www.onworks.net Open in urlscan Pro
172.67.71.155 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.onworks.net/playonline/index.php
Effective URL:
https://www.onworks.net/onworkssession.php
Submission: On November 08 via manual (November 8th 2024, 3:10:25 pm UTC) from PL — Scanned from PL

Summary HTTP 277 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 38 IPs in 7 countries across 31 domains to perform 277 HTTP transactions. The main IP is 172.67.71.155, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.onworks.net. The Cisco Umbrella rank of the primary domain is 283185.
TLS certificate: Issued by WE1 on November 2nd 2024. Valid for: 3 months.

This is the only time www.onworks.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 11	172.67.71.155 172.67.71.155	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	45.8.133.83 45.8.133.83	51167 (CONTABO) (CONTABO)
19	37.60.252.138 37.60.252.138	51167 (CONTABO) (CONTABO)
2	142.250.185.168 142.250.185.168	15169 (GOOGLE) (GOOGLE)
2	142.250.185.131 142.250.185.131	15169 (GOOGLE) (GOOGLE)
8	104.18.31.49 104.18.31.49	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	216.58.206.46 216.58.206.46	15169 (GOOGLE) (GOOGLE)
6	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
1	216.239.34.36 216.239.34.36	15169 (GOOGLE) (GOOGLE)
6	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
20	18.66.147.43 18.66.147.43	16509 (AMAZON-02) (AMAZON-02)
6	151.101.193.229 151.101.193.229	54113 (FASTLY) (FASTLY)
18	162.19.138.117 162.19.138.117	16276 (OVH) (OVH)
10	178.250.1.11 178.250.1.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
12	172.67.75.241 172.67.75.241	13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	104.26.9.178 104.26.9.178	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	163.5.194.33 163.5.194.33	60558 (SECUREDSE...) (SECUREDSERVERS-EU)
6	172.64.153.78 172.64.153.78	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	64.158.223.146 64.158.223.146	41041 (VCLK-EU-SE) (VCLK-EU-SE)
6	185.106.140.18 185.106.140.18	7979 (SERVERS-COM) (SERVERS-COM)
6	3.124.64.248 3.124.64.248	16509 (AMAZON-02) (AMAZON-02)
6	5.135.209.96 5.135.209.96	16276 (OVH) (OVH)
6	37.157.2.229 37.157.2.229	198622 (ADFORM) (ADFORM)
6	185.89.210.122 185.89.210.122	29990 (ASN-APPNEX) (ASN-APPNEX)
6	178.250.1.56 178.250.1.56	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
6	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	104.18.23.145 104.18.23.145	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 9	193.3.178.4 193.3.178.4	399668 (E-PLANNING-) (E-PLANNING-)
5	34.252.44.15 34.252.44.15	16509 (AMAZON-02) (AMAZON-02)
3 4	37.157.2.228 37.157.2.228	198622 (ADFORM) (ADFORM)
11	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
15	216.58.206.65 216.58.206.65	15169 (GOOGLE) (GOOGLE)
3	216.58.206.33 216.58.206.33	15169 (GOOGLE) (GOOGLE)
12	178.250.1.3 178.250.1.3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
5	217.182.178.229 217.182.178.229	16276 (OVH) (OVH)
2	159.89.25.223 159.89.25.223	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1 7	13.248.245.213 13.248.245.213	16509 (AMAZON-02) (AMAZON-02)
277	38

11 172.67.71.155 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.onworks.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 45.8.133.83 (Germany)

ASN51167 (CONTABO, DE)
PTR: vmi2029398.contaboserver.net

downloads.uptoplay.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 37.60.252.138 (Düsseldorf, Germany)

ASN51167 (CONTABO, DE)
PTR: vmi2178560.contaboserver.net

stream.onworks.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
images.onworks.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.168 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.18.31.49 (None, )

ASN13335 (CLOUDFLARENET, US)

stpd.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.206.46 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: mil07s07-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.34.36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 18.66.147.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-43.fra60.r.cloudfront.net

tagan.adlightning.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.193.229 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 162.19.138.117 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
lb.eu-1-id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 178.250.1.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.67.75.241 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 104.26.9.178 (None, )

ASN13335 (CLOUDFLARENET, US)

prebid-stag.setupad.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 163.5.194.33 (Amsterdam, Netherlands)

ASN60558 (SECUREDSERVERS-EU, US)

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.64.153.78 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

mp.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 64.158.223.146 (Amsterdam, Netherlands)

ASN41041 (VCLK-EU-SE, US)
PTR: ams02-convex-float1.dotomi.com

web.hb.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.106.140.18 (Netherlands)

ASN7979 (SERVERS-COM, US)

rtb.adxpremium.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 3.124.64.248 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-64-248.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 5.135.209.96 (France)

ASN16276 (OVH, FR)
PTR: ip96.ip-5-135-209.eu

prg.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 37.157.2.229 (Denmark)

ASN198622 (ADFORM, DK)

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.89.210.122 (Frankfurt am Main, Germany)

ASN29990 (ASN-APPNEX, US)
PTR: 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 178.250.1.56 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.184.8.90 (Amsterdam, Netherlands)

ASN204995 (RTB-HOUSE-AMS, CY)
PTR: ip-185-184-8-90.rtbhouse.net

prebid-eu.creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.23.145 (None, )

ASN13335 (CLOUDFLARENET, US)

cadmus.script.ac	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 193.3.178.4 (United States) 3 redirects

ASN399668 (E-PLANNING-, US)
PTR: ads.us.e-planning.net

ads.us.e-planning.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.252.44.15 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-252-44-15.eu-west-1.compute.amazonaws.com

pbs-cs.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.2.228 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

cm.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 216.58.206.65 (United States)

ASN15169 (GOOGLE, US)
PTR: tzfraa-aa-in-f1.1e100.net

e756d1533fa4840d9ae222009a760a9b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ce2c41b846950fb9c400d7bb76d25a22.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d208809318659122e338c9736db856b1.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
09c54a2f1a5a7b0671c548cb63a6c725.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
e566f6526a225c306f09ba2cb5bd0071.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.206.33 (United States)

ASN15169 (GOOGLE, US)
PTR: mil07s07-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 178.250.1.3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 217.182.178.229 (France)

ASN16276 (OVH, FR)
PTR: ip229.ip-217-182-178.eu

ssbsync-global.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 159.89.25.223 (Frankfurt am Main, Germany)

ASN14061 (DIGITALOCEAN-ASN, US)

node.setupad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.248.245.213 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	onworks.net 1 redirects www.onworks.net — Cisco Umbrella Rank: 283185 stream.onworks.net images.onworks.net	107 KB
20	adlightning.com tagan.adlightning.com — Cisco Umbrella Rank: 2602	106 KB
19	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 116 e756d1533fa4840d9ae222009a760a9b.safeframe.googlesyndication.com ce2c41b846950fb9c400d7bb76d25a22.safeframe.googlesyndication.com d208809318659122e338c9736db856b1.safeframe.googlesyndication.com 9a42d1c9e06b5e3ceb15748e19eb0ae6.safeframe.googlesyndication.com Failed 09c54a2f1a5a7b0671c548cb63a6c725.safeframe.googlesyndication.com e566f6526a225c306f09ba2cb5bd0071.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 163	116 KB
18	4dex.io script.4dex.io — Cisco Umbrella Rank: 3596 mp.4dex.io — Cisco Umbrella Rank: 3227	30 KB
16	criteo.com gum.criteo.com — Cisco Umbrella Rank: 461 bidder.criteo.com — Cisco Umbrella Rank: 745	5 KB
15	setupad.net prebid-stag.setupad.net — Cisco Umbrella Rank: 53378	21 KB
13	3lift.com 1 redirects tlx.3lift.com — Cisco Umbrella Rank: 535 eb2.3lift.com — Cisco Umbrella Rank: 415	5 KB
12	criteo.net static.criteo.net — Cisco Umbrella Rank: 776	31 KB
12	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 522	5 KB
11	smartadserver.com prg.smartadserver.com — Cisco Umbrella Rank: 1960 ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 1767	4 KB
10	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 517	104 KB
10	adform.net 3 redirects adx.adform.net — Cisco Umbrella Rank: 6462 cm.adform.net — Cisco Umbrella Rank: 1528	14 KB
9	e-planning.net 3 redirects ads.us.e-planning.net — Cisco Umbrella Rank: 2664	1 KB
8	stpd.cloud stpd.cloud — Cisco Umbrella Rank: 49176	771 KB
6	eu-1-id5-sync.com lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 917	2 KB
6	creativecdn.com prebid-eu.creativecdn.com — Cisco Umbrella Rank: 8337	2 KB
6	adnxs.com ib.adnxs.com — Cisco Umbrella Rank: 267	11 KB
6	adxpremium.services rtb.adxpremium.services — Cisco Umbrella Rank: 22603	14 KB
6	dotomi.com web.hb.ad.cpe.dotomi.com — Cisco Umbrella Rank: 4379	1 KB
6	a-mo.net prebid.a-mo.net — Cisco Umbrella Rank: 777	285 B
6	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 311	1 KB
6	doubleclick.net securepubads.g.doubleclick.net — Cisco Umbrella Rank: 215	151 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 307	34 KB
5	yellowblue.io pbs-cs.yellowblue.io — Cisco Umbrella Rank: 4668
5	uptoplay.net downloads.uptoplay.net	94 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 34 region1.google-analytics.com — Cisco Umbrella Rank: 3643	22 KB
2	setupad.com node.setupad.com — Cisco Umbrella Rank: 64718	481 B
2	gstatic.com www.gstatic.com	22 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	173 KB
1	script.ac cadmus.script.ac — Cisco Umbrella Rank: 1583	239 B
0	googleapis.com Failed fonts.googleapis.com Failed
277	31

	Domain	Requested by
20	tagan.adlightning.com	www.onworks.net tagan.adlightning.com
15	prebid-stag.setupad.net	www.onworks.net
13	stream.onworks.net	www.onworks.net
12	static.criteo.net	www.onworks.net static.criteo.net
12	script.4dex.io	www.onworks.net script.4dex.io
12	id5-sync.com	www.onworks.net
11	pagead2.googlesyndication.com	securepubads.g.doubleclick.net www.onworks.net tagan.adlightning.com
11	www.onworks.net	1 redirects www.onworks.net
10	cdn.ampproject.org	www.onworks.net tagan.adlightning.com
10	gum.criteo.com	www.onworks.net
9	ads.us.e-planning.net	3 redirects www.onworks.net
8	stpd.cloud	www.onworks.net stpd.cloud
7	eb2.3lift.com	1 redirects www.onworks.net
6	lb.eu-1-id5-sync.com	www.onworks.net
6	prebid-eu.creativecdn.com	www.onworks.net
6	bidder.criteo.com	www.onworks.net
6	ib.adnxs.com	www.onworks.net
6	adx.adform.net	www.onworks.net
6	prg.smartadserver.com	www.onworks.net
6	tlx.3lift.com	www.onworks.net
6	rtb.adxpremium.services	www.onworks.net
6	web.hb.ad.cpe.dotomi.com	www.onworks.net
6	mp.4dex.io	www.onworks.net
6	prebid.a-mo.net	www.onworks.net
6	cdn.jsdelivr.net	www.onworks.net
6	securepubads.g.doubleclick.net	www.googletagservices.com
6	www.googletagservices.com	stpd.cloud
6	images.onworks.net	www.onworks.net
5	ssbsync-global.smartadserver.com	www.onworks.net
5	pbs-cs.yellowblue.io	www.onworks.net
5	downloads.uptoplay.net	www.onworks.net
4	cm.adform.net	3 redirects www.onworks.net
3	tpc.googlesyndication.com	tagan.adlightning.com www.onworks.net
2	node.setupad.com	www.onworks.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.gstatic.com	www.onworks.net
2	www.googletagmanager.com	www.onworks.net www.googletagmanager.com
1	e566f6526a225c306f09ba2cb5bd0071.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	09c54a2f1a5a7b0671c548cb63a6c725.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	d208809318659122e338c9736db856b1.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	ce2c41b846950fb9c400d7bb76d25a22.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	e756d1533fa4840d9ae222009a760a9b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	cadmus.script.ac	script.4dex.io
1	region1.google-analytics.com	www.googletagmanager.com
0	fonts.googleapis.com Failed	tagan.adlightning.com
0	9a42d1c9e06b5e3ceb15748e19eb0ae6.safeframe.googlesyndication.com Failed	securepubads.g.doubleclick.net
277	46

This site contains links to these domains. Also see Links.

Domain
www.megadisk.net
chromewebstore.google.com
www.facebook.com
twitter.com
instagram.com
www.youtube.com
www.linkedin.com
www.offidocs.com
www.apkonline.net
www.uptoplay.net
www.offilive.com
www.redcoolmedia.net

Subject Issuer	Validity	Valid
onworks.net WE1	`2024-11-02` - `2025-01-31`	3 months	crt.sh
uptoplay.net R10	`2024-09-18` - `2024-12-17`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.gstatic.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
stpd.cloud WE1	`2024-11-03` - `2025-02-01`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.adlightning.com Amazon RSA 2048 M02	`2024-07-30` - `2025-08-27`	a year	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
*.id5-sync.com E5	`2024-09-01` - `2024-11-30`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-24` - `2024-12-25`	3 months	crt.sh
script.4dex.io WE1	`2024-09-21` - `2024-12-21`	3 months	crt.sh
setupad.net WE1	`2024-11-02` - `2025-01-31`	3 months	crt.sh
*.a-mo.net R11	`2024-11-01` - `2025-01-30`	3 months	crt.sh
mp.4dex.io WE1	`2024-10-27` - `2025-01-25`	3 months	crt.sh
ad.cpe.dotomi.com GlobalSign RSA OV SSL CA 2018	`2024-06-17` - `2025-07-19`	a year	crt.sh
*.adxpremium.services Sectigo RSA Domain Validation Secure Server CA	`2024-07-30` - `2025-08-05`	a year	crt.sh
*.3lift.com Amazon RSA 2048 M02	`2024-03-13` - `2025-04-11`	a year	crt.sh
*.smartadserver.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2024-01-17` - `2025-01-16`	a year	crt.sh
track.adform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-03` - `2025-09-24`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
*.creativecdn.com RapidSSL TLS RSA CA G1	`2024-04-05` - `2025-04-30`	a year	crt.sh
script.ac E5	`2024-10-19` - `2025-01-17`	3 months	crt.sh
*.eu-1-id5-sync.com R10	`2024-09-01` - `2024-11-30`	3 months	crt.sh
ads.us.e-planning.net R11	`2024-08-31` - `2024-11-29`	3 months	crt.sh
*.yellowblue.io Amazon ECDSA 256 M03	`2024-03-19` - `2025-04-18`	a year	crt.sh
*.adform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-27` - `2025-06-18`	a year	crt.sh
tpc.googlesyndication.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-24` - `2024-12-21`	3 months	crt.sh
node.setupad.com R11	`2024-10-20` - `2025-01-18`	3 months	crt.sh
misc-sni.google.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 33 frames:

