936.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3588
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537cd00004e492da2b000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-1a053"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=RtJrp%2F59qyIA8Y83bXc4CKhk4dAiq6VGicJMUhfdYPRPT1UunAwKfi25x5%2Fhr23RTiue7yKqiqbWJUbm0FXnvUcKjh7NEVzTUNRK5sAz4uiDxLxK7M7yRA%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716c7ede4e49-FRA
79413ab48d01e399d4b9b04a8a27ad96_3783.jpg
cdnativ.com/extban/242846220/creatives/23195690/ 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242846220/creatives/23195690/79413ab48d01e399d4b9b04a8a27ad96_3783.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
314
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537ce00004e490a8d3000000001
last-modified
Thu, 10 Dec 2020 14:22:43 GMT
server
cloudflare
etag
W/"5fd22f33-c123"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=3fOyHVjpIeie%2B6L7AP9XNs%2Fi1CVVgJBZgMvRBbQ9Hl2CJVaN9CMXUe744CMDL7bq4TqrdQCF8DZ4SdFpL5dPWI167yGAXOyrtJ0bnioYpGXswCGnPrdwpg%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716c7ee04e49-FRA
f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
cdnativ.com/extban/239683620/creatives/23179830/ 		75 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179830/f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6928
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537ce00004e4902099000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-12b79"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=GVdz4U%2FOzIfM4%2BAbDmKeswNv%2B7iDQ3Bm9fYG5hBC0SZ4v7lWhG2e0omgDBKTVIAGgHstPyD8FS1hv7%2BlwQdYM9su2lfUw1UDh8ezipbA5ArVvPuRm9dGpQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716c7ee24e49-FRA
7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
cdnativ.com/extban/239683620/creatives/23179834/ 		363 KB
363 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179834/7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6680
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537cf00004e493493f000000001
last-modified
Mon, 16 Nov 2020 12:52:41 GMT
server
cloudflare
etag
W/"5fb27619-5aaff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1jEjQFieMho%2B%2F5XPru5gdvZMlgTQAWlZlgqHhTOHbhSQ1t7wXfYGJAz1eQXwLi08L%2FZ6FmLKrAawYapfNRNZfe42I0mVJrrzrQh5lGPvnOsPV0oomPxdXw%3D%3D"}]}
content-type
image/png
cache-control
max-age=14400
cf-ray
64bb716c7ee74e49-FRA
b1551975560d82a8fea104e33134c4a2_1320.jpg
cdnativ.com/extban/242845620/creatives/23195678/ 		78 KB
79 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195678/b1551975560d82a8fea104e33134c4a2_1320.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1151
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537e300004e492e065000000001
last-modified
Thu, 10 Dec 2020 14:21:17 GMT
server
cloudflare
etag
W/"5fd22edd-138ae"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9bjdZa2Khk4m57N8DHA%2FV2CR%2FmMaybsjh7j8VzHyZgfKkpjsMvFgRslskt1X3ppWJg8Fuxn4w4%2FQTnd5Cm56l1IBZvwP5ex7EplE%2Bi2xyb%2BvJ5p6FSXkuQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716c9f3b4e49-FRA
79413ab48d01e399d4b9b04a8a27ad96_3653.jpg
cdnativ.com/extban/242845620/creatives/23195682/ 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195682/79413ab48d01e399d4b9b04a8a27ad96_3653.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:18 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
39
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537e300004e496b25e000000001
last-modified
Thu, 10 Dec 2020 14:21:20 GMT
server
cloudflare
etag
W/"5fd22ee0-c123"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2F1F%2B2Q8ZlJUEmAF1nKK3vtt0g%2BIxMkvWye%2FbkSLOHAPnpcC3C24AwsoCEvAlFklgyZNiMwyR86uXmuhdlJnWB6KWnowslQ6jqxOZOvyCIGFfD0Jt5VM0OQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716c9f3f4e49-FRA
7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
cdnativ.com/extban/239683620/creatives/23179834/ 		363 KB
364 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179834/7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6681
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537f600004e496f31f000000001
last-modified
Mon, 16 Nov 2020 12:52:41 GMT
server
cloudflare
etag
W/"5fb27619-5aaff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5ydMzIP9Por9Yo299z6Jd%2BTxh7JqkwS%2Bc7LVSjwxWa4rXYw9qEyXEW8NQ%2FXy45spUWM8wgsp7N4SVhxa13s7OSQsAStDyYVdu0ArNicHfaHr3%2BoiM5r4%2Fg%3D%3D"}]}
content-type
image/png
cache-control
max-age=14400
cf-ray
64bb716cbf8c4e49-FRA
f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
cdnativ.com/extban/239683620/creatives/23179830/ 		75 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179830/f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6929