Primary Page: https://www.onworks.net/onworkssession.php
Frame ID: 374B2F6A1E8BA65E0B789968652FA38E
Requests: 50 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: E08DD02B107396B175130D739B2E377D
Requests: 29 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: FA547BFD4B99D353633D872DA62A9260
Requests: 28 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: AA19C5B1DB5176920113E3900DEE7CE1
Requests: 31 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: DFFD4C51E5B140EA3009ED22DA054983
Requests: 29 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: 98F54C24BD14591F09A5EC7B84A21729
Requests: 29 HTTP requests in this frame

Frame: https://www.googletagservices.com/tag/js/gpt.js
Frame ID: 26283D344784979023C889A13E113280
Requests: 30 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 32A09474602774BEBF2FD70696E3A873
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: CAE40943805D69CFAE6B274F2718EA2D
Requests: 1 HTTP requests in this frame

Frame: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Frame ID: 45A8547E50EB75114781263D81B3E309
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 70EC247623B7D761586FDE9E565FCE45
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: D416B64B75FA5884DF7AEF853928200A
Requests: 1 HTTP requests in this frame

Frame: https://e756d1533fa4840d9ae222009a760a9b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 8DCBEF66C90AC8AD3AD08743B93E1FB3
Requests: 1 HTTP requests in this frame

Frame: https://ce2c41b846950fb9c400d7bb76d25a22.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: F2D7EE19DEBBAB362782E1714E18FC23
Requests: 1 HTTP requests in this frame

Frame: https://d208809318659122e338c9736db856b1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 5463CF1D0DF98E53C349D6FCC7206B31
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: B185E2C06A782F194E264168D274231A
Requests: 1 HTTP requests in this frame

Frame: https://9a42d1c9e06b5e3ceb15748e19eb0ae6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 22234750598A5D8549A1CE5CF0C2791C
Requests: 1 HTTP requests in this frame

Frame: https://09c54a2f1a5a7b0671c548cb63a6c725.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: D341381A7DAFBABDFB60CBF809EF2FA3
Requests: 1 HTTP requests in this frame

Frame: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Frame ID: 4CFFAA5F798B464C8D3CEC605A4068D7
Requests: 1 HTTP requests in this frame

Frame: https://e566f6526a225c306f09ba2cb5bd0071.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 3BEF85BEA0A8FC60D4854D17EA9AF9B7
Requests: 1 HTTP requests in this frame

Frame: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 6537AF81355A808A90C5355B05922440
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js
Frame ID: 76EC0171A195ED695CABB5B69C36974C
Requests: 12 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&ld=1
Frame ID: 03D9A835314C845A7AA61D46589206D4
Requests: 1 HTTP requests in this frame

Frame: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js
Frame ID: B1FF0852D925A4E292581EC0FFB653E1
Requests: 13 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 6EEDF5FD018FE3906947E43DFFCC50C9
Requests: 1 HTTP requests in this frame

Frame: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Frame ID: F65F7859473E9CCB48CD5276DB5FFC2E
Requests: 1 HTTP requests in this frame

Frame: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Frame ID: BFB006D54DF893445C22F0193336C71A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html
Frame ID: C4452701A4C0E9C6C979A1041CACC8EA
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 97C68356EABAC23D2C7CA0CD726C79BB
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 0F413FEAA946ACD367FBA2B166CBF8A3
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: A2829DA99FF509BAC32AB5AC001FB640
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 6F48E18765BBBECE3522D9B2DA97F0E8
Requests: 1 HTTP requests in this frame

Frame: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Frame ID: 7AC519DF8FFD771E91A64B485507A5A6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Session management for OnWorks Free hosting provider for Linux online

Page URL History Show full URLs

https://www.onworks.net/playonline/index.php HTTP 307
https://www.onworks.net/onworkssession.php Page URL

Detected technologies

Firebase (Databases) Expand

Overall confidence: 100%
Detected patterns

/firebasejs/([\d.]+)/firebase

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

277
Requests

96 %
HTTPS

0 %
IPv6

31
Domains

46
Subdomains

38
IPs

7
Countries

1844 kB
Transfer

11417 kB
Size

34
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: https://www.megadisk.net/pricing-onworks/
Title: Pricing

Search URL Search Domain Scan URL

URL: https://chromewebstore.google.com/detail/vpnonline-secure-vpn-as-u/ojoiohfkfnfkdcmccickjhkmcdgeeifl
Title: VPN

Search URL Search Domain Scan URL

URL: https://www.facebook.com/OnWorks-114357987913897/

Search URL Search Domain Scan URL

URL: https://twitter.com/onworksglobal

Search URL Search Domain Scan URL

URL: https://instagram.com/onworksglobal

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCggT8SMrUfB6NxjVndr6exA?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/onworks-hosting/

Search URL Search Domain Scan URL

URL: https://www.offidocs.com/
Title: OffiDocs

Search URL Search Domain Scan URL

URL: https://www.apkonline.net/
Title: ApkOnline

Search URL Search Domain Scan URL

URL: https://www.uptoplay.net/
Title: UptoPlay

Search URL Search Domain Scan URL

URL: https://www.offilive.com/
Title: Offilive

Search URL Search Domain Scan URL

URL: https://www.megadisk.net/
Title: Megadisk

Search URL Search Domain Scan URL

URL: https://www.redcoolmedia.net/
Title: RedcoolMedia

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.onworks.net/playonline/index.php HTTP 307
https://www.onworks.net/onworkssession.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 191

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

Request Chain 192

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

Request Chain 194

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID HTTP 302
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

Request Chain 230

https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID HTTP 302
https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&ld=1

Request Chain 268

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=5747938197863539644

Request Chain 269

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=5747938197863539644

Request Chain 274

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP 302
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=5747938197863539644

277 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request onworkssession.php Show response
www.onworks.net/
Redirect Chain

https://www.onworks.net/playonline/index.php
https://www.onworks.net/onworkssession.php

64 KB
17 KB

126ms
125ms

Document
text/html

172.67.71.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.71.155 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

87cc64769a62314612e92ffae77d8875a1efc1bbab37a294b336b7722aec9ef3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8df67d3abecfb621-WAW
content-encoding: br
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
date: Fri, 08 Nov 2024 15:10:19 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dCV0ZLhY9OLON2aV%2FR42Mw1pIJpAx%2BTF4t1H7aV4nm3ya7NhMjlxUul2DsPk9G9kmmkhm3DX4IYMH7haRxubRgOcLWWOxFQr3bo2bz5ZICLuFwClpa%2FVOv21v1X5AvzYcA%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=25360&sent=13&recv=11&lost=0&retrans=0&sent_bytes=5128&recv_bytes=4905&delivery_rate=35518&cwnd=12000&unsent_bytes=0&cid=e17d2e201decbf42&ts=231&x=1" cfExtPri cfHdrFlush;dur=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, X-Auth-Token , Authorization
access-control-allow-methods: GET, PUT, POST, DELETE, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1000
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8df67d3a1df6b621-WAW
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: unsafe-none
cross-origin-opener-policy: unsafe-none
date: Fri, 08 Nov 2024 15:10:19 GMT
location: /onworkssession.php
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WPJ20RiDOmLNyMiEURWxQuMjlqxZs51eAjoYxlb%2F2wPShBeqxTMw8nAz0%2BOYC7bDhRnpBmPsz6qKC0%2Fk6lolKYFUShJ%2FxHcbkEMGrTcMJyMlhjdRnWvSzeOdJ%2B8EKpbZnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfL4;desc="?proto=QUIC&rtt=25464&sent=11&recv=10&lost=0&retrans=0&sent_bytes=4229&recv_bytes=4501&delivery_rate=593&cwnd=12000&unsent_bytes=0&cid=e17d2e201decbf42&ts=105&x=1" cfExtPri cfHdrFlush;dur=0
strict-transport-security: max-age=31536000; includeSubDomains; preload

GET
H2 200 jquery-ui.css
downloads.uptoplay.net/apkdownloader/ 32 KB
6 KB 391ms
43ms Stylesheet
text/css 45.8.133.83
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/jquery-ui.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

45.8.133.83 , Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2029398.contaboserver.net

Software

Resource Hash

24e077516b89f2a627c538ae9c18493ecd80f1fe367c0528c2cadc62d6601b6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=1200
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
x-content-type-options: nosniff
x-cache-url-1: /apkdownloader/jquery-ui.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
date: Fri, 08 Nov 2024 15:10:19 GMT
x-xss-protection: 1; mode=block
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding

GET
H2 200 jquery.min.js Show response
downloads.uptoplay.net/apkdownloader/ 93 KB
34 KB 425ms
79ms Script
application/x-javascript 45.8.133.83
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/jquery.min.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

45.8.133.83 , Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2029398.contaboserver.net

Software

Resource Hash

47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: max-age=31536000
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
x-content-type-options: nosniff
x-cache-url-1: /apkdownloader/jquery.min.js
expires: Fri, 07 Nov 2025 20:40:03 GMT
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
date: Fri, 08 Nov 2024 15:10:19 GMT
x-xss-protection: 1; mode=block
content-type: application/x-javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding

GET
H2 200 jquery-ui.min.js Show response
downloads.uptoplay.net/apkdownloader/ 197 KB
52 KB 424ms
79ms Script
application/x-javascript 45.8.133.83
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/jquery-ui.min.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

45.8.133.83 , Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2029398.contaboserver.net

Software

Resource Hash

e4bf411611a715a5752d6e80345cd5fa56731a8ff96e54e5212024337a1c6984

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: max-age=31536000
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
x-content-type-options: nosniff
x-cache-url-1: /apkdownloader/jquery-ui.min.js
expires: Fri, 07 Nov 2025 20:40:03 GMT
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
date: Fri, 08 Nov 2024 15:10:19 GMT
x-xss-protection: 1; mode=block
content-type: application/x-javascript
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding

GET
H2 200 theme.css
downloads.uptoplay.net/apkdownloader/ 2 KB
971 B 468ms
123ms Stylesheet
text/css 45.8.133.83
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/theme.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

45.8.133.83 , Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2029398.contaboserver.net

Software

Resource Hash

7c69058459fdf0b4521ba057f595d6aa938265ccf3095e818150886a7bb5bf44

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=1200
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
x-content-type-options: nosniff
x-cache-url-1: /apkdownloader/theme.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
date: Fri, 08 Nov 2024 15:10:19 GMT
x-xss-protection: 1; mode=block
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding

GET
H2 200 styles.css
downloads.uptoplay.net/apkdownloader/ 620 B
824 B 468ms
124ms Stylesheet
text/css 45.8.133.83
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://downloads.uptoplay.net/apkdownloader/styles.css?v=2

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

45.8.133.83 , Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2029398.contaboserver.net

Software

Resource Hash

9a3272fdc40cb2636333e4ba1bd290adb9c78e01c7af4ae21da20a5cdf54b3b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=1200
cross-origin-opener-policy: unsafe-none
content-encoding: gzip
x-content-type-options: nosniff
x-cache-url-1: /apkdownloader/styles.css?v=2
expires: Fri, 07 Nov 2025 20:37:49 GMT
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
referrer-policy: no-referrer-when-downgrade
date: Fri, 08 Nov 2024 15:10:19 GMT
x-xss-protection: 1; mode=block
content-type: text/css
vary: Accept-Encoding, Accept-Encoding, Accept-Encoding

GET
H2 200 general.css
stream.onworks.net/templates/system/css/ 3 KB
1 KB 388ms
43ms Stylesheet
text/css 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/system/css/general.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

3ad9292f7844d507f33f4de3bf19577c9115a8b7bc807f989ab26b19e3c97fe7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-MtMUQyOcDY"
x-original-content-length: 2730
x-cache-url-1: /templates/system/css/general.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 798
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 addons.css
stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/ 1 KB
1 KB 388ms
45ms Stylesheet
text/css 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/addons.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

50f17262769a2476f090fd24ef33caffed8acd6caf684b20bdc90909c5c43758

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-lXdv-Gwc3a"
x-original-content-length: 2795
x-cache-url-1: /plugins/system/jat3/jat3/base-themes/default/css/addons.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 615
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 layout.css
stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/ 1 KB
867 B 388ms
45ms Stylesheet
text/css 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/layout.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

fef0ae74dc3bcf89260cfe9fe70df333bb482dc7e52f129aa73b177426c72152

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-1yeZ15PgBe"
x-original-content-length: 3259
x-cache-url-1: /plugins/system/jat3/jat3/base-themes/default/css/layout.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 452
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 template.css
stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/ 20 KB
5 KB 389ms
46ms Stylesheet
text/css 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/template.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

11fefb9c374d241b645ab5030176d8d2af1b3d362b31f20620848af9e0835ec4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-C76MovcGZy"
x-original-content-length: 26939
x-cache-url-1: /plugins/system/jat3/jat3/base-themes/default/css/template.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 4983
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 css3.css
stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/ 970 B
657 B 421ms
79ms Stylesheet
text/css 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/plugins/system/jat3/jat3/base-themes/default/css/css3.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

e687ea2f0b101508eb42841e23a305148562e615919a5c646aca1b753bd518a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-Aag-hZxQyz"
x-original-content-length: 2096
x-cache-url-1: /plugins/system/jat3/jat3/base-themes/default/css/css3.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 244
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 layout.css
stream.onworks.net/templates/ja_elastica/css/ 2 KB
939 B 421ms
79ms Stylesheet
text/css 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/layout.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

773485acaee520be797ce2adbd1ae738c1c28b49b11e298ed784edbb11b08a2d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-97Bl_gQT9D"
x-original-content-length: 3596
x-cache-url-1: /templates/ja_elastica/css/layout.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 547
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 template-3-new01.css
stream.onworks.net/templates/ja_elastica/css/ 25 KB
6 KB 425ms
83ms Stylesheet
text/css 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/template-3-new01.css?v=020

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

b831ee2bbbdc5353833b35f1176feab0fe3d5a00c04c2576e7de866bced4a3c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: max-age=453, public
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-yFoVuFwV5i"
x-original-content-length: 35313
x-cache-url-1: /templates/ja_elastica/css/template-3-new01.css?v=020
expires: Fri, 08 Nov 2024 15:17:53 GMT
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 6093
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 modules.css
stream.onworks.net/templates/ja_elastica/css/ 1 KB
935 B 421ms
80ms Stylesheet
text/css 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/modules.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

2440da49abf00e2fc8e09c38bbb2ac1afca94303ead6974b746c79155c789b9b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-eDveT_ggor"
x-original-content-length: 2543
x-cache-url-1: /templates/ja_elastica/css/modules.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 542
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 layout-normal-2b.css
stream.onworks.net/templates/ja_elastica/css/ 4 KB
1 KB 426ms
86ms Stylesheet
text/css 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/layout-normal-2b.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

138485db4823c1444d2991c332c2fb4cd3ea3b6fddbed5317506170e361b38c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-pZAGa_IlrH"
x-original-content-length: 3637
x-cache-url-1: /templates/ja_elastica/css/layout-normal-2b.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 1111
date: Fri, 08 Nov 2024 15:05:35 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 css3.css
stream.onworks.net/templates/ja_elastica/css/ 3 KB
1 KB 425ms
85ms Stylesheet
text/css 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/css3.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

56fdceec363758833100b58312eb4993fe9f599ca70117325ccbabe03b7d6d26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-30gcjA_HN3"
x-original-content-length: 3917
x-cache-url-1: /templates/ja_elastica/css/css3.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 670
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 mega.css
stream.onworks.net/templates/ja_elastica/css/menu/ 5 KB
1 KB 424ms
84ms Stylesheet
text/css 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/menu/mega.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

aafd776ec37c9b47abb96dc3199c4dda7aff364fa6ec9f0458822793bee3e890

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-lAK6Sgz8bE"
x-original-content-length: 7009
x-cache-url-1: /templates/ja_elastica/css/menu/mega.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 1083
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 222 KB
80 KB 446ms
56ms Script
application/javascript 142.250.185.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-117545413-4

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.168 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

40bd47262beaacaccbc6fad3b200227ac6ab34a83eebab195b4d566953ed1c16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 08 Nov 2024 15:10:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 81117
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 firebase-app.js Show response
www.gstatic.com/firebasejs/5.4.0/ 34 KB
12 KB 97ms
44ms Script
text/javascript 142.250.185.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/5.4.0/firebase-app.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f3.1e100.net

Software

sffe /

Resource Hash

e2320f2452434b494e292e5a413126980c134215940ab091e9e496a0052d62f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
age: 171397
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:33:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:33:42 GMT
last-modified: Thu, 16 Aug 2018 18:59:55 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
accept-ranges: bytes
access-control-allow-origin: *
content-length: 12419
x-xss-protection: 0
server: sffe

GET
H3 200 firebase-messaging.js Show response
www.gstatic.com/firebasejs/5.4.0/ 35 KB
10 KB 97ms
45ms Script
text/javascript 142.250.185.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/firebasejs/5.4.0/firebase-messaging.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f3.1e100.net

Software

sffe /

Resource Hash

246fef45b3c78c283fb603de040c9263bbb48532dcb057d4045a790b1b149318

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
age: 341843
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
x-content-type-options: nosniff
expires: Tue, 04 Nov 2025 16:12:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 04 Nov 2024 16:12:56 GMT
last-modified: Thu, 16 Aug 2018 18:59:55 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10046
x-xss-protection: 0
server: sffe

GET
H3 200 24.png
www.onworks.net/images/ 24 KB
25 KB 54ms
53ms Image
image/webp 172.67.71.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/24.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.71.155 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b87de489c3eda2d7cc12367ec2cd76c0bd53ff131e63b0068a92acab334a0227

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

cf-bgj: imgq:100,h2pri
etag: "5b05ec18-9860"
age: 672389
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b9fWB23agPD80DW5s7KUFmpnrAypI52Dh1BTVfYPO3GGY320C0iLwDskfC2TZrRyIjtBGm5XDxdgvXYgTI7YU3BDjiAS75UBEao46vwWSVkXKcx%2Fl5q%2Fn899LK%2BK9n2Mxw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /images/24.png
cf-polished: origFmt=png, origSize=39008
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24130&sent=46&recv=33&lost=0&retrans=0&sent_bytes=35632&recv_bytes=8608&delivery_rate=33256&cwnd=18000&unsent_bytes=0&cid=e17d2e201decbf42&ts=813&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: image/webp
content-disposition: inline; filename="24.webp"
vary: Accept
last-modified: Wed, 23 May 2018 22:32:56 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8df67d3ede68b621-WAW
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 24384
server: cloudflare

GET
H3 200 menu_x48.png
www.onworks.net/images/ 70 B
934 B 70ms
69ms Image
image/webp 172.67.71.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/menu_x48.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.71.155 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25377c3b5fdd6f4fe4b3e8f786d6e5a475b99f242487b52b81c0162e67ece722

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

cf-bgj: imgq:100,h2pri
etag: "62503f4b-a4f"
age: 672390
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uxUN%2FO9hB0i3fefMSk69VVGM4CrCtTfFtXpucy8dAcJ7I%2B4m0W%2FfPAvtvlwyOZZg4SeiN9Cl4Hlr6BMZlioJxnzMJLMsxsMnssxhPqZNwSE1tM7huLb%2FuWK0d2gqDeIVeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /images/menu_x48.png
cf-polished: origFmt=png, origSize=2639
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24130&sent=61&recv=33&lost=0&retrans=0&sent_bytes=53632&recv_bytes=8608&delivery_rate=33256&cwnd=18000&unsent_bytes=0&cid=e17d2e201decbf42&ts=823&x=1", cfExtPri, cfHdrFlush;dur=29
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: image/webp
content-disposition: inline; filename="menu_x48.webp"
vary: Accept
last-modified: Fri, 08 Apr 2022 13:57:31 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8df67d3eee7db621-WAW
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 70
server: cloudflare

GET
H3 200 onworkslogox30.png
www.onworks.net/images/ 780 B
2 KB 79ms
78ms Image
image/webp 172.67.71.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/onworkslogox30.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.71.155 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dc5c3307b9b9a11721bc963c6f44ba98bc586f2cd9740fb0b5064f5f79962cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

cf-bgj: imgq:100,h2pri
etag: "625b025f-b14"
age: 672390
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I5m1hsHGfnF524J4LHUU3ntdoHOrZf%2FPcoY9hMEQykaHTShxFwvQ6cPXw96M6wzBmZ%2FeDEhTZB4DLTaauMdn9IQZzpgzA4vZmn%2BRRJNlUQIaO8Po8bXX3P6huCGEcTEjwA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /images/onworkslogox30.png
cf-polished: origFmt=png, origSize=2836
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24130&sent=62&recv=34&lost=0&retrans=0&sent_bytes=53656&recv_bytes=8925&delivery_rate=33256&cwnd=18000&unsent_bytes=0&cid=e17d2e201decbf42&ts=837&x=1", cfExtPri, cfHdrFlush;dur=15
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: image/webp
content-disposition: inline; filename="onworkslogox30.webp"
vary: Accept
last-modified: Sat, 16 Apr 2022 17:52:31 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8df67d3eee7fb621-WAW
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 780
server: cloudflare

GET
H3 200 240px-Search_Icon.svg.png
www.onworks.net/images/ 2 KB
3 KB 41ms
39ms Image
image/webp 172.67.71.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/240px-Search_Icon.svg.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.71.155 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

101ffbc58574cf8ad9080605fe602a65cdc54445b6eebf60c87bac3fe31bf636

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

cf-bgj: imgq:100,h2pri
etag: "5bc8c0e1-fae"
age: 672389
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Eg2A%2BIXjAqbFTIRJHMUx%2FCTlmcddoFekz7ALNE2isytzqM32MhVWlyAX%2BXuB%2F9DA1hby%2B3wDtZEQjdgSZUgzuvu0vJLnbZrMGsrd19mz9PKz9ci9cFSeK0GQrHvc9MiiSA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /images/240px-Search_Icon.svg.png
cf-polished: origFmt=png, origSize=4014
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=26539&sent=31&recv=20&lost=0&retrans=0&sent_bytes=23399&recv_bytes=5630&delivery_rate=96397&cwnd=18000&unsent_bytes=0&cid=e17d2e201decbf42&ts=307&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: image/webp
content-disposition: inline; filename="240px-Search_Icon.webp"
vary: Accept
last-modified: Thu, 18 Oct 2018 17:20:33 GMT
priority: u=2,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8df67d3bb88cb621-WAW
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 2462
server: cloudflare

GET
H2 200 stpdwrapper.js Show response
stpd.cloud/assets/ 9 KB
4 KB 433ms
69ms Script
application/javascript 104.18.31.49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stpd.cloud/assets/stpdwrapper.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.31.49 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90909d259afbaaa73f4accf86af27e03040ec2540cf1aca4a0a0e5aa8fbdc133

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.onworks.net
Referer: https://www.onworks.net/

Response headers

cache-control: public, max-age=1200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: MISS
etag: W/"4138a5b1014ef329ccf608f46f48b303"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zVcaC%2FXjY%2Bf%2FICmFfMDM5HWVp1Zyb7VbJnCg%2Fa%2BChpNhM35ZYiwbH54pcjk5I9Ycro%2Fcr4d2XvWkPMlFHeav4V2%2FIV%2B0MXYN4f%2Bn28r3m1STN5SGzcqwZQgeuOBp"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8df67d412cff352a-WAW
expires: Fri, 08 Nov 2024 15:30:20 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 fedoraicon128.jpg
images.onworks.net/images/ 4 KB
4 KB 379ms
42ms Image
image/jpeg 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/fedoraicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

25b8f3aefaa2bbab5d6a50fdb519e28c7c5e68296ae272beb4a75aa46cc298f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-VpGYxLBqE7"
x-original-content-length: 5870
x-cache-url-1: /images/fedoraicon128.jpg
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 4089
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: image/jpeg

GET
H3 200 readmoreblue2.svg
www.onworks.net/images/ 417 B
1 KB 79ms
78ms Image
image/svg+xml 172.67.71.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.onworks.net/images/readmoreblue2.svg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.71.155 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0bb478b61a1c97d3485a9075de3db15d34e1882a6af6c406516cb869097f859

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"626eaf08-1a1"
age: 672389
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xIkOLmOjAZFu%2BnZgYDz6lPinc9pMpCdcO7v5nagU2btNPMGiQa94N8izLDyZAY0baK7Ps%2FAey6kqZKOn%2B6qM7cjO9LYthoEDGkDUdBNuHS4CHvWffP7NPg2wrfn01cSx0A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /images/readmoreblue2.svg
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24130&sent=62&recv=34&lost=0&retrans=0&sent_bytes=53656&recv_bytes=8925&delivery_rate=33256&cwnd=18000&unsent_bytes=0&cid=e17d2e201decbf42&ts=826&x=1", cfExtPri, cfHdrFlush;dur=26
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Sun, 01 May 2022 16:02:16 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8df67d3eee81b621-WAW
cross-origin-embedder-policy: unsafe-none
server: cloudflare

GET
H2 200 windows10icon128.jpg
images.onworks.net/images/ 3 KB
3 KB 339ms
43ms Image
image/jpeg 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/windows10icon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

52de3fb37e167bc691b7233a515bda92daee4d136e081ec14876f571fa8355d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-Mm96OZd_ek"
x-original-content-length: 4819
x-cache-url-1: /images/windows10icon128.jpg
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 2938
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: image/jpeg

GET
H2 200 ubuntuicon128.jpg
images.onworks.net/images/ 5 KB
5 KB 43ms
41ms Image
image/jpeg 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/ubuntuicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

388bf206c1a54aac2a0f643ea09aa7cd8735cb5eaa18632c4f88e44044f33e15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-Fb0Cg5W2we"
x-original-content-length: 7983
x-cache-url-1: /images/ubuntuicon128.jpg
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 4910
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: image/jpeg

GET
H2 200 pearosicon128.jpg
images.onworks.net/images/ 2 KB
2 KB 43ms
42ms Image
image/jpeg 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/pearosicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

14f29c0d1d5cb9f8871c929af419262d5b724aa2264ba2f47ee774c7b1740e0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-QvM3gMGtUL"
x-original-content-length: 2511
x-cache-url-1: /images/pearosicon128.jpg
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 1884
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: image/jpeg

GET
H2 200 kodiicon128.jpg
images.onworks.net/images/ 4 KB
4 KB 46ms
45ms Image
image/jpeg 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/kodiicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

81ea22e6310b2238f0c937448a5e8b9f37c3e1aeee273dd3e4a5cff86bf34a6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-FOytV9gU7c"
x-original-content-length: 5332
x-cache-url-1: /images/kodiicon128.jpg
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 3734
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: image/jpeg

GET
H2 200 zorinosicon128.jpg
images.onworks.net/images/ 5 KB
6 KB 46ms
45ms Image
image/jpeg 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.onworks.net/images/zorinosicon128.jpg

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

72826aebfbd36b0946d90411b2eb52e7e54d8b002030abce5ee27dd51eadfacd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=31536000
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-EAcXNQycXi"
x-original-content-length: 7995
x-cache-url-1: /images/zorinosicon128.jpg
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 5453
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: image/jpeg

GET
H3 200 email-decode.min.js Show response
www.onworks.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 28ms
27ms Script
application/javascript 172.67.71.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.71.155 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

x-frame-options: DENY
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cache-control: max-age=172800, public
content-encoding: gzip
etag: W/"672b8df5-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OWGrcpms%2FfaSb2dbJNXaiqrKDCSgKipWmjx0DlosFmy9xnQ7pgdQyQaWpEKAwD2qyfhMDCMOb58cT3kAmztp90Rz7IGodF7tiiTgSaNDgoSPxCcHMMGfM4yIz205lv7PAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
cf-ray: 8df67d3e5d59b621-WAW
expires: Sun, 10 Nov 2024 15:10:19 GMT
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: application/javascript
last-modified: Wed, 06 Nov 2024 15:40:37 GMT
server: cloudflare
vary: Accept-Encoding

GET
H3 200 postscribe.min.js Show response
www.onworks.net/ 17 KB
6 KB 47ms
46ms Script
application/x-javascript 172.67.71.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/postscribe.min.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.71.155 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c84c0e919ae72b8ef9abd4d5f8f38bddffd185e571a13c9ab0de6be1391c3c64

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

content-encoding: br
cf-cache-status: HIT
age: 672902
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rm%2F9FBoKrz5280Eu2KvPH8MHFj6ra%2BVmknk9g0sGaczNNYXJ5ra9TBSxMFBWuBBIWixjbvCevczVFJ0Db6YnSlnu3Xx4OpGWbgbL8TQoXtZ49W545MEIog6DjKG8IAUzsw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /postscribe.min.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=25587&sent=36&recv=24&lost=0&retrans=0&sent_bytes=27964&recv_bytes=6364&delivery_rate=94363&cwnd=18000&unsent_bytes=0&cid=e17d2e201decbf42&ts=741&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: application/x-javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Thu, 31 Oct 2024 20:11:41 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8df67d3e5d5fb621-WAW
cross-origin-embedder-policy: unsafe-none
server: cloudflare