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537f800004e4938809000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-12b79"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pVh6WlfwHUvUSxgcc92jUUol%2B7daNbTVXmj4ggE%2BYmrxNE4KrT6T5clkze8CSUnFzq1%2FWZG0gTX4q7DtbarEK%2BlWXLAumx3oYuv0%2Fiji8PPqpMGVmhjnGg%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716cbf944e49-FRA
b1551975560d82a8fea104e33134c4a2_1320.jpg
cdnativ.com/extban/242845620/creatives/23195678/ 		78 KB
79 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195678/b1551975560d82a8fea104e33134c4a2_1320.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1152
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537f800004e492e068000000001
last-modified
Thu, 10 Dec 2020 14:21:17 GMT
server
cloudflare
etag
W/"5fd22edd-138ae"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dJppiPuklBh6LckxxPO%2FgXnkrwqWn6Ymu9oXEAFTB1y3EddCHf9CtFrEFDJ%2BZOuq3Dw9eAt6Q5E0WbvhBL1JjhJLIbbdWofu%2B1J4adsK2H%2FC%2BswbNW5zNA%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716cbf9c4e49-FRA
79413ab48d01e399d4b9b04a8a27ad96_3653.jpg
cdnativ.com/extban/242845620/creatives/23195682/ 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195682/79413ab48d01e399d4b9b04a8a27ad96_3653.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
40
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537f900004e4931126000000001
last-modified
Thu, 10 Dec 2020 14:21:20 GMT
server
cloudflare
etag
W/"5fd22ee0-c123"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zx6iaI5Iz%2Ft%2BG6r99Arw1voLzVNF%2BnR5yHXt1KPCiHsg3KWJc8ndc2VnwZbN60oonutvAZTYBQxh16YaALcpR74FyTko1OMxd685Ak%2BbEBttxOF0CXWB4A%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716cbf9f4e49-FRA
6267528ddbd716c9059e0004f868d219_4767.jpg
cdnativ.com/extban/237524220/creatives/23169212/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/237524220/creatives/23169212/6267528ddbd716c9059e0004f868d219_4767.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3804
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537fd00004e490209d000000001
last-modified
Fri, 30 Oct 2020 12:51:59 GMT
server
cloudflare
etag
W/"5f9c0c6f-8b8c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ml%2FbyU03jDjPqYgSOM1e3u27RpxkIYyxsP5vBJ6bK8QX8BlW7eC9Jfd7RyQbffziXonwqb3HwOShmGnlUfjI7%2Be37S9VmmkU0a%2BaR9LkQmNJkunozMrbVg%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716ccfa64e49-FRA
e1baa8309e20b8e8c8b7670d5f6ea902_8591.jpg
cdnativ.com/extban/242845620/creatives/23195676/ 		90 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195676/e1baa8309e20b8e8c8b7670d5f6ea902_8591.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6876
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537fd00004e49051b5000000001
last-modified
Thu, 10 Dec 2020 14:21:16 GMT
server
cloudflare
etag
W/"5fd22edc-168c9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=lhfhzT33%2FncH8qGABL0oKf0mjF6prO9VLZU3NDPqgXBQm6eKI6VU4gmC30Fk1ABIN%2BShWDMaRzsE%2BxV4uAzWzbKxiv9XpyUuLeU%2F0znfF4wz0OFGa8OCCQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716ccfaa4e49-FRA
1cd7712e9337d85c2a8d59556b57889a_6057.jpg
cdnativ.com/extban/237524220/creatives/23169142/ 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/237524220/creatives/23169142/1cd7712e9337d85c2a8d59556b57889a_6057.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3321
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537fe00004e49f6af1000000001
last-modified
Fri, 30 Oct 2020 12:43:14 GMT
server
cloudflare
etag
W/"5f9c0a62-9465"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TCN5BHfHOwXQmXRx9BixyNmBPQz3%2BhjunDc422VqxjMQ54l%2FD5ytrCLXOXMVoJygSpjTNyj92kDujsnfWt7DSjHWa%2BiWmIlvsOtYmrSbqlzP3BA6QXmz7w%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716ccfad4e49-FRA
1b55976ecf1e58ae015b1f9cbdff0eb5_3784.jpg
cdnativ.com/extban/240808020/creatives/23185326/ 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/240808020/creatives/23185326/1b55976ecf1e58ae015b1f9cbdff0eb5_3784.jpg
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4061
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e90537fe00004e490a8d9000000001
last-modified
Tue, 24 Nov 2020 12:55:19 GMT
server
cloudflare
etag
W/"5fbd02b7-8132"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=IJ%2Bu7mq%2Fw0U8xtezx6Yx0GqpffipH%2Bj9V%2F5J1Kr7L9CS1C2EIJMGZFMuaOrugyqyJmxrs%2FA635oMinYyXHkhctLkVC%2FgaWMqsuTCDrrn9UM6oplOBgo09w%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716ccfb04e49-FRA
7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
cdnativ.com/extban/239683620/creatives/23179834/ 		363 KB
363 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179834/7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6681