GET
H3 200 ad-blocker.js Show response
www.onworks.net/ 112 B
904 B 44ms
44ms Script
application/x-javascript 172.67.71.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/ad-blocker.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.71.155 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c7887c0f698d53558fa97c35fee57be8ef4c615a0b26d6d4f0daee6a6228c4bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

content-encoding: br
cf-cache-status: HIT
age: 215001
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dq7cL5FLiMOkXFjpfKSLvQjTfxQD%2F9euk%2FMnI0O%2F3SA8SL3CHpaWWnRN5JoYaVlHVxEkfcNNKoJOrSxIR4WuFJIXqdEijV06eaeM5KBekYgz%2FprccMp6WqLC2t1N4uRg7w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-url-1: /ad-blocker.js
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=24430&sent=43&recv=28&lost=0&retrans=0&sent_bytes=34657&recv_bytes=6805&delivery_rate=275991&cwnd=18000&unsent_bytes=0&cid=e17d2e201decbf42&ts=769&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: application/x-javascript
vary: Accept-Encoding, Accept-Encoding
last-modified: Thu, 31 Oct 2024 20:14:00 GMT
priority: u=2,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: MISS
cache-control: public, max-age=80000, s-maxage=80000
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy: unsafe-none
cf-ray: 8df67d3e8dadb621-WAW
cross-origin-embedder-policy: unsafe-none
server: cloudflare

GET
H2 200 layout-mobile-2b.css
stream.onworks.net/templates/ja_elastica/css/ 5 KB
2 KB 45ms
44ms Stylesheet
text/css 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/layout-mobile-2b.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

2419d5df9c26372a71c881e16f8716d02ba9fa384074fcf0dc9ab526847eef61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-W8B6bCngcR"
x-original-content-length: 6944
x-cache-url-1: /templates/ja_elastica/css/layout-mobile-2b.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 1700
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: text/css
vary: Accept-Encoding

GET
H2 200 layout-tablet-2b.css
stream.onworks.net/templates/ja_elastica/css/ 2 KB
1 KB 45ms
44ms Stylesheet
text/css 37.60.252.138
CONTABO

General

Check archive.org

Show headers Download Go to

Full URL

https://stream.onworks.net/templates/ja_elastica/css/layout-tablet-2b.css

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.60.252.138 Düsseldorf, Germany, ASN51167 (CONTABO, DE),

Reverse DNS

vmi2178560.contaboserver.net

Software

Resource Hash

cf7a26ecb0b35482b0f35ddd6e28fa91a0b109cf22a5953831c91234251651b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
x-cache-status-1: HIT
cache-control: public, max-age=80000, s-maxage=80000
content-encoding: gzip
cross-origin-opener-policy: unsafe-none
etag: W/"PSA-aj-8STxswNSgw"
x-original-content-length: 3680
x-cache-url-1: /templates/ja_elastica/css/layout-tablet-2b.css
cross-origin-embedder-policy: unsafe-none
accept-ranges: bytes
content-length: 652
date: Fri, 08 Nov 2024 15:10:19 GMT
content-type: text/css
vary: Accept-Encoding

GET
H3 200 getbloa.php Show response
www.onworks.net/push/ 3 B
758 B 94ms
93ms XHR
text/html 172.67.71.155
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.onworks.net/push/getbloa.php?email=No

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

172.67.71.155 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6a3cf5192354f71615ac51034b3e97c20eda99643fcaf5bbe6d41ad59bd12167

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/onworkssession.php

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2B9zew4xZ71gjhYngOiEtAC%2BA3JgPChT%2FCcTSwoGWcjcxXKbxsFfJK1fqsmh4bglaq9CODU1h9KkObz44ZqpNW%2BZMDkrotcgxN8uEQXwlLhzRI1f6A1u40slFG39QbOMRg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=30901&sent=73&recv=47&lost=0&retrans=0&sent_bytes=65173&recv_bytes=9486&delivery_rate=238134&cwnd=24000&unsent_bytes=0&cid=e17d2e201decbf42&ts=890&x=1", cfExtPri, cfHdrFlush;dur=0
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
priority: u=1,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: max-age=0, no-cache
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-page-speed: 1.13.35.2-0
cross-origin-opener-policy: unsafe-none
cf-ray: 8df67d3f0ea2b621-WAW
cross-origin-embedder-policy: unsafe-none
server: cloudflare

GET
H2 200 5728 Show response
stpd.cloud/tag/ 384 KB
128 KB 138ms
137ms Fetch
text/javascript 104.18.31.49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/tag/5728
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.31.49 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 601f35d1c8363fe14704e1607b329848a04472c6012def6402a577fc0eab3e78

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: s-maxage=300
x-stpd-module-cache: HIT
content-encoding: br
cf-ray: 8df67d41ad74352a-WAW
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: text/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5744 Show response
stpd.cloud/tag/ 384 KB
128 KB 90ms
90ms Fetch
text/javascript 104.18.31.49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/tag/5744
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.31.49 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9cf6226f1172062ada2d8c2a687f869b33a84516fcc97f9e1f4284a256da13ea

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: public, max-age=1200
content-encoding: br
cf-cache-status: HIT
age: 172
cf-ray: 8df67d41ad77352a-WAW
expires: Fri, 08 Nov 2024 15:30:20 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: text/javascript
last-modified: Fri, 08 Nov 2024 15:07:28 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5732 Show response
stpd.cloud/tag/ 384 KB
128 KB 64ms
64ms Fetch
text/javascript 104.18.31.49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/tag/5732
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.31.49 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0c3a2b7c4d2ff4d54d25bb6f0ba197dddb4bb156578ea82e353b23242d191cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: public, max-age=1200
content-encoding: br
cf-cache-status: HIT
age: 175
cf-ray: 8df67d41ad78352a-WAW
expires: Fri, 08 Nov 2024 15:30:20 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: text/javascript
last-modified: Fri, 08 Nov 2024 15:07:25 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5745 Show response
stpd.cloud/tag/ 384 KB
128 KB 269ms
268ms Fetch
text/javascript 104.18.31.49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/tag/5745
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.31.49 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 29555ba76bb2973ea85881ff0218a5975c75aa2b384a11010c5220640719ea85

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: s-maxage=300
x-stpd-module-cache: HIT
content-encoding: br
cf-ray: 8df67d41ad7a352a-WAW
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: text/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5729 Show response
stpd.cloud/tag/ 384 KB
128 KB 63ms
62ms Fetch
text/javascript 104.18.31.49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/tag/5729
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.31.49 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b007617bb370c421bb7998a586e400470e78f68c84416f6eb032305afb7ef46a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: public, max-age=1200
content-encoding: br
cf-cache-status: HIT
age: 138
cf-ray: 8df67d41ad7d352a-WAW
expires: Fri, 08 Nov 2024 15:30:20 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: text/javascript
last-modified: Fri, 08 Nov 2024 15:08:02 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 stpdwrapper.js Show response
stpd.cloud/assets/ 9 KB
0 0ms
0ms Script
application/javascript 104.18.31.49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://stpd.cloud/assets/stpdwrapper.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/postscribe.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.31.49 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90909d259afbaaa73f4accf86af27e03040ec2540cf1aca4a0a0e5aa8fbdc133

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.onworks.net
Referer: https://www.onworks.net/

Response headers

cache-control: public, max-age=1200
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: MISS
etag: W/"4138a5b1014ef329ccf608f46f48b303"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zVcaC%2FXjY%2Bf%2FICmFfMDM5HWVp1Zyb7VbJnCg%2Fa%2BChpNhM35ZYiwbH54pcjk5I9Ycro%2Fcr4d2XvWkPMlFHeav4V2%2FIV%2B0MXYN4f%2Bn28r3m1STN5SGzcqwZQgeuOBp"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8df67d412cff352a-WAW
expires: Fri, 08 Nov 2024 15:30:20 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 265 KB
94 KB 65ms
63ms Script
application/javascript 142.250.185.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-DN38F0DWYD&l=dataLayer&cx=c&gtm=457e4b70za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-117545413-4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.168 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

8b067516ddef8d0d66befec8290436bc1220931a13bd6b7b1b60c8cb89f976f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 08 Nov 2024 15:10:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 95681
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 484ms
42ms Script
text/javascript 216.58.206.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-117545413-4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
age: 6011
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 15:30:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 13:30:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame E08D 105 KB
34 KB 486ms
77ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ede3bbe4726ece010c34e87362b0ccecd59b1d8d3175d2235ea0c45eee5e65ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 676 / 20035 / m202410310101 / config-hash: 8085799516469051243
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 15:10:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 15:10:21 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33833
x-xss-protection: 0
server: cafe

GET
H2 200 5733 Show response
stpd.cloud/tag/ 384 KB
128 KB 60ms
59ms Fetch
text/javascript 104.18.31.49
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://stpd.cloud/tag/5733
Requested by: Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.31.49 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7ab96cf219685131aef6e1ef48f32d1e9fd5da1f2c12da0b632e867f0ea92a57

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: public, max-age=1200
content-encoding: br
cf-cache-status: HIT
age: 138
cf-ray: 8df67d433f65352a-WAW
expires: Fri, 08 Nov 2024 15:30:20 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:20 GMT
content-type: text/javascript
last-modified: Fri, 08 Nov 2024 15:08:02 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame FA54 105 KB
0 477ms
477ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ede3bbe4726ece010c34e87362b0ccecd59b1d8d3175d2235ea0c45eee5e65ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 676 / 20035 / m202410310101 / config-hash: 8085799516469051243
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 15:10:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 15:10:21 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33833
x-xss-protection: 0
server: cafe

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame AA19 105 KB
0 466ms
466ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ede3bbe4726ece010c34e87362b0ccecd59b1d8d3175d2235ea0c45eee5e65ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 676 / 20035 / m202410310101 / config-hash: 8085799516469051243
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 15:10:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 15:10:21 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33833
x-xss-protection: 0
server: cafe

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame DFFD 105 KB
0 456ms
456ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ede3bbe4726ece010c34e87362b0ccecd59b1d8d3175d2235ea0c45eee5e65ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 676 / 20035 / m202410310101 / config-hash: 8085799516469051243
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 15:10:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 15:10:21 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33833
x-xss-protection: 0
server: cafe

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 456ms
47ms Fetch
text/plain 216.239.34.36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-DN38F0DWYD&gtm=45je4b70v9121000514za200&_p=1731078619967&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&cid=1095806677.1731078621&ul=pl-pl&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1731078620&sct=1&seg=0&dl=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&dt=Session%20management%20for%20OnWorks%20Free%20hosting%20provider%20for%20Linux%20online&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1590
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DN38F0DWYD&l=dataLayer&cx=c&gtm=457e4b70za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.34.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.onworks.net
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 15:10:21 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 98F5 105 KB
0 379ms
379ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ede3bbe4726ece010c34e87362b0ccecd59b1d8d3175d2235ea0c45eee5e65ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 676 / 20035 / m202410310101 / config-hash: 8085799516469051243
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 15:10:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 15:10:21 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33833
x-xss-protection: 0
server: cafe

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ Frame 2628 105 KB
0 372ms
372ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: stpd.cloud
URL: https://stpd.cloud/assets/stpdwrapper.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f2.1e100.net

Software

cafe /

Resource Hash

ede3bbe4726ece010c34e87362b0ccecd59b1d8d3175d2235ea0c45eee5e65ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 676 / 20035 / m202410310101 / config-hash: 8085799516469051243
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 15:10:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 15:10:21 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 33833
x-xss-protection: 0
server: cafe

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
419 B 50ms
48ms XHR
text/plain 216.58.206.46
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=394594491&t=pageview&_s=1&dl=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ul=pl-pl&de=UTF-8&dt=Session%20management%20for%20OnWorks%20Free%20hosting%20provider%20for%20Linux%20online&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=441395213&gjid=1251482510&cid=1095806677.1731078621&tid=UA-117545413-4&_gid=94928268.1731078621&_r=1&gtm=457e4b70za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101823848~101925629&jsscut=1&npa=1&z=215796297

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.46 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.onworks.net/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 15:10:21 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://www.onworks.net
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 1
server: Golfe2

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/ Frame E08D 490 KB
151 KB 144ms
48ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e944876c5fd13cc8ed0441c1a8bac2657147995d36634ce300b5ada152cbf52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 6558442857186661420
age: 16989
x-content-type-options: nosniff
expires: Sat, 08 Nov 2025 10:27:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 08 Nov 2024 10:27:12 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 155051
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/ Frame DFFD 490 KB
0 133ms
133ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e944876c5fd13cc8ed0441c1a8bac2657147995d36634ce300b5ada152cbf52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 6558442857186661420
age: 16989
x-content-type-options: nosniff
expires: Sat, 08 Nov 2025 10:27:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 08 Nov 2024 10:27:12 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 155051
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/ Frame FA54 490 KB
0 129ms
129ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e944876c5fd13cc8ed0441c1a8bac2657147995d36634ce300b5ada152cbf52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 6558442857186661420
age: 16989
x-content-type-options: nosniff
expires: Sat, 08 Nov 2025 10:27:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 08 Nov 2024 10:27:12 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 155051
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/ Frame 2628 490 KB
0 116ms
116ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e944876c5fd13cc8ed0441c1a8bac2657147995d36634ce300b5ada152cbf52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 6558442857186661420
age: 16989
x-content-type-options: nosniff
expires: Sat, 08 Nov 2025 10:27:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 08 Nov 2024 10:27:12 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 155051
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/ Frame AA19 490 KB
0 111ms
111ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e944876c5fd13cc8ed0441c1a8bac2657147995d36634ce300b5ada152cbf52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 6558442857186661420
age: 16989
x-content-type-options: nosniff
expires: Sat, 08 Nov 2025 10:27:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 08 Nov 2024 10:27:12 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 155051
x-xss-protection: 0
server: cafe

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/ Frame 98F5 490 KB
0 108ms
108ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e944876c5fd13cc8ed0441c1a8bac2657147995d36634ce300b5ada152cbf52d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: 6558442857186661420
age: 16989
x-content-type-options: nosniff
expires: Sat, 08 Nov 2025 10:27:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Fri, 08 Nov 2024 10:27:12 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 155051
x-xss-protection: 0
server: cafe