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905382800004e492e06f000000001
last-modified
Mon, 16 Nov 2020 12:52:41 GMT
server
cloudflare
etag
W/"5fb27619-5aaff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=YekMbK0tTAdoI7StqpdWAq8BTYr4gqSryxZUj%2BemkXrZhjlbBj5uj07mYqYnW9TPwkQdopSQeAnyagWh%2FSw3I5zV3Ql77JA6FEI117byv%2FhRTyhms1HMqA%3D%3D"}]}
content-type
image/png
cache-control
max-age=14400
cf-ray
64bb716d087b4e49-FRA
f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
cdnativ.com/extban/239683620/creatives/23179830/ 		75 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179830/f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6929
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905382800004e496b265000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-12b79"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=46xGrP%2FSXxujBPWjVYmmPTzH0Y%2F4k65ut0q7ehwNbbIcRUJ8lIYhDnmrJaT8M6Qk0UDiDAAxq8hyl2Bzk4JYEKCKC%2FOZxaVo%2Bbxv25qf2NHK2Rx3etn%2Btg%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716d087f4e49-FRA
6267528ddbd716c9059e0004f868d219_4767.jpg
cdnativ.com/extban/237524220/creatives/23169212/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/237524220/creatives/23169212/6267528ddbd716c9059e0004f868d219_4767.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3804
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905382800004e494c233000000001
last-modified
Fri, 30 Oct 2020 12:51:59 GMT
server
cloudflare
etag
W/"5f9c0c6f-8b8c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=7ojukB0OOfi6EBBM5dTTXdfoOifPE4ob4MuUfhh89%2Bte4yzLyLsajBT8JC3HgFfx1kjP3Yq%2F3VMwUQml3YNpzFUVkHbsEHZmqzN2wLuebLu1KayFUeJ30A%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716d08804e49-FRA
e1baa8309e20b8e8c8b7670d5f6ea902_8591.jpg
cdnativ.com/extban/242845620/creatives/23195676/ 		90 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195676/e1baa8309e20b8e8c8b7670d5f6ea902_8591.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6876
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905382900004e4943927000000001
last-modified
Thu, 10 Dec 2020 14:21:16 GMT
server
cloudflare
etag
W/"5fd22edc-168c9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2F3%2BJ3zG%2B3pksQdhxlx9vfAtQcEsGG1I0IGmTgTuCwvxUJTz7QQFg7%2F0j2sTaRb2DwtOiG3qmPAwPwkcKWhBFb4Zo1dIx13%2B7HTaBSQKsm%2FaNPj5OvbziHg%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716d08824e49-FRA
1b55976ecf1e58ae015b1f9cbdff0eb5_3784.jpg
cdnativ.com/extban/240808020/creatives/23185326/ 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/240808020/creatives/23185326/1b55976ecf1e58ae015b1f9cbdff0eb5_3784.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4061
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905382900004e49649df000000001
last-modified
Tue, 24 Nov 2020 12:55:19 GMT
server
cloudflare
etag
W/"5fbd02b7-8132"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=JAUg8pyYORV7jPGvado2jFDITsobnt2xdoMAW77Ap2n7gxhZTnvUXQHwMkFg6aX8GyOwArHA9ACv9cdC%2BXF1mmCfO%2BRY1nCgHRXtWEsyEOSqzbAfPiwpSQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716d08844e49-FRA
1cd7712e9337d85c2a8d59556b57889a_6057.jpg
cdnativ.com/extban/237524220/creatives/23169142/ 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/237524220/creatives/23169142/1cd7712e9337d85c2a8d59556b57889a_6057.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3321
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905382f00004e490a8e0000000001
last-modified
Fri, 30 Oct 2020 12:43:14 GMT
server
cloudflare
etag
W/"5f9c0a62-9465"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HjfV%2FJ8ECV5EijOHi%2FHjwyGktWnxK0Dvk1xqqp9zB5clR5AX07V1gwD0oRfD7ATOe5xOpmROvwRNV606QkueBt4PuBQ3clxWvO%2FFWzTSmMZvc%2F%2Bu1OgdZA%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716d08864e49-FRA
79413ab48d01e399d4b9b04a8a27ad96_3653.jpg
cdnativ.com/extban/242845620/creatives/23195682/ 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195682/79413ab48d01e399d4b9b04a8a27ad96_3653.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
40
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905383000004e493a396000000001
last-modified
Thu, 10 Dec 2020 14:21:20 GMT
server
cloudflare
etag
W/"5fd22ee0-c123"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=I33TbedkneVrXPwl0flmEyWQaWsuwHWJ6fCCCD7dERd0fVNS5taxHFQOxyNqen7AQhJORMofSg6LsAlbOFVK8msEeouQX6N99OKYDje3v6PfiMLUa2nRgQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716d08944e49-FRA
b1551975560d82a8fea104e33134c4a2_1320.jpg
cdnativ.com/extban/242845620/creatives/23195678/ 		78 KB