GET
H2 200 op.js Show response
tagan.adlightning.com/setupad/ Frame 98F5 14 KB
7 KB 455ms
41ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/op.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ab23891ab9199d6c2ec7c9d39f22de4231dd5ed0f645f31ecac1108183d6ab1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
x-amz-version-id: g8XjM5en752BMuUVAQ7Y3hnbUyqV6chi
etag: "42e06c829461385615e72d7117a1790e"
age: 473
x-cache: Hit from cloudfront
x-amz-cf-id: llOp9MmLcSNwe79G7zrqh7-cMqKdHIXPlN2OaHnW5cpF9CNhvqcIew==
date: Fri, 08 Nov 2024 15:02:30 GMT
content-type: application/javascript
vary: accept-encoding
last-modified: Fri, 08 Nov 2024 10:40:36 GMT
cache-control: max-age=3600
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 6528
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ Frame 98F5 2 KB
1 KB 442ms
40ms Fetch
application/json 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241108

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dc88fca5f3240a994f4943b04be43a02aeea210184191253d09e1a549887e597

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"63a-LUlEkVwCQKgyI9U40V7Xo0MaDaE"
age: 40166
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-eddf8230128-FRA
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 827
x-jsd-version: 1.0.2233

POST
H2 200 prebid Show response
id5-sync.com/api/config/ Frame 98F5 167 B
448 B 244ms
45ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:21 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 98F5 2 B
373 B 579ms
48ms Fetch
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 220314
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame 98F5 1 KB
1 KB 436ms
48ms Script
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"00a8e13a83b2bbab51af8e55f52be363"
Age: 304760
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BVBBAt1K3mP3%2BTSRv0YEJ71AFZCH%2BcZHVBX4HgdqUDrZEvilLpIkBzMGAkz4KFkg9LVKfCBA%2Flc%2FlxnTS5TxmnsKPn9wyDV1zx6as1QbATPZfQnQXu3ByjYxK7mukpei"}],"group":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=31754&sent=5&recv=9&lost=0&retrans=0&sent_bytes=3485&recv_bytes=2202&delivery_rate=122888&cwnd=88&unsent_bytes=0&cid=2fccda9240892c9e&ts=51&x=0"
Date: Fri, 08 Nov 2024 15:10:22 GMT
Content-Type: application/javascript
Last-Modified: Wed, 28 Aug 2024 15:06:32 GMT
Vary: Accept-Encoding
Transfer-Encoding: chunked
Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
CF-RAY: 8df67d4d48645b78-VIE
Server: cloudflare

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 454ms
49ms Preflight
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.onworks.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.onworks.net
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 08 Nov 2024 15:10:21 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 205357
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 op.js Show response
tagan.adlightning.com/setupad/ Frame DFFD 14 KB
0 330ms
330ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/op.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ab23891ab9199d6c2ec7c9d39f22de4231dd5ed0f645f31ecac1108183d6ab1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
x-amz-version-id: g8XjM5en752BMuUVAQ7Y3hnbUyqV6chi
etag: "42e06c829461385615e72d7117a1790e"
age: 473
x-cache: Hit from cloudfront
x-amz-cf-id: llOp9MmLcSNwe79G7zrqh7-cMqKdHIXPlN2OaHnW5cpF9CNhvqcIew==
date: Fri, 08 Nov 2024 15:02:30 GMT
content-type: application/javascript
vary: accept-encoding
last-modified: Fri, 08 Nov 2024 10:40:36 GMT
cache-control: max-age=3600
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 6528
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ Frame DFFD 2 KB
0 312ms
312ms Fetch
application/json 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241108

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dc88fca5f3240a994f4943b04be43a02aeea210184191253d09e1a549887e597

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"63a-LUlEkVwCQKgyI9U40V7Xo0MaDaE"
age: 40166
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-eddf8230128-FRA
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 827
x-jsd-version: 1.0.2233

POST
H2 200 prebid Show response
id5-sync.com/api/config/ Frame DFFD 167 B
447 B 92ms
44ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:21 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame DFFD 2 B
373 B 530ms
45ms Fetch
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 204254
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame DFFD 1 KB
835 B 325ms
49ms Script
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"00a8e13a83b2bbab51af8e55f52be363"
Age: 304760
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IsFizfFnWn4JsWjaVGYcFARz8CMoGwc8TbgjKwHSieubb4E%2FhiyN1jKijyJJuBJ75uWWfEUaMRKZZLRt9%2B7J2k9toAUVeVRHyW3Q%2FVHKC%2FmjiMHRF%2BUHEG7OfANwk1TY"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8df67d4d98e05b78-VIE
server-timing: cfL4;desc="?proto=TCP&rtt=31724&sent=9&recv=14&lost=0&retrans=0&sent_bytes=5504&recv_bytes=2719&delivery_rate=165785&cwnd=92&unsent_bytes=0&cid=2fccda9240892c9e&ts=102&x=0"
Date: Fri, 08 Nov 2024 15:10:22 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:32 GMT
Vary: Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 289ms
48ms Preflight
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.onworks.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.onworks.net
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 08 Nov 2024 15:10:21 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 241014
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 op.js Show response
tagan.adlightning.com/setupad/ Frame FA54 14 KB
0 151ms
151ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/op.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ab23891ab9199d6c2ec7c9d39f22de4231dd5ed0f645f31ecac1108183d6ab1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
x-amz-version-id: g8XjM5en752BMuUVAQ7Y3hnbUyqV6chi
etag: "42e06c829461385615e72d7117a1790e"
age: 473
x-cache: Hit from cloudfront
x-amz-cf-id: llOp9MmLcSNwe79G7zrqh7-cMqKdHIXPlN2OaHnW5cpF9CNhvqcIew==
date: Fri, 08 Nov 2024 15:02:30 GMT
content-type: application/javascript
vary: accept-encoding
last-modified: Fri, 08 Nov 2024 10:40:36 GMT
cache-control: max-age=3600
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 6528
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ Frame FA54 2 KB
0 135ms
135ms Fetch
application/json 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241108

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dc88fca5f3240a994f4943b04be43a02aeea210184191253d09e1a549887e597

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"63a-LUlEkVwCQKgyI9U40V7Xo0MaDaE"
age: 40166
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-eddf8230128-FRA
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 827
x-jsd-version: 1.0.2233

POST
H2 200 prebid Show response
id5-sync.com/api/config/ Frame FA54 167 B
447 B 55ms
48ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:21 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame FA54 2 B
373 B 482ms
46ms Fetch
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 234490
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:21 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame FA54 1 KB
834 B 246ms
47ms Script
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"00a8e13a83b2bbab51af8e55f52be363"
Age: 304760
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l5Q52lPlCibmc22RDF%2FhoLCU8jVHdugRNHgS%2BVC1tUW%2FziTSps5WAhNmZAA87LYb2pK2qQ98snHuAimLKlWD1Rqhqlw09fyH2mO6f2RhtjlvHVECH%2ByCUW7SiBCRUqbw"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8df67d4de9675b78-VIE
server-timing: cfL4;desc="?proto=TCP&rtt=31718&sent=10&recv=16&lost=0&retrans=0&sent_bytes=6361&recv_bytes=3236&delivery_rate=165785&cwnd=93&unsent_bytes=0&cid=2fccda9240892c9e&ts=156&x=0"
Date: Fri, 08 Nov 2024 15:10:22 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:32 GMT
Vary: Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 157ms
47ms Preflight
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.onworks.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.onworks.net
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 08 Nov 2024 15:10:21 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 246020
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 53ms
42ms Preflight
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.onworks.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://www.onworks.net
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Fri, 08 Nov 2024 15:10:21 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 207429
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 op.js Show response
tagan.adlightning.com/setupad/ Frame 2628 14 KB
0 34ms
34ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/op.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ab23891ab9199d6c2ec7c9d39f22de4231dd5ed0f645f31ecac1108183d6ab1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
x-amz-version-id: g8XjM5en752BMuUVAQ7Y3hnbUyqV6chi
etag: "42e06c829461385615e72d7117a1790e"
age: 473
x-cache: Hit from cloudfront
x-amz-cf-id: llOp9MmLcSNwe79G7zrqh7-cMqKdHIXPlN2OaHnW5cpF9CNhvqcIew==
date: Fri, 08 Nov 2024 15:02:30 GMT
content-type: application/javascript
vary: accept-encoding
last-modified: Fri, 08 Nov 2024 10:40:36 GMT
cache-control: max-age=3600
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 6528
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ Frame 2628 2 KB
0 23ms
23ms Fetch
application/json 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241108

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dc88fca5f3240a994f4943b04be43a02aeea210184191253d09e1a549887e597

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"63a-LUlEkVwCQKgyI9U40V7Xo0MaDaE"
age: 40166
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-eddf8230128-FRA
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 827
x-jsd-version: 1.0.2233

POST
H2 200 prebid Show response
id5-sync.com/api/config/ Frame 2628 167 B
447 B 44ms
43ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 2628 2 B
374 B 437ms
45ms Fetch
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 201448
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame 2628 1 KB
838 B 198ms
47ms Script
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"00a8e13a83b2bbab51af8e55f52be363"
Age: 304760
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Er2Y7NrJqTYQqxJy%2FiO%2F0V6hJWI5AATLMshoBqw1vTu5KZQPqvumNuRYaxa%2F3J9dBqgDM%2BQeH8Axe0MRXRvauskT3YmiTJL7tbL59%2B9TJlyznPD%2BMJnd3pbe0FLQ993"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8df67d4e39ff5b78-VIE
server-timing: cfL4;desc="?proto=TCP&rtt=32358&sent=11&recv=17&lost=0&retrans=0&sent_bytes=7217&recv_bytes=3753&delivery_rate=165785&cwnd=93&unsent_bytes=0&cid=2fccda9240892c9e&ts=207&x=0"
Date: Fri, 08 Nov 2024 15:10:22 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:32 GMT
Vary: Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

GET
H2 200 op.js Show response
tagan.adlightning.com/setupad/ Frame E08D 14 KB
0 5ms
5ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/op.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ab23891ab9199d6c2ec7c9d39f22de4231dd5ed0f645f31ecac1108183d6ab1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
x-amz-version-id: g8XjM5en752BMuUVAQ7Y3hnbUyqV6chi
etag: "42e06c829461385615e72d7117a1790e"
age: 473
x-cache: Hit from cloudfront
x-amz-cf-id: llOp9MmLcSNwe79G7zrqh7-cMqKdHIXPlN2OaHnW5cpF9CNhvqcIew==
date: Fri, 08 Nov 2024 15:02:30 GMT
content-type: application/javascript
vary: accept-encoding
last-modified: Fri, 08 Nov 2024 10:40:36 GMT
cache-control: max-age=3600
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 6528
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ Frame E08D 2 KB
0 3ms
3ms Fetch
application/json 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241108

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dc88fca5f3240a994f4943b04be43a02aeea210184191253d09e1a549887e597

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"63a-LUlEkVwCQKgyI9U40V7Xo0MaDaE"
age: 40166
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-eddf8230128-FRA
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 827
x-jsd-version: 1.0.2233

POST
H2 200 prebid Show response
id5-sync.com/api/config/ Frame E08D 167 B
447 B 47ms
44ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:21 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame E08D 2 B
388 B 581ms
45ms Fetch
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 202750
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame E08D 1 KB
836 B 139ms
48ms Script
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"00a8e13a83b2bbab51af8e55f52be363"
Age: 304760
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uwCDFsHCskCkLh4MwVeaepyoJ058xHV%2FTFvYxQ8ayGtqyDuoDc1pyBJJxQlxwYLV75bcY6iFoFHNRglFfo%2FMKaY1JFS5op1%2FcKAe%2B4C5r6ET%2FtvS82zC7kAQvzEkwNI6"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8df67d4e8a935b78-VIE
server-timing: cfL4;desc="?proto=TCP&rtt=32597&sent=12&recv=18&lost=0&retrans=0&sent_bytes=8077&recv_bytes=4270&delivery_rate=165785&cwnd=93&unsent_bytes=0&cid=2fccda9240892c9e&ts=254&x=0"
Date: Fri, 08 Nov 2024 15:10:22 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:32 GMT
Vary: Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

GET
H2 200 op.js Show response
tagan.adlightning.com/setupad/ Frame AA19 14 KB
0 1ms
1ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/op.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6ab23891ab9199d6c2ec7c9d39f22de4231dd5ed0f645f31ecac1108183d6ab1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
x-amz-version-id: g8XjM5en752BMuUVAQ7Y3hnbUyqV6chi
etag: "42e06c829461385615e72d7117a1790e"
age: 473
x-cache: Hit from cloudfront
x-amz-cf-id: llOp9MmLcSNwe79G7zrqh7-cMqKdHIXPlN2OaHnW5cpF9CNhvqcIew==
date: Fri, 08 Nov 2024 15:02:30 GMT
content-type: application/javascript
vary: accept-encoding
last-modified: Fri, 08 Nov 2024 10:40:36 GMT
cache-control: max-age=3600
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 6528
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 latest.json Show response
cdn.jsdelivr.net/gh/prebid/currency-file@1/ Frame AA19 2 KB
0 0ms
0ms Fetch
application/json 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/currency-file@1/latest.json?date=20241108

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dc88fca5f3240a994f4943b04be43a02aeea210184191253d09e1a549887e597

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: *
content-encoding: br
etag: W/"63a-LUlEkVwCQKgyI9U40V7Xo0MaDaE"
age: 40166
x-content-type-options: nosniff
x-jsd-version-type: version
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: HIT
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
x-served-by: cache-fra-eddf8230128-FRA
vary: Accept-Encoding
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
content-length: 827
x-jsd-version: 1.0.2233

POST
H2 200 prebid Show response
id5-sync.com/api/config/ Frame AA19 167 B
447 B 44ms
42ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:21 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials: true

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame AA19 2 B
373 B 529ms
45ms Fetch
application/json 178.250.1.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwww.onworks.net%2F&domain=www.onworks.net&cw=1&lsw=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: application/json
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 176960
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H/1.1 200
OK localstore.js Show response
script.4dex.io/ Frame AA19 1 KB
840 B 93ms
49ms Script
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"00a8e13a83b2bbab51af8e55f52be363"
Age: 304760
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a8U87wawc1uE7NRap2E1EW6xXXTzxQyQhVQErh4%2BB5x1yF5%2Fyv%2FtHPIeMSlIl%2B77%2BPikYsrUWKRWreegF3wnFgULg5bVe%2BufgvTwdg4jATLAANZerTOj%2FwIqKvzCg78a"}],"group":"cf-nel","max_age":604800}
CF-RAY: 8df67d4edb1f5b78-VIE
server-timing: cfL4;desc="?proto=TCP&rtt=33161&sent=13&recv=19&lost=0&retrans=0&sent_bytes=8935&recv_bytes=4787&delivery_rate=165785&cwnd=93&unsent_bytes=0&cid=2fccda9240892c9e&ts=305&x=0"
Date: Fri, 08 Nov 2024 15:10:22 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:32 GMT
Vary: Accept-Encoding
Server: cloudflare
Content-Type: application/javascript