79 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195678/b1551975560d82a8fea104e33134c4a2_1320.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://www.sawfirst.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1152
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905383000004e49f381a000000001
last-modified
Thu, 10 Dec 2020 14:21:17 GMT
server
cloudflare
etag
W/"5fd22edd-138ae"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=zFiY71tN670ip2quL%2FQuCa5N%2B6cdPbTidUkpRFjpND9K2m%2BJcCJ%2FoouAPW%2F3cxvy3fvPX3Jh8vKOnUcd0%2BB4a7ad%2BG5eVIGifCUeqgjsPWX%2BVE2vgM%2BaAw%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716d08974e49-FRA
truncated
/ Frame FEB0 		350 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
ebc5000b0b68219bf2d5ef7c88b3d513_3936.jpg
cdnativ.com/extban/239683620/creatives/23179828/ Frame FEB0 		104 KB
105 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179828/ebc5000b0b68219bf2d5ef7c88b3d513_3936.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3589
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905385f00004e492da3c000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-1a053"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LN3y9vUwve7i4OyzerXXit4l684h%2BXI8PonipIfJKR5%2BkLkgG3P50%2FLJhGJWRcBoilvhyLnRQnYUZIL%2FuhYTTpnnwdVT%2FbCao%2F4NsvKPC%2FtnkTh7OLJoNg%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716d493f4e49-FRA
79413ab48d01e399d4b9b04a8a27ad96_3783.jpg
cdnativ.com/extban/242846220/creatives/23195690/ Frame FEB0 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242846220/creatives/23195690/79413ab48d01e399d4b9b04a8a27ad96_3783.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
315
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905386000004e49413cb000000001
last-modified
Thu, 10 Dec 2020 14:22:43 GMT
server
cloudflare
etag
W/"5fd22f33-c123"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=cFCda8y7skxjH2RBC78Jmbsk%2Bnetg0ULWRCb2dc6QNvRKODJNHAkKkzPkrETykD5jUi5dydxnZsD8C5yfCXNm%2FtJOrJDA9Ly4timgFNYHW7XVxNE5L1BbQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716d49874e49-FRA
f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
cdnativ.com/extban/239683620/creatives/23179830/ Frame FEB0 		75 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179830/f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6929
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905385400004e49fa090000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-12b79"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ZhfUwnUPYjqI5xM%2BRO4q3pieejHIKexB5ZBAxR%2FUfJOJe8SCBVmnCYdZffDAkFW%2FYtV9vQRP3gdtvh53iRlxRe0sGIcNg64uCnwLKzMqN6RSxCF%2BhxP4NA%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716d493e4e49-FRA
7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
cdnativ.com/extban/239683620/creatives/23179834/ Frame FEB0 		363 KB
364 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179834/7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6681
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905386000004e49589d8000000001
last-modified
Mon, 16 Nov 2020 12:52:41 GMT
server
cloudflare
etag
W/"5fb27619-5aaff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=x8EjQe277yod51pPzVcp29%2Bs2qwfbvoFRDfoMK%2BHNPeWXosXRf62HUB5FJWegCUaBOqTQ%2Fj%2FR%2BgnB060z0hxopzOBXQ0%2BoLRLTpusgqRjWiyPnv5AEv7yA%3D%3D"}]}
content-type
image/png
cache-control
max-age=14400
cf-ray
64bb716d49854e49-FRA
i.php
discovernative.com/script/ Frame FEB0 		0
40 B 		Script
General
Check archive.org
Download Go to
Full URL
https://discovernative.com/script/i.php?stamat=m%7C%2C%2Cg3NyIiE-oGU3B0-GH0dEdHP3xP.507%2CRPY32oBKcU7k4WKKxQWlPdl6FZg_-f7Ixoc-WglKs5B0wdZBHO0Wlsbv1ADbs3yyCMRNyF5NpejdhdpGS3ewex2KSpCkcbFockaVjxZKEHfXxOQN2ySli8hrgIbDEZJ8y2HKpFCYod_pohag5iDQc__8lqiOwRWs2IQu40PBtIic9IZ7v34SwZVVauSGRF2fRsUEmkkMViQ0lZUdle4q62JT62vwN6bfzD56u1Ee_QGkDRloRz9r825o--Cj8HUg-gh1esH8F434ckLavPhtS_Zm5bDz3uypvpBdvz0_QLNCchOMT4MsS9alStZYFeIaMcLzBVys9Pg67YKQei3F9qERw0WHWZDA-VRb42_49GWx-YS34DvvSdoZWz64v1CVvq8Ku4P6pGj29cL8Ug9rAMhCnuHJThlfkolcFpSDrLuIkc-phCRuXjzebYBopLS1ueWoXHtv3k6tqfg-QDsHVpfPQGZL0JtdhHuncEqzV7bdVvf1TGF4Cl66p6tY_LyZhiC9Sk8nUF4Fu4kn2lqKw1IjQIumrxMatvX3YnKGAy08JT7ITtXksFczDzE5TB-VSqwAAtE_WI89SLmaLIfWhdOCMKDTYgRcAnh0HjBOZig%2C&track=0,1,2
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.31.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
referrer-policy
no-referrer
server
openresty
alt-svc
clear
truncated
/ Frame 2964 		350 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
cdnativ.com/extban/239683620/creatives/23179834/ Frame 2964 		363 KB
363 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179834/7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6681
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905386000004e493ea00000000001