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame 98F5 1 KB
1 KB 151ms
51ms Fetch
application/json 104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 51d187e3e6260158dcf43dcfe8294ed8ef2c2245eb258b4867e36f71d55c160e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s2GrHJ1WQx9cy%2BnMWXZfJp99mFZW2g1IUxxemI5H6VVXU7f%2FjDT%2FA%2B5Z7hxE5PoAFRgtT9t7z8AotN0%2BDe6kljWzf%2FoyohBVcbQn2G1pk6X3tAlpTrM41QAB8vJsi6Zn0C0JSA4bexb1"}],"group":"cf-nel","max_age":604800}
cf-ray: 8df67d4f690cd391-FRA
expires: 0
access-control-allow-origin: https://www.onworks.net
server-timing: cfL4;desc="?proto=TCP&rtt=37984&sent=8&recv=17&lost=0&retrans=0&sent_bytes=4002&recv_bytes=3174&delivery_rate=103755&cwnd=86&unsent_bytes=0&cid=0559294454b2de95&ts=59&x=0"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame 98F5 3 KB
2 KB 544ms
446ms Fetch
application/json 104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 652ec7cc53b1d4ce7f0d5f72fbe286ad0ff0a3c44eef366f60faf26d3a3d60fd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yQkSdyQWSLpaKFd5gBzeQofKzLpoVLz%2FOw6GHmgmMOYpvOLQSiLzgMIedrUJC4AblF6wcDD8PQmYzu7VgWkHbCzBxZ025yUxf8OsUTOS0BDOxMF3WaAm7%2Be1wnITu1pYhzQu13c5Qrgq"}],"group":"cf-nel","max_age":604800}
expires: 0
server-timing: cfL4;desc="?proto=TCP&rtt=42111&sent=53&recv=53&lost=0&retrans=0&sent_bytes=19297&recv_bytes=17103&delivery_rate=211392&cwnd=91&unsent_bytes=0&cid=0559294454b2de95&ts=459&x=0"
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: application/json
vary: Origin
cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
access-control-allow-credentials: true
cf-ray: 8df67d4f690ad391-FRA
access-control-allow-origin: https://www.onworks.net
x-prebid: pbs-go/0.259.0
server: cloudflare

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame 98F5 0
40 B 150ms
44ms Fetch 163.5.194.33
SECUREDSERVERS-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 163.5.194.33 Amsterdam, Netherlands, ASN60558 (SECUREDSERVERS-EU, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=0, private, must-revalidate
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
x-envoy-upstream-service-time: 1
vary: origin, accept-encoding, Accept-Encoding
server: envoy
access-control-allow-credentials: true

POST
H2 204 prebid Show response
mp.4dex.io/ Frame 98F5 0
41 B 471ms
95ms Fetch 172.64.153.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.78 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

x-version: 3.0.0-gcp-ams
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
pragma: no-cache
x-err: Shapings: no adunits with size and seat and mapping
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8df67d511a19c079-WAW
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin, Accept-Encoding
server: cloudflare

POST
H2 204 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ Frame 98F5 0
215 B 523ms
48ms Fetch 64.158.223.146
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.158.223.146 Amsterdam, Netherlands, ASN41041 (VCLK-EU-SE, US),
Reverse DNS: ams02-convex-float1.dotomi.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:23 GMT
server: nginx

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame 98F5 2 KB
2 KB 205ms
108ms Fetch
application/json 185.106.140.18
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.140.18 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: 897b7859cc1e90414705ed226993f7bde573512262ab53adfe80d938b81d24aa

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: 0
Access-Control-Allow-Origin: https://www.onworks.net
Content-Length: 1962
Date: Fri, 08 Nov 2024 15:10:22 GMT
X-Prebid: pbs-go/unknown
Content-Type: application/json
Vary: Origin
Server: nginx

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame 98F5 19 B
681 B 498ms
390ms Fetch
application/json 3.124.64.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.27.0&referrer=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&tmax=1000

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.124.64.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-64-248.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
accept-ch: sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink
access-control-allow-credentials: true
observe-browsing-topics: ?1
expires: Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin: https://www.onworks.net
x-xss-protection: 0
content-type: application/json; charset=utf-8
vary: Accept-Encoding

POST
H2 200 v1 Show response
prg.smartadserver.com/prebid/ Frame 98F5 358 B
569 B 329ms
176ms Fetch
application/json 5.135.209.96
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.135.209.96 , France, ASN16276 (OVH, FR),
Reverse DNS: ip96.ip-5-135-209.eu
Software: /
Resource Hash: 4981c5f70553aacb3ef7ce2630b0e3eab6539e3ed34021693fd029fe009eeea1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding, Origin

POST
H2 200 openrtb Show response
adx.adform.net/adx/ Frame 98F5 2 KB
2 KB 247ms
110ms Fetch
application/json 37.157.2.229
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.157.2.229 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

1cf546e201d7afa553e1a42e67825fef8860351a51ddb808e8b02f86c3848f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
content-encoding: gzip
access-control-allow-methods: POST,OPTIONS
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
server: nginx

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ Frame 98F5 138 B
827 B 157ms
49ms Fetch
application/json 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

f2ccfe0a97e6746488c0e165704fd2aa9b522e3b27d0c4a952b3f254fc630d70

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 146.70.85.170; 146.70.85.170; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.onworks.net
an-x-request-uuid: 7f1a9e73-390b-4d1d-a71e-c88267478864
content-length: 138
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 08 Nov 2024 15:10:22 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 98F5 0
501 B 568ms
100ms Fetch 178.250.1.56
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.27.0&cb=10159754399&lsavail=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.56 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
observe-browsing-topics: ?1
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin
server: Kestrel

POST
H2 200 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 98F5 1 KB
1010 B 158ms
53ms Fetch
application/json 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: 2554e4ac15349713d8b5318b3fe36d8da1792096d7b5290a4efb156fa7566d26

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 3600
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-allow-origin: https://www.onworks.net
content-length: 781
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json;charset=utf-8
vary: Origin

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame DFFD 1 KB
848 B 116ms
52ms Fetch
application/json 104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9474be1ca24b268791ddd7e16b1a0488e3cf6deb1b676783f80661835e22757

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qo64HSegQFmNQHUgN%2Bu8s4phSmMp3yh3t11JulEU%2FayqdsOgWUIavw542XXN%2BV4yVwsqH5H2njan91Amsamo7Cq7XGx28y3VPnWRbu6hzjpNRFSJxAetnZtt4azOgj7%2F7Ii%2BPTCmm6mQ"}],"group":"cf-nel","max_age":604800}
cf-ray: 8df67d4f6910d391-FRA
expires: 0
access-control-allow-origin: https://www.onworks.net
server-timing: cfL4;desc="?proto=TCP&rtt=37984&sent=12&recv=17&lost=0&retrans=0&sent_bytes=5290&recv_bytes=3174&delivery_rate=103755&cwnd=86&unsent_bytes=0&cid=0559294454b2de95&ts=64&x=0"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame DFFD 3 KB
2 KB 782ms
728ms Fetch
application/json 104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a165e3e52a937f8ca68a87b90076e1d7658f51fe558c1e24764d119f8d4c0e9f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BiRN4elo80fU9nRzT9fwf%2FftDenWa2KVXNUGEHnJsMbFVXGhs%2BIYm9fbfCCRn1%2BAvXqi0h7cfqaB3lRS92zwWQD8vdWk2n9BdrXf7FSODAa4GcxQ%2BAVUnZcYfCyM9RYf1%2F3ksn3JZ8Sy"}],"group":"cf-nel","max_age":604800}
expires: 0
server-timing: cfL4;desc="?proto=TCP&rtt=40785&sent=57&recv=56&lost=0&retrans=0&sent_bytes=21713&recv_bytes=17103&delivery_rate=211392&cwnd=91&unsent_bytes=0&cid=0559294454b2de95&ts=741&x=0"
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: application/json
vary: Origin
cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
access-control-allow-credentials: true
cf-ray: 8df67d4f6912d391-FRA
access-control-allow-origin: https://www.onworks.net
x-prebid: pbs-go/0.259.0
server: cloudflare

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame DFFD 0
174 B 104ms
43ms Fetch 163.5.194.33
SECUREDSERVERS-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 163.5.194.33 Amsterdam, Netherlands, ASN60558 (SECUREDSERVERS-EU, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=0, private, must-revalidate
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:21 GMT
x-envoy-upstream-service-time: 1
vary: origin, accept-encoding, Accept-Encoding
server: envoy
access-control-allow-credentials: true

POST
H2 204 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ Frame DFFD 0
214 B 483ms
48ms Fetch 64.158.223.146
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.158.223.146 Amsterdam, Netherlands, ASN41041 (VCLK-EU-SE, US),
Reverse DNS: ams02-convex-float1.dotomi.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:23 GMT
server: nginx

POST
H2 200 openrtb Show response
adx.adform.net/adx/ Frame DFFD 2 KB
2 KB 211ms
114ms Fetch
application/json 37.157.2.229
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.157.2.229 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e5feaf35ed0e13d702c62be765ea88100cab64c67787173e73c9001cc51f3129

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
content-encoding: gzip
access-control-allow-methods: POST,OPTIONS
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
server: nginx

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame DFFD 0
502 B 536ms
102ms Fetch 178.250.1.56
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.27.0&cb=10413497090&lsavail=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.56 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
observe-browsing-topics: ?1
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin
server: Kestrel

POST
H2 200 v1 Show response
prg.smartadserver.com/prebid/ Frame DFFD 358 B
568 B 296ms
185ms Fetch
application/json 5.135.209.96
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.135.209.96 , France, ASN16276 (OVH, FR),
Reverse DNS: ip96.ip-5-135-209.eu
Software: /
Resource Hash: 4981c5f70553aacb3ef7ce2630b0e3eab6539e3ed34021693fd029fe009eeea1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding, Origin

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ Frame DFFD 139 B
829 B 115ms
45ms Fetch
application/json 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

b22ccb82da144cf5f2dac9a7efd05f52d18548007cc8738806c6a14ef746479f

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 146.70.85.170; 146.70.85.170; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.onworks.net
an-x-request-uuid: 82312bb8-eade-4514-8960-7f9a06a3d156
content-length: 139
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 08 Nov 2024 15:10:22 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame DFFD 0
177 B 119ms
51ms Fetch 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame DFFD 2 KB
2 KB 137ms
45ms Fetch
application/json 185.106.140.18
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.140.18 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: c46190260eecd200398b24a43ec8a5788657a055827eea1a302c644eb83d3b87

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: 0
Access-Control-Allow-Origin: https://www.onworks.net
Content-Length: 1961
Date: Fri, 08 Nov 2024 15:10:22 GMT
X-Prebid: pbs-go/unknown
Content-Type: application/json
Vary: Origin
Server: nginx

POST
H2 204 prebid Show response
mp.4dex.io/ Frame DFFD 0
272 B 395ms
77ms Fetch 172.64.153.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.78 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

x-version: 3.0.0-gcp-ams
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
pragma: no-cache
x-err: Shapings: no adunits with size and seat and mapping
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8df67d511a1ec079-WAW
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin, Accept-Encoding
server: cloudflare

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame DFFD 19 B
682 B 124ms
69ms Fetch
application/json 3.124.64.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.27.0&referrer=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&tmax=1000

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.124.64.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-64-248.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
accept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory
access-control-allow-credentials: true
observe-browsing-topics: ?1
expires: Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin: https://www.onworks.net
x-xss-protection: 0
content-type: application/json; charset=utf-8
vary: Accept-Encoding

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame FA54 1 KB
851 B 100ms
84ms Fetch
application/json 104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfb526b9866860986cd7dd3de9355ded4ac3b9323297048ead59b0aac4a58d1d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uvbzj8gtpHpV34d%2BUKYkNF7l%2BaA2vSNeDKAO8jP10ReUXWRO%2BewibRsgx9qGub67Gdq4k%2FEeUIk3Q%2Bo9s6lwWpOqVqBfYoX3A3B4Saib4UhEXDQ%2BT52LAAhxn8OARX%2FFuCxCDZMnmkmN"}],"group":"cf-nel","max_age":604800}
cf-ray: 8df67d4f690ed391-FRA
expires: 0
access-control-allow-origin: https://www.onworks.net
server-timing: cfL4;desc="?proto=TCP&rtt=38726&sent=18&recv=28&lost=0&retrans=0&sent_bytes=6204&recv_bytes=12213&delivery_rate=132205&cwnd=91&unsent_bytes=0&cid=0559294454b2de95&ts=97&x=0"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame FA54 3 KB
2 KB 188ms
174ms Fetch
application/json 104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cfdc86efea1d407c9204f0c7faf17afce136acf570336610956a4ef10af37392

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U3yqM8apbjgtLzon3g0WCXMxp2CZta0UxsZZmmSiOWVGlIqEvuMe0rEJy0K8%2B9q3i8Op4PoVEE%2FFtEfUi5%2BBPDO9ZUtex3W9yD5ps4NThcY5I6HqJRHqsRMJMlw5tvzlfoX3%2B%2FLL0vqF"}],"group":"cf-nel","max_age":604800}
expires: 0
server-timing: cfL4;desc="?proto=TCP&rtt=38877&sent=32&recv=44&lost=0&retrans=0&sent_bytes=8952&recv_bytes=17103&delivery_rate=211392&cwnd=91&unsent_bytes=0&cid=0559294454b2de95&ts=188&x=0"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json
vary: Origin
cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
access-control-allow-credentials: true
cf-ray: 8df67d4f6914d391-FRA
access-control-allow-origin: https://www.onworks.net
x-prebid: pbs-go/0.259.0
server: cloudflare

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame FA54 2 KB
2 KB 211ms
116ms Fetch
application/json 185.106.140.18
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.140.18 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: b70ffb78be2399291bd01af0d91edb91139ac4229fc5428b09fb1fda2237a172

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: 0
Access-Control-Allow-Origin: https://www.onworks.net
Content-Length: 1961
Date: Fri, 08 Nov 2024 15:10:22 GMT
X-Prebid: pbs-go/unknown
Content-Type: application/json
Vary: Origin
Server: nginx

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame FA54 0
178 B 87ms
51ms Fetch 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H2 200 v1 Show response
prg.smartadserver.com/prebid/ Frame FA54 358 B
568 B 267ms
191ms Fetch
application/json 5.135.209.96
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.135.209.96 , France, ASN16276 (OVH, FR),
Reverse DNS: ip96.ip-5-135-209.eu
Software: /
Resource Hash: 4981c5f70553aacb3ef7ce2630b0e3eab6539e3ed34021693fd029fe009eeea1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding, Origin