last-modified
Mon, 16 Nov 2020 12:52:41 GMT
server
cloudflare
etag
W/"5fb27619-5aaff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=xpMaBqwF8cwYcg5Dnl2lXcVGOJNB2TSCt9ALikRL5eacIWfYXsUut5UaRLkC7f6XNu8DGGxurC6BSvLZQTLZaRSaJicajD%2BZ0SB7ShE8a4SnnioaJzDHdA%3D%3D"}]}
content-type
image/png
cache-control
max-age=14400
cf-ray
64bb716d498b4e49-FRA
f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
cdnativ.com/extban/239683620/creatives/23179830/ Frame 2964 		75 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179830/f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6929
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905386100004e49210f5000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-12b79"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=v5EIoyl382pqJ1E3gbHDFKL%2F%2FPd%2B%2FaEjAnyWn4ldmZ%2FE904XexZZ%2FNqUyble5P7Dws0JIBEZEzySGzybsBzZfm3SSSyQQfvW4r3da9fFc4PFgoOu2sIaaw%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716d498e4e49-FRA
b1551975560d82a8fea104e33134c4a2_1320.jpg
cdnativ.com/extban/242845620/creatives/23195678/ Frame 2964 		78 KB
79 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195678/b1551975560d82a8fea104e33134c4a2_1320.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1152
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905386300004e496b26a000000001
last-modified
Thu, 10 Dec 2020 14:21:17 GMT
server
cloudflare
etag
W/"5fd22edd-138ae"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2yApebgef%2FkzxDdCDU1Px2aEqZKDWxXrK3pnmeznT3LNz9fnmBofeUAmog4q0eEwiXd%2BgOHQAOQUyzlKQuHPU2jLMTZkwOOGZi1AiRIeF5KU4kYFK9vLmw%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716d49914e49-FRA
79413ab48d01e399d4b9b04a8a27ad96_3653.jpg
cdnativ.com/extban/242845620/creatives/23195682/ Frame 2964 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195682/79413ab48d01e399d4b9b04a8a27ad96_3653.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
40
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905386100004e4938817000000001
last-modified
Thu, 10 Dec 2020 14:21:20 GMT
server
cloudflare
etag
W/"5fd22ee0-c123"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=B0dkRhvIxShcYobL9iTmzmvK642u2Pitjk3xK73SWeDXlTBCBEvbbBfLvWViuYoQwF4PM87VAjOzN6w%2FjRh1cvQ9khOfI0J7wh9L44aElkpeP6iBkaOnIg%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716d49924e49-FRA
i.php
discovernative.com/script/ Frame 2964 		0
40 B 		Script
General
Check archive.org
Download Go to
Full URL
https://discovernative.com/script/i.php?stamat=m%7C%2C%2CAjMmIhMuoGU3B5-GH0dEdHP3xP.5c2%2C1cwSC7ekbrRolRh6a4NSITflxoHCtYvnOVrHKn34RVc_MR89K9D6wCj0zsnJtom7vFAXqYoXpwHwayl3VnXlnKMa_LBWUcBPxdv8jOyRTVO2A2_nQTDgFDF2OEvqWKPtFIrIttWBSHf33lVP7qN8bfZyNFmGtQyOxFv9p7yYWUtYJHBmhAT4v4a5VRM2KMtcoG2PTffCXmhCOLHdn1QT__dFtxLTXcQU_Pd35CdigEEUO6mQ1L6vtE-BAzyw0JLeQM2ni9V2Kxd4mXstts_0_o6m9E4SWX6tdUSch5G19Ecpt8itdPQn1yVruy8vtdcLFELzRKRSFJz2Jxtk3GzQfcZRxCLN3Y6IZzKXW5im2JWS7xocKXUdTGi0zJSco4DGCUJ6tk2iMVvDitf2hSI8okrzw_qLj6Iumq5rEw2SppSE-9cBzUU997AdOCUKAW9z7TXEe23uRPOnKkl_2pBo5tGCQUtAdsKYYsd0bV7BIBz7DVD4DqA_MSQgzt2yBA1mm2O-RIkMSndq184LFSL8ITj3Wy5ES5Fns4iY6oSccDFutD5YJCO0J8abe0xHlSwB2I2bhETDKHOPkCkBL07NcQ%2C%2C&track=0,1,2
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.31.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
referrer-policy
no-referrer
server
openresty
alt-svc
clear
truncated
/ Frame C689 		350 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
cdnativ.com/extban/239683620/creatives/23179834/ Frame C689 		363 KB
364 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179834/7b8924adf0d27ff0aa9705c60c51f4b6_8308.png
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6681
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905389500004e49f3826000000001
last-modified
Mon, 16 Nov 2020 12:52:41 GMT
server
cloudflare
etag
W/"5fb27619-5aaff"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Ih4laz32i%2BbyaH7a52uSp5ZfcQOVc0EM4iLQlYz4UvtPSly6dEh7teWE4%2FnkoWy5pUSRjlab5IfTiPdQXgfCj2j3Pz8%2BJTrzR5%2BAVUu7U1mgbI1Eo5DgpA%3D%3D"}]}
content-type
image/png
cache-control
max-age=14400
cf-ray
64bb716dba774e49-FRA
f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
cdnativ.com/extban/239683620/creatives/23179830/ Frame C689 		75 KB
76 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/239683620/creatives/23179830/f475ae1cb684f3ad7d80cf89f6e3a279_2676.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6929
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905389800004e4958280000000001
last-modified
Mon, 16 Nov 2020 12:52:40 GMT
server
cloudflare
etag
W/"5fb27618-12b79"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=BGXCaWtYFsSp6AvmjLJhAyxmPT%2B3p4alsiLSh9aEyhqqIYejcYAjJNAXKJ03W0WcNY0YVqM9ktm3dfyr45bZfTzFBEajMx9vLhTKcpDW2YaM4Ng0FDW0hw%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716dba864e49-FRA
6267528ddbd716c9059e0004f868d219_4767.jpg
cdnativ.com/extban/237524220/creatives/23169212/ Frame C689 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/237524220/creatives/23169212/6267528ddbd716c9059e0004f868d219_4767.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3804
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905389800004e493ea05000000001
last-modified
Fri, 30 Oct 2020 12:51:59 GMT
server
cloudflare
etag
W/"5f9c0c6f-8b8c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=X8hoTomJR2mBb3ltNDPNRlEbo%2BJ88n2gW7bC46ZlQEKE4HJmLO8sx6icMu%2BSgWnsVS6tnZBPh7CVNgbpAM5SKCIwFMSmfh%2B1Bda%2BqBLKaRq8dGnJOjpYTg%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716dba894e49-FRA
e1baa8309e20b8e8c8b7670d5f6ea902_8591.jpg
cdnativ.com/extban/242845620/creatives/23195676/ Frame C689 		90 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195676/e1baa8309e20b8e8c8b7670d5f6ea902_8591.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
6876
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905389800004e49fea01000000001
last-modified
Thu, 10 Dec 2020 14:21:16 GMT
server
cloudflare
etag
W/"5fd22edc-168c9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ERCC2lID73IqfkwfJvk8lvcow%2BHOQ1qDW5bvhUocj4QLhhyH5arTvQcRAEy%2BmZslToKvaYvCiEMsmyIQtOf1LSKQwk2eXuT83MvspSxj6tN4kthBtEm%2BrQ%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716dba8b4e49-FRA
1b55976ecf1e58ae015b1f9cbdff0eb5_3784.jpg
cdnativ.com/extban/240808020/creatives/23185326/ Frame C689 		32 KB
33 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/240808020/creatives/23185326/1b55976ecf1e58ae015b1f9cbdff0eb5_3784.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
4061
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905389800004e49199eb000000001
last-modified
Tue, 24 Nov 2020 12:55:19 GMT
server
cloudflare
etag
W/"5fbd02b7-8132"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9W3fKx2FqRf5GCC2fxnM3N8z%2BHJvZt7g5V3wbqMGRrV8sZ8Q13PQo1oASzjaIRedcWwocesyYzAQjTx34MR%2FyT4dbc6g0pNIHxSPmenktKYeCWDFxlT46Q%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716dba8d4e49-FRA
1cd7712e9337d85c2a8d59556b57889a_6057.jpg
cdnativ.com/extban/237524220/creatives/23169142/ Frame C689 		37 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/237524220/creatives/23169142/1cd7712e9337d85c2a8d59556b57889a_6057.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
3321
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905389a00004e493a3a0000000001
last-modified
Fri, 30 Oct 2020 12:43:14 GMT
server
cloudflare
etag
W/"5f9c0a62-9465"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=btLU6Qj3ABAi45mUuCIBHu7Y2Q1qSBhCgKTSEswKu%2Fix3Xzm1mJwDzXZEotVIP0NmMLWKaBaprhGwWMJK8jE9i36c5a6lEsqK9YXdjWisHqnCnnkG5cxLA%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716dba924e49-FRA
79413ab48d01e399d4b9b04a8a27ad96_3653.jpg
cdnativ.com/extban/242845620/creatives/23195682/ Frame C689 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195682/79413ab48d01e399d4b9b04a8a27ad96_3653.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
40
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905389a00004e49051ca000000001
last-modified
Thu, 10 Dec 2020 14:21:20 GMT
server
cloudflare
etag
W/"5fd22ee0-c123"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=g0DrFtJ0ER%2F3sIQLi%2Bi%2BvHAXZm%2FkJPUa%2B%2B4GO%2FIQTlJf9akhCyUICvRw3tXBE%2FhvIeGL6N7J6M%2FrWXhaNisjG9Hh3ONR7oKr0NOngTz6gg7PqPM1nt9YSw%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716dca974e49-FRA
b1551975560d82a8fea104e33134c4a2_1320.jpg
cdnativ.com/extban/242845620/creatives/23195678/ Frame C689 		78 KB
79 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnativ.com/extban/242845620/creatives/23195678/b1551975560d82a8fea104e33134c4a2_1320.jpg
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
2606:4700:3034::ac43:81e7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
cf-cache-status
HIT
nel
{"report_to":"cf-nel","max_age":604800}
age
1152
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
09e905389b00004e491697a000000001
last-modified
Thu, 10 Dec 2020 14:21:17 GMT
server
cloudflare
etag
W/"5fd22edd-138ae"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=pEIzjl8le82VEejBCHxGJTY2N4S7GLPeAWpypyBTDyoXtgGA37E9vBgwBjUsYtncJqhBX7bF3ynO%2BlFe113ZLqo6cSJhtjeuWrKOtXmYPHuoh9zyk9LhBA%3D%3D"}]}
content-type
image/jpeg
cache-control
max-age=14400
cf-ray
64bb716dca984e49-FRA
i.php
discovernative.com/script/ Frame C689 		0
40 B 		Script
General
Check archive.org
Download Go to
Full URL