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame FA54 0
489 B 539ms
143ms Fetch 178.250.1.56
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.27.0&cb=94823409465&lsavail=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.56 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
observe-browsing-topics: ?1
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin
server: Kestrel

POST
H2 200 openrtb Show response
adx.adform.net/adx/ Frame FA54 2 KB
2 KB 170ms
113ms Fetch
application/json 37.157.2.229
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.157.2.229 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

c5200f07ef11e7b3ca3e6b06cabaff902eb3a18da78d7bf28e15416a247d6845

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
content-encoding: gzip
access-control-allow-methods: POST,OPTIONS
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
server: nginx

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame FA54 0
20 B 97ms
84ms Fetch 163.5.194.33
SECUREDSERVERS-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 163.5.194.33 Amsterdam, Netherlands, ASN60558 (SECUREDSERVERS-EU, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=0, private, must-revalidate
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
x-envoy-upstream-service-time: 0
vary: origin, accept-encoding, Accept-Encoding
server: envoy
access-control-allow-credentials: true

POST
H2 204 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ Frame FA54 0
214 B 481ms
92ms Fetch 64.158.223.146
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.158.223.146 Amsterdam, Netherlands, ASN41041 (VCLK-EU-SE, US),
Reverse DNS: ams02-convex-float1.dotomi.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:23 GMT
server: nginx

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ Frame FA54 138 B
827 B 71ms
46ms Fetch
application/json 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

c8d4c98956c200fee9af8e2c1d6d9527123a0737bbaae846320f6f9ccf68780e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 146.70.85.170; 146.70.85.170; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.onworks.net
an-x-request-uuid: 0c1c6b81-8cc0-4b59-85df-0e03f7f994f4
content-length: 138
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 08 Nov 2024 15:10:22 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame FA54 19 B
681 B 125ms
105ms Fetch
application/json 3.124.64.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.27.0&referrer=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&tmax=1000

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.124.64.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-64-248.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
accept-ch: sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width
access-control-allow-credentials: true
observe-browsing-topics: ?1
expires: Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin: https://www.onworks.net
x-xss-protection: 0
content-type: application/json; charset=utf-8
vary: Accept-Encoding

POST
H2 204 prebid Show response
mp.4dex.io/ Frame FA54 0
41 B 372ms
94ms Fetch 172.64.153.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.78 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

x-version: 3.0.0-gcp-ams
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
pragma: no-cache
x-err: Shapings: no adunits with size and seat and mapping
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8df67d511a2bc079-WAW
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin, Accept-Encoding
server: cloudflare

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame 2628 1 KB
853 B 66ms
64ms Fetch
application/json 104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7160a771fc3d7c014c59034e6ff9d2bec065d808771165bf5e6b4593a2a2de72

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UNZiiyqKDAAOYnCOfwIsYcC8%2Fh4AR%2BzRzq%2B2L45Fn7%2Bq2rbvtQ8YtXQavVAUO95x1oAcSkjjfoTFUwq2Crr0YNN%2BAaH0Ff%2BRSyxCfhPrU%2F40Ix0%2FyWU8vpg%2B53S2LMlkTwZsovzFzIIa"}],"group":"cf-nel","max_age":604800}
cf-ray: 8df67d4faa10d391-FRA
expires: 0
access-control-allow-origin: https://www.onworks.net
server-timing: cfL4;desc="?proto=TCP&rtt=39060&sent=21&recv=32&lost=0&retrans=0&sent_bytes=7121&recv_bytes=12213&delivery_rate=211392&cwnd=91&unsent_bytes=0&cid=0559294454b2de95&ts=108&x=0"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame 2628 3 KB
2 KB 194ms
192ms Fetch
application/json 104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c88815b964f3ec67d62f2b8420f63fc68f213349e8e13c929aa5ee6e42e07a43

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dWLYfw1gtLSCFVbCOoHbxu%2FgPUnWqKCb%2FPEl4toezM68lZ76I7HmTzoFXId8NgKp3KP%2FWvZ%2BpW%2BEeDjpjdTmn%2FQvQCwjzC3oLkRW3RSv7oP8O30bXsTiFk6%2BnoBJZ6d1C7OPuAxo%2BJ4x"}],"group":"cf-nel","max_age":604800}
expires: 0
server-timing: cfL4;desc="?proto=TCP&rtt=39656&sent=36&recv=46&lost=0&retrans=0&sent_bytes=11266&recv_bytes=17103&delivery_rate=211392&cwnd=91&unsent_bytes=0&cid=0559294454b2de95&ts=231&x=0"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json
vary: Origin
cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
access-control-allow-credentials: true
cf-ray: 8df67d4faa14d391-FRA
access-control-allow-origin: https://www.onworks.net
x-prebid: pbs-go/0.259.0
server: cloudflare

POST
H2 200 v1 Show response
prg.smartadserver.com/prebid/ Frame 2628 358 B
568 B 271ms
238ms Fetch
application/json 5.135.209.96
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.135.209.96 , France, ASN16276 (OVH, FR),
Reverse DNS: ip96.ip-5-135-209.eu
Software: /
Resource Hash: 4981c5f70553aacb3ef7ce2630b0e3eab6539e3ed34021693fd029fe009eeea1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding, Origin

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame 2628 0
177 B 81ms
79ms Fetch 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H2 204 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ Frame 2628 0
214 B 442ms
93ms Fetch 64.158.223.146
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.158.223.146 Amsterdam, Netherlands, ASN41041 (VCLK-EU-SE, US),
Reverse DNS: ams02-convex-float1.dotomi.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:23 GMT
server: nginx

POST
H2 204 prebid Show response
mp.4dex.io/ Frame 2628 0
67 B 335ms
95ms Fetch 172.64.153.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.78 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

x-version: 3.0.0-gcp-ams
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
pragma: no-cache
x-err: Calling bidders. no bid responses
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8df67d511a27c079-WAW
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin, Accept-Encoding
server: cloudflare

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame 2628 2 KB
2 KB 99ms
45ms Fetch
application/json 185.106.140.18
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.140.18 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: 5705053c69b2c5780027375c16c0686f5e7f59c10864e70cb57f3754e35474f5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: 0
Access-Control-Allow-Origin: https://www.onworks.net
Content-Length: 1961
Date: Fri, 08 Nov 2024 15:10:22 GMT
X-Prebid: pbs-go/unknown
Content-Type: application/json
Vary: Origin
Server: nginx

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame 2628 19 B
681 B 89ms
86ms Fetch
application/json 3.124.64.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.27.0&referrer=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&tmax=1000

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.124.64.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-64-248.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
accept-ch: sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile
access-control-allow-credentials: true
observe-browsing-topics: ?1
expires: Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin: https://www.onworks.net
x-xss-protection: 0
content-type: application/json; charset=utf-8
vary: Accept-Encoding

POST
H2 200 openrtb Show response
adx.adform.net/adx/ Frame 2628 2 KB
2 KB 110ms
107ms Fetch
application/json 37.157.2.229
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.157.2.229 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

d1e321dc91a4d8a454525f5e8b531f72328b89e2442843eb646e9f27242cc45c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
content-encoding: gzip
access-control-allow-methods: POST,OPTIONS
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
server: nginx

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame 2628 0
492 B 510ms
175ms Fetch 178.250.1.56
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.27.0&cb=13286364670&lsavail=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.56 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
observe-browsing-topics: ?1
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin
server: Kestrel

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame 2628 0
17 B 46ms
44ms Fetch 163.5.194.33
SECUREDSERVERS-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 163.5.194.33 Amsterdam, Netherlands, ASN60558 (SECUREDSERVERS-EU, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=0, private, must-revalidate
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
x-envoy-upstream-service-time: 1
vary: origin, accept-encoding, Accept-Encoding
server: envoy
access-control-allow-credentials: true

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ Frame 2628 139 B
828 B 57ms
55ms Fetch
application/json 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

3832744ee5ad77301e7bb449ada60978d9cc12e7ba659af61b4ee993abc16573

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 146.70.85.170; 146.70.85.170; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.onworks.net
an-x-request-uuid: cc2d128f-a511-4c31-b638-2179f9d13f3f
content-length: 139
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 08 Nov 2024 15:10:22 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame E08D 1 KB
846 B 94ms
92ms Fetch
application/json 104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a40d694056966b1091b9a35758d28b22ee6daedeeea45053572ed19b78fa96f9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3XnIj9yo2W0i8YWluzR2iO5rp4J1ApWUJ4D%2BM2vF6WDaHlwXrjQDCbHR0bK%2FernILwTmutj%2Fej6T3qRlKiN6jlNOHrvCZI4BrxyZkQJKeAj7pjlVbzady9wffUndwT6zepwyAsfgpu50"}],"group":"cf-nel","max_age":604800}
cf-ray: 8df67d4fda9bd391-FRA
expires: 0
access-control-allow-origin: https://www.onworks.net
server-timing: cfL4;desc="?proto=TCP&rtt=38877&sent=29&recv=44&lost=0&retrans=0&sent_bytes=8040&recv_bytes=17103&delivery_rate=211392&cwnd=91&unsent_bytes=0&cid=0559294454b2de95&ts=180&x=0"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame E08D 3 KB
2 KB 250ms
247ms Fetch
application/json 104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ef2cc6e0030f6b7220abe2b61e5465d80c5b1177437a39e8446a61ec353fd78

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2BEjQYbX5O1reH9FV3phfy%2BvUcFkVP%2FK3naUq0e1Wb07lhnIX59nyFCX4PDRXZOBRKgRyZBA66KIcnKHWiTQ0v0KKB6O%2Bsu6tGXjc8G8Dv2wk9M5rNCcQ29Nzw10vmh3KJaNtRZzZ2ju"}],"group":"cf-nel","max_age":604800}
expires: 0
server-timing: cfL4;desc="?proto=TCP&rtt=42656&sent=49&recv=52&lost=0&retrans=0&sent_bytes=17072&recv_bytes=17103&delivery_rate=211392&cwnd=91&unsent_bytes=0&cid=0559294454b2de95&ts=336&x=0"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json
vary: Origin
cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
access-control-allow-credentials: true
cf-ray: 8df67d4fdaa9d391-FRA
access-control-allow-origin: https://www.onworks.net
x-prebid: pbs-go/0.259.0
server: cloudflare

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame E08D 0
177 B 58ms
56ms Fetch 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame E08D 0
489 B 505ms
196ms Fetch 178.250.1.56
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.27.0&cb=34112207205&lsavail=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.56 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
observe-browsing-topics: ?1
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin
server: Kestrel

POST
H2 200 openrtb Show response
adx.adform.net/adx/ Frame E08D 2 KB
2 KB 144ms
140ms Fetch
application/json 37.157.2.229
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.157.2.229 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

a3896185abb20969c8ef6851e9cb90a32159fcf5604d08a5183b939fde6d10dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
content-encoding: gzip
access-control-allow-methods: POST,OPTIONS
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
server: nginx

POST
H2 200 v1 Show response
prg.smartadserver.com/prebid/ Frame E08D 358 B
568 B 218ms
215ms Fetch
application/json 5.135.209.96
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.135.209.96 , France, ASN16276 (OVH, FR),
Reverse DNS: ip96.ip-5-135-209.eu
Software: /
Resource Hash: 4981c5f70553aacb3ef7ce2630b0e3eab6539e3ed34021693fd029fe009eeea1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding, Origin

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame E08D 19 B
681 B 63ms
61ms Fetch
application/json 3.124.64.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.27.0&referrer=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&tmax=1000

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.124.64.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-64-248.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
accept-ch: sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width
access-control-allow-credentials: true
observe-browsing-topics: ?1
expires: Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin: https://www.onworks.net
x-xss-protection: 0
content-type: application/json; charset=utf-8
vary: Accept-Encoding

POST
H2 204 prebid Show response
mp.4dex.io/ Frame E08D 0
40 B 276ms
83ms Fetch 172.64.153.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.78 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

x-version: 3.0.0-gcp-ams
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8df67d511a24c079-WAW
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin, Accept-Encoding
server: cloudflare

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame E08D 2 KB
2 KB 138ms
110ms Fetch
application/json 185.106.140.18
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.140.18 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: fda1c4e398b9b259a789b073bca39e6815c481e1b9f5a987060fbb8db49249e3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: 0
Access-Control-Allow-Origin: https://www.onworks.net
Content-Length: 1962
Date: Fri, 08 Nov 2024 15:10:22 GMT
X-Prebid: pbs-go/unknown
Content-Type: application/json
Vary: Origin
Server: nginx

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame E08D 0
17 B 46ms
44ms Fetch 163.5.194.33
SECUREDSERVERS-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 163.5.194.33 Amsterdam, Netherlands, ASN60558 (SECUREDSERVERS-EU, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=0, private, must-revalidate
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
x-envoy-upstream-service-time: 1
vary: origin, accept-encoding, Accept-Encoding
server: envoy
access-control-allow-credentials: true

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ Frame E08D 138 B
827 B 115ms
113ms Fetch
application/json 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

55008b153a04c2899c1fe1ff05eefae7fd5677ba3e2e0615abc8ff85f6dec469

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 146.70.85.170; 146.70.85.170; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.onworks.net
an-x-request-uuid: 0402c78d-4fbd-4bc3-bf76-d3b38c39caaa
content-length: 138
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 08 Nov 2024 15:10:22 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
server: nginx/1.23.4

POST
H2 204 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ Frame E08D 0
214 B 381ms
91ms Fetch 64.158.223.146
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.158.223.146 Amsterdam, Netherlands, ASN41041 (VCLK-EU-SE, US),
Reverse DNS: ams02-convex-float1.dotomi.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:23 GMT
server: nginx

POST
H2 200 cookie_sync Show response
prebid-stag.setupad.net/ Frame AA19 1 KB
877 B 175ms
173ms Fetch
application/json 104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/cookie_sync
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9474be1ca24b268791ddd7e16b1a0488e3cf6deb1b676783f80661835e22757

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
cf-cache-status: DYNAMIC
pragma: no-cache
access-control-allow-credentials: true
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FcxWS3migKmYxsumF0NwroBSosXRwcqOOSvq3r21TlR2veRSGzl4w%2B%2FmYdI5P0orLq8gq7PvlaDulz%2B%2BaSqPndewyydn3cSVA%2BZCW%2ByG9pi%2FZV9C8p7EBUpOz8n8j5QDkO6tkMmfy5P7"}],"group":"cf-nel","max_age":604800}
cf-ray: 8df67d501b50d391-FRA
expires: 0
access-control-allow-origin: https://www.onworks.net
server-timing: cfL4;desc="?proto=TCP&rtt=45797&sent=46&recv=48&lost=0&retrans=0&sent_bytes=16129&recv_bytes=17103&delivery_rate=211392&cwnd=91&unsent_bytes=0&cid=0559294454b2de95&ts=296&x=0"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=utf-8
vary: Origin
server: cloudflare