https://discovernative.com/script/i.php?stamat=m%7C%2C%2CAjFqt2YjoGU3BZ-GH0dEdHP3xP.f01%2CD2oSvNVTbtIuZWgGk69WjXkmdM9PtTaEQ9PDizln4bY4m02BuduL7zEqlSj8VaIPskPYjEc9nB2bupj9x5__RT0LYIFr4i-DIjW2fyc6Sw4jvCLXHhr_MBQLt6pt8InvkSGuN7RGOHnhcI3Lwdhragga2Zc14BLs-wbXVpmh2W6gtwcGfpwC8et5XZ669yKVjMt29O08zQYRjWcP-BVD54xgF8NdwxfeetUa1wO4KqvxwezxDktzFzVXPGY_5HMfI5E6m03_t7-BXa3WtElRQYh9jNesCtZZXoLGyPJMwjmqCd0nQOoTwQdbmXzL0MHZoMODBwGax2ri2mBzwwbUkMDmr4_RAxVGylCbF8ym6JnrvH4aa9SV1VEQ6gyjkNaVY5XdiRwdR7JB5Loi0eUJzzm7EAlPkXX3UGq-A9V7tsRYczCagnXdLoRhrSdrRwQNghm5hUh9Dk2-v7vPJJ0BmCnQvU0XtosSvlkBZZyLKa2LFI2PX3CuCvRFWMFX58ODbFuCERX2EnLYRwfVrRfj4eApPXwcwOLZ7RQIxhTuMtifq-JqjFRH7Qy0dam-jICPi4eBwg0p9cmEmBgLp4bYw6__j8L84LKFnZT4g3C7MLG_2OxwL696iEC3BtF-uYHs3wxOUSm8yqQWRIH_TWLtdKc1TYvzH3f2DdIJlcHCPpf7sT-W7TgYAFUkS6Y8MmMHL55hrIfpJ9G_k705Ez36CQ%2C%2C&track=0,1,2,3,4,5,6,7
Requested by
Host: superonclick.com
URL: https://superonclick.com/script/style.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.31.231 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 07 May 2021 15:22:19 GMT
via
1.1 google
referrer-policy
no-referrer
server
openresty
alt-svc
clear
i.php
www.onclickperformance.com/script/ Frame 192B 		0
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.onclickperformance.com/script/i.php?stamat=m%7C%2C%2Cgjaj4iPqoGU3BE9GH0dEdHP3xP.609%2CYj1uVCV04G7M8F4Qvs5_841NmmjBK6GYO3mcgk95vboG4LxvNmeDFGIB_Xhnqq9DWfSyM7Xd5qINMfFhYTzh4p5MlvGxjgNVwcq34Y5NNh-O64Twoy_i8rxl5DJ7Fi7ZC_xT2tnrMoEKCuLUvn-_xEMNFMYiORI_ms6_RIDltmBDZrqiRWDG5l1X9nLXvhl6dVP20v0sniygfXcO2rAGu8BlIPEaDodgV4MjRJMSumjDDfnRS5hlSUCtt-txU2CVfKIfzwKkr64e4ke9dnrNkGcmEaFzSaEd7hx71Tn0nvXnOobRQH7L_KoEKqzj4dyNnbwWsGCEfj_ZvA6RepMkMzTrQmeBVZ6Efi4kAoBp0ADYoIevkRsRiOZ_Y1i4iqP7DbLH4oVPqI3NKKXRvxH0l5LhJowQD3nbdpnw27QW2eo%2C
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.55.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
95.55.190.35.bc.googleusercontent.com
Software
openresty /
Resource Hash

Request headers

Referer
https://www.onclickperformance.com/ad/display.php?stamat=m%7C%2C843d_IjZrB1dAN0dEdHP3xP.97d%2CZMkKdRAQlkuDbgTABrav5PJVGYpTe0dUb_MNz-F-YkXGsYpN4ZXuutoO33dMQQXhJOLbIvaqoBtbvbUjUAXlx6f_sxoFmL_0otrmB43OOqk%2C&cbrandom=0.1158597196998965&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbref=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 07 May 2021 15:22:20 GMT
via
1.1 google
referrer-policy
no-referrer
server
openresty
alt-svc
clear
i.php
www.onclickperformance.com/script/ Frame 2349 		0
40 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.onclickperformance.com/script/i.php?stamat=m%7C%2C%2Cg3ZrojO-tGU3BE9GH0dEdHP3xP.27e%2CWlVKYKm9T4TPCuzsHMQUNdL6rGBHmsHsSzSw0-isa0UMRdal53WTeSa51-uRuR3GsogEOoXvRs6gEF9izRNjhcVxiw3qRa4DAppLPunIbhM99UOBZfwydavEBOGx3KRd6Jhpc9ZZFhVCnVndtptull6dCuaUl4y-Y0QvWXNleJNtHXEUx-47iHPZVXyVqP1s_57rFAq66Wzm-qzGmhEkvMCJt1cU9ffMMRPfHp45BFWFWWs-FMx5ewZHY1-m3fhoGzP1NPD72hfxQuyiPs19xrVHmgCKjKdIgicTuR_W7vp27DGK3jWRy9xe1ek8Mz9-KpGXXrhlrexsnMO2ZZ7coJ043vg4vXfDccrYG7XIxVWAjNoXQNZUvgVk0682MDX-QiYPNhgs6CfFuMcW0i3yuRlCzm7Scr10Xs4r5WQosJ0%2C
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.55.95 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
95.55.190.35.bc.googleusercontent.com
Software
openresty /
Resource Hash

Request headers

Referer
https://www.onclickperformance.com/ad/display.php?stamat=m%7C%2CoNhP2djZrB1dAN0dEdHP3xP.30c%2CZMkKdRAQlkuDbgTABrav5FCzYGWu2YPQx1pCyBkrQJfEDIFY9rZomXvHq0nTzJQ5SImQYZ-Tm-GAgksI_HEUp35gYXzH2DHRKVnlJHOs164%2C&cbrandom=0.6175855089040949&cbtitle=SAWFIRST%20%7C%20Hot%20Celebrity%20Pictures&cbiframe=0&cbWidth=1600&cbHeight=1200&cbdescription=HQ%20Celebrity%20Pics%2C%20Hollywood%2C%20Pokies%2C%20Upskirt%2C%20Candids%2C%20Red%20Carpet%2C%20Photoshoot%2C%20Booty%2C%20Bikini...&cbkeywords=candids%2C%20celebrities%2C%20booty%2C%20bikini%2C%20pokies%2C%20celebrity%2C%20celebs%2C%20entertainment%2C%20gossip%2C%20hot%2C%20paparazzi%2C%20photos%2C%20photoshoot%2C%20photoshoots%2C%20pics%2C%20pictures%2C%20magazines%2C%20HQ&cbref=
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 07 May 2021 15:22:20 GMT
via
1.1 google
referrer-policy
no-referrer
server
openresty
alt-svc
clear

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

4 Console Messages

Source Level URL
Text
console-api log URL: https://www.sawfirst.com/wp-content/litespeed/cssjs/8eaba.js?b2d32(Line 2)
Message:
JQMIGRATE: Migrate is installed, version 3.3.2
console-api log URL: https://resources.infolinks.com/js/1745.002-3.012/ice.js(Line 1)
Message:
[object Object]
console-api log URL: https://resources.infolinks.com/js/1745.002-3.012/ice.js(Line 1)
Message:
Failed to log to loggly because of this exception: SecurityError: Blocked a frame with origin "https://www.sawfirst.com" from accessing a cross-origin frame.