POST
H2 200 auction Show response
prebid-stag.setupad.net/openrtb2/ Frame AA19 3 KB
2 KB 151ms
149ms Fetch
application/json 104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-stag.setupad.net/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a053c15264790959935565373e2a16bd950bd6cab407ce22bbe6f1b9301ab2f2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0h1EqHtTfcD2GykrQHxMSm3oquT4c8P%2B8QPg8pc%2FN%2FMpr6jkJpum5VIw0Ybpp3sSYwUmwJQRhsfzypFksT7K1MFWbZrNXtnU%2B92RyZyeGQAgIaMLKF%2FxeH3bsA4Kxb5VSorZPcp%2F7M96"}],"group":"cf-nel","max_age":604800}
expires: 0
server-timing: cfL4;desc="?proto=TCP&rtt=39656&sent=40&recv=46&lost=0&retrans=0&sent_bytes=13790&recv_bytes=17103&delivery_rate=211392&cwnd=91&unsent_bytes=0&cid=0559294454b2de95&ts=274&x=0"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json
vary: Origin
cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
access-control-allow-credentials: true
cf-ray: 8df67d501b5cd391-FRA
access-control-allow-origin: https://www.onworks.net
x-prebid: pbs-go/0.259.0
server: cloudflare

POST
H2 204 bids Show response
prebid-eu.creativecdn.com/bidder/prebid/ Frame AA19 0
177 B 49ms
48ms Fetch 185.184.8.90
RTB-HOUSE-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-eu.creativecdn.com/bidder/prebid/bids
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.8.90 Amsterdam, Netherlands, ASN204995 (RTB-HOUSE-AMS, CY),
Reverse DNS: ip-185-184-8-90.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 3600
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin
access-control-allow-credentials: true
access-control-allow-methods: POST

POST
H/1.1 200
OK auction Show response
rtb.adxpremium.services/openrtb2/ Frame AA19 2 KB
2 KB 138ms
111ms Fetch
application/json 185.106.140.18
SERVERS-COM

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.adxpremium.services/openrtb2/auction
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 185.106.140.18 , Netherlands, ASN7979 (SERVERS-COM, US),
Reverse DNS
Software: nginx /
Resource Hash: 8300e9e9a1efa759775b60174abaca1baadbcdbdc65e47bb087562348eca4eaf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Expires: 0
Access-Control-Allow-Origin: https://www.onworks.net
Content-Length: 1962
Date: Fri, 08 Nov 2024 15:10:22 GMT
X-Prebid: pbs-go/unknown
Content-Type: application/json
Vary: Origin
Server: nginx

POST
H2 200 openrtb Show response
adx.adform.net/adx/ Frame AA19 2 KB
2 KB 113ms
111ms Fetch
application/json 37.157.2.229
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/openrtb

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

37.157.2.229 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

e04b5f6537d21b1d67841c6b1699d0ef93b7ea1bbb94ae06234f999d05c23c3c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
content-encoding: gzip
access-control-allow-methods: POST,OPTIONS
expires: -1
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
server: nginx

POST
H2 204 25 Show response
web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/ Frame AA19 0
214 B 364ms
91ms Fetch 64.158.223.146
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/cvx/client/hb/ortb/25
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 64.158.223.146 Amsterdam, Netherlands, ASN41041 (VCLK-EU-SE, US),
Reverse DNS: ams02-convex-float1.dotomi.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
pragma: no-cache
accept-ch: Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:23 GMT
server: nginx

POST
H2 204 c Show response
prebid.a-mo.net/a/ Frame AA19 0
17 B 44ms
43ms Fetch 163.5.194.33
SECUREDSERVERS-EU

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.a-mo.net/a/c
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 163.5.194.33 Amsterdam, Netherlands, ASN60558 (SECUREDSERVERS-EU, US),
Reverse DNS
Software: envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=0, private, must-revalidate
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
x-envoy-upstream-service-time: 1
vary: origin, accept-encoding, Accept-Encoding
server: envoy
access-control-allow-credentials: true

POST
H2 200 auction Show response
tlx.3lift.com/header/ Frame AA19 19 B
681 B 88ms
87ms Fetch
application/json 3.124.64.248
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=8.27.0&referrer=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&tmax=1000

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.124.64.248 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-124-64-248.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
accept-ch: sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width,sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect
access-control-allow-credentials: true
observe-browsing-topics: ?1
expires: Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin: https://www.onworks.net
x-xss-protection: 0
content-type: application/json; charset=utf-8
vary: Accept-Encoding

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ Frame AA19 12 KB
7 KB 158ms
156ms Fetch
application/json 185.89.210.122
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.89.210.122 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

1c9b11f92ef0309941ec7f89106cf3683117b4d9ab62489f29296f1912fb9905

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 146.70.85.170; 146.70.85.170; 954.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://www.onworks.net
an-x-request-uuid: 95634353-8315-4374-a85b-0835919c3974
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Fri, 08 Nov 2024 15:10:22 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: nginx/1.23.4

POST
H2 204 cdb Show response
bidder.criteo.com/ Frame AA19 0
492 B 396ms
129ms Fetch 178.250.1.56
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.27.0&cb=33026744500&lsavail=1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.56 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
observe-browsing-topics: ?1
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin
server: Kestrel

POST
H2 204 prebid Show response
mp.4dex.io/ Frame AA19 0
40 B 238ms
82ms Fetch 172.64.153.78
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://mp.4dex.io/prebid
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.64.153.78 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

x-version: 3.0.0-gcp-ams
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
pragma: no-cache
x-err: Shapings: no adunits with size and seat and mapping
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 8df67d511a23c079-WAW
expires: 0
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
vary: Origin, Accept-Encoding
server: cloudflare

POST
H2 200 v1 Show response
prg.smartadserver.com/prebid/ Frame AA19 358 B
568 B 178ms
177ms Fetch
application/json 5.135.209.96
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://prg.smartadserver.com/prebid/v1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 5.135.209.96 , France, ASN16276 (OVH, FR),
Reverse DNS: ip96.ip-5-135-209.eu
Software: /
Resource Hash: 4981c5f70553aacb3ef7ce2630b0e3eab6539e3ed34021693fd029fe009eeea1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache,no-store
content-encoding: br
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding, Origin

GET
H2 200 b-bde0e05-b5b90430.js Show response
tagan.adlightning.com/setupad/ Frame 98F5 68 KB
26 KB 47ms
46ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8006523641cfe7752eff7fab6bb5a7f7d0881ac0d494447eb8541e5f645d2edc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "777a63c7bb73394365962e8e0fd2dc01"
x-amz-version-id: tHAtBRpN__u5ySMyvqtc44KVZeaJWugx
age: 673681
x-cache: Hit from cloudfront
x-amz-cf-id: FD6K6y4d41pRevsPnBt2AVlJtTvo-RoDne3LX09s_OUehZ426vFFDQ==
date: Thu, 31 Oct 2024 20:02:22 GMT
content-type: application/javascript
last-modified: Thu, 31 Oct 2024 20:01:47 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 25896
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bl-bde0e05-db807c95.js Show response
tagan.adlightning.com/setupad/ Frame 98F5 205 KB
73 KB 55ms
55ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/bl-bde0e05-db807c95.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e7954fac79433b0086e20fd1d5cd260dfeca6822b5c6b435dc4228e1377883f4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "d58e5cda0682b3fdff8d81d4c80e05c0"
x-amz-version-id: FcXW0o78kksyyjEhui6Gmc296WaIR3vo
age: 14873
x-cache: Hit from cloudfront
x-amz-cf-id: _oEJRAQUiYhctcu6n8yfnj3MThctQW7rEfYCIuUZqAICNl9Qn88DAg==
date: Fri, 08 Nov 2024 11:02:30 GMT
content-type: application/javascript
last-modified: Fri, 08 Nov 2024 10:40:23 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 74694
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 b-bde0e05-b5b90430.js Show response
tagan.adlightning.com/setupad/ Frame 2628 68 KB
0 34ms
34ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8006523641cfe7752eff7fab6bb5a7f7d0881ac0d494447eb8541e5f645d2edc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "777a63c7bb73394365962e8e0fd2dc01"
x-amz-version-id: tHAtBRpN__u5ySMyvqtc44KVZeaJWugx
age: 673681
x-cache: Hit from cloudfront
x-amz-cf-id: FD6K6y4d41pRevsPnBt2AVlJtTvo-RoDne3LX09s_OUehZ426vFFDQ==
date: Thu, 31 Oct 2024 20:02:22 GMT
content-type: application/javascript
last-modified: Thu, 31 Oct 2024 20:01:47 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 25896
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bl-bde0e05-db807c95.js Show response
tagan.adlightning.com/setupad/ Frame 2628 205 KB
0 42ms
42ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/bl-bde0e05-db807c95.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e7954fac79433b0086e20fd1d5cd260dfeca6822b5c6b435dc4228e1377883f4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "d58e5cda0682b3fdff8d81d4c80e05c0"
x-amz-version-id: FcXW0o78kksyyjEhui6Gmc296WaIR3vo
age: 14873
x-cache: Hit from cloudfront
x-amz-cf-id: _oEJRAQUiYhctcu6n8yfnj3MThctQW7rEfYCIuUZqAICNl9Qn88DAg==
date: Fri, 08 Nov 2024 11:02:30 GMT
content-type: application/javascript
last-modified: Fri, 08 Nov 2024 10:40:23 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 74694
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 b-bde0e05-b5b90430.js Show response
tagan.adlightning.com/setupad/ Frame FA54 68 KB
0 23ms
23ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8006523641cfe7752eff7fab6bb5a7f7d0881ac0d494447eb8541e5f645d2edc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "777a63c7bb73394365962e8e0fd2dc01"
x-amz-version-id: tHAtBRpN__u5ySMyvqtc44KVZeaJWugx
age: 673681
x-cache: Hit from cloudfront
x-amz-cf-id: FD6K6y4d41pRevsPnBt2AVlJtTvo-RoDne3LX09s_OUehZ426vFFDQ==
date: Thu, 31 Oct 2024 20:02:22 GMT
content-type: application/javascript
last-modified: Thu, 31 Oct 2024 20:01:47 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 25896
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bl-bde0e05-db807c95.js Show response
tagan.adlightning.com/setupad/ Frame FA54 205 KB
0 32ms
32ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/bl-bde0e05-db807c95.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e7954fac79433b0086e20fd1d5cd260dfeca6822b5c6b435dc4228e1377883f4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "d58e5cda0682b3fdff8d81d4c80e05c0"
x-amz-version-id: FcXW0o78kksyyjEhui6Gmc296WaIR3vo
age: 14873
x-cache: Hit from cloudfront
x-amz-cf-id: _oEJRAQUiYhctcu6n8yfnj3MThctQW7rEfYCIuUZqAICNl9Qn88DAg==
date: Fri, 08 Nov 2024 11:02:30 GMT
content-type: application/javascript
last-modified: Fri, 08 Nov 2024 10:40:23 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 74694
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 b-bde0e05-b5b90430.js Show response
tagan.adlightning.com/setupad/ Frame DFFD 68 KB
0 9ms
9ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8006523641cfe7752eff7fab6bb5a7f7d0881ac0d494447eb8541e5f645d2edc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "777a63c7bb73394365962e8e0fd2dc01"
x-amz-version-id: tHAtBRpN__u5ySMyvqtc44KVZeaJWugx
age: 673681
x-cache: Hit from cloudfront
x-amz-cf-id: FD6K6y4d41pRevsPnBt2AVlJtTvo-RoDne3LX09s_OUehZ426vFFDQ==
date: Thu, 31 Oct 2024 20:02:22 GMT
content-type: application/javascript
last-modified: Thu, 31 Oct 2024 20:01:47 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 25896
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bl-bde0e05-db807c95.js Show response
tagan.adlightning.com/setupad/ Frame DFFD 205 KB
0 18ms
18ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/bl-bde0e05-db807c95.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e7954fac79433b0086e20fd1d5cd260dfeca6822b5c6b435dc4228e1377883f4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "d58e5cda0682b3fdff8d81d4c80e05c0"
x-amz-version-id: FcXW0o78kksyyjEhui6Gmc296WaIR3vo
age: 14873
x-cache: Hit from cloudfront
x-amz-cf-id: _oEJRAQUiYhctcu6n8yfnj3MThctQW7rEfYCIuUZqAICNl9Qn88DAg==
date: Fri, 08 Nov 2024 11:02:30 GMT
content-type: application/javascript
last-modified: Fri, 08 Nov 2024 10:40:23 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 74694
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 script.js Show response
cadmus.script.ac/dahhc4ozyvjm6/ 3 B
239 B 495ms
38ms Script
application/javascript 104.18.23.145
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cadmus.script.ac/dahhc4ozyvjm6/script.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.23.145 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 101ead936a2281d53dcc064b7e2a2ab0d53b92ef3ef7b34b668673007895c860

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: public,max-age=259200,stale-while-revalidate=86400,stale-if-error=259200
etag: W/"601055f6a0c6408859f97b5f0a84bdb88441a80e"
age: 0
cf-ray: 8df67d537f2bb5fa-WAW
content-length: 3
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare
last-modified: Mon, 01 Jan 2018 00:00:00 GMT

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/a/latest/ Frame 98F5 61 KB
20 KB 423ms
68ms Fetch
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/a/latest/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Access-Control-Expose-Headers
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"3bd20e5fbdd6d804d194856ed36c4ccb"
Age: 599700
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LFPIkJQK1%2BgsDpBLTZIWRx5XUyauANnLCV6dNQ6zxfENBf1UsMHN3kpzer%2FkQ6rxpbgdEtMt83AmcBNPVRfZeD9T594f7uFh3yJwzijUKu86dtxwhVV1rkxLQRVEEbnI"}],"group":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=21843&sent=5&recv=9&lost=0&retrans=0&sent_bytes=3484&recv_bytes=2236&delivery_rate=179778&cwnd=224&unsent_bytes=0&cid=717adb38a4154f6f&ts=53&x=0"
Date: Fri, 08 Nov 2024 15:10:23 GMT
Content-Type: application/javascript
Last-Modified: Wed, 28 Aug 2024 15:06:29 GMT
Vary: Origin, Accept-Encoding
Transfer-Encoding: chunked
Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection: keep-alive
CF-RAY: 8df67d52cc1734f2-WAW
Access-Control-Allow-Origin: *
Server: cloudflare

GET
H2 200 b-bde0e05-b5b90430.js Show response
tagan.adlightning.com/setupad/ Frame E08D 68 KB
0 1ms
0ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8006523641cfe7752eff7fab6bb