console-api log URL: https://resources.infolinks.com/js/1745.002-3.012/ice.js(Line 1)
Message:
Failed log data: [object Object]

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ap.lijit.com
b1sync.zemanta.com
cdnativ.com
cm.g.doubleclick.net
crrepo.com
de.tynt.com
discovernative.com
dsp.adkernel.com
dsum-sec.casalemedia.com
googleads.g.doubleclick.net
ib.adnxs.com
image2.pubmatic.com
image4.pubmatic.com
image8.pubmatic.com
match.adsrvr.org
match.bnmla.com
match.prod.bidr.io
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.advertising.com
pixel.quantserve.com
resources.infolinks.com
router.infolinks.com
s.amazon-adsystem.com
s.cpx.to
sawfirst.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
superonclick.com
sync.1rx.io
sync.go.sonobi.com
sync.targeting.unrulymedia.com
ufpcdn.com
ups.analytics.yahoo.com
www.google-analytics.com
www.googletagmanager.com
www.onclickperformance.com
www.sawfirst.com
130.211.31.231
172.67.39.17
174.137.133.49
178.162.133.149
185.64.189.114
185.64.189.216
185.64.190.80
193.0.160.129
2.18.234.21
208.100.17.188
213.19.147.44
216.52.2.48
216.58.212.162
2606:4700:3034::ac43:81e7
2606:4700:3037::6815:293c
2606:4700:3037::ac43:8e31
2606:4700:3038::6815:eb72
2620:116:800d:21:8c6e:cf2c:8d6:9fb5
2a00:1450:4001:803::2002
2a00:1450:4001:80e::200e
2a00:1450:4001:811::2008
2a00:1450:4001:827::2002
2a00:1450:4001:828::200e
3.126.56.137
34.241.88.205
35.156.153.71
35.190.55.95
37.252.172.45
38.27.122.158
51.89.9.251
52.19.106.86
52.94.232.32
54.194.137.128
64.202.112.159
66.155.71.25
66.206.12.119
67.202.110.24
0099381a07c695e5af4b91cfed8c8ecf97fc7e923b65e503e2241d5a357be0f7
07e8d6ea069f651d48ad47731cce6d24417176b3a353554f40fe2d5f8b81afb1
16957a3bb9422d4ba380be3b630db7a310e87e65f224e2be865dd64dd0b5664d
194098486a9bf0977a009766b5c8859531892768f34f1a6bca4797d31636a5f0
27077d36b6dc6e75dcff223709a767433517d0444b80e4e2f489994cf6fd47ad
27bd9e7a36e52bf4b15e9e89e9eaffe861b636eb69a13e8bd407b9bcceda310d
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3c5de0973f3c296091cf1e158611932246a47fae25d3c3abb134c8e0ef883265
4cb2ad9ae7db50a48198d14ccce4acae2a37c36a516d4b9c1df713d9d6668fe4
53e60faa688b7a75e27878f5575b3bf4ff068c2ffc7a0094eac3546e31e87ffe
5feac986fdd4a49ab07d9a85e6d75ceb7febbffc9dae0f8f963cf689690998c2
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
650ab12af9bbbd150cc8c5984419d6703331f7ec3ce59a936f806c90fe97cd3b
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
74651e1fe7743ca562d8607848f470d230a3bbde52e59975e2ea85d369d902aa
78b3c9637e6cfb0ab07f51b3911ba7fd90fa2bba04ac05928c708257ace9506e
7965b4334f08b3c398843d721ab3b5535461f4183ec6bb0923d1ae092b9cfd51
7b06a655db7277250b3fccf043fcf65f0710c93c4466699c88319187229ce24a
7f0644e1001c127a6b328acc18e9c4ea666f406d355cc78b167a251c64953857
85a798dbaf61d64cf6f6bf7d0ca57de472b5d15ffa3ed24bfaccaa66870ee5a5
8bf0609a09c7ba2d55d54fe33b01115ba02711eb452cb1d51461b5d685907cbc
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
a5cb642ef22434a24612329870579fbb272cb9fa7475360035596ea56fb0431a
adf031f7b4d8245bcfdfab6bcbd3bef478c683f4942bc90d165ee2ce934b883a
b0e675d8fcaec6e54624c3421ce55ca293bdd7757eb936708c778cbe4465cf0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
bf27786b4381176350787d768bf5f7c5310ba640aa48ee98a3d2c310ddd971ab
c3ce74fdd526493fa1314834c44184ed66af5b945b960b3d6e34094adb86e468
c3fb7d6131b22bdaadc7e26b42c28cc9f5403434a23f473493636c513462ad00
c7ebc079457063bc247f938930e7266947beebcc8742afc8e38131b9087fb5df
c9f12c14fd7453b501896a6f8710db47db880c8a25c5aadef971bdf41c01c362
d2051829c14b9ebcf712364f1f25fc760a9ee023995943d87a1fe45bb985047f
d22cdcca04fbe6cbb0ee4e667d0a506212b8ec6886c308b1fa5b77804498736e
e282545f9f7c4117db91f8a2c33e5a1dad31f3c6edbe74b9776c1f8b85c166bd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9cd0faddcec01f98997264ee0265690499d4f7adede1fe651719c0a3d4d044b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef22755bc9501f967f1cb92530ea9a24c98432e12dfa2b35a71482b3e5579b21
fac319670d1cc20185c1d996eaf2d1c3c8285d242c6a44c33742d9af365cf935
fea721b7d25d7646e10655fdc461a3a98adf0598cd9e0ef273b08dd7f6cedf7b
ffb16355784a4a89472be6cb28c3408234ec0518326a3a1908797b8d8c78a76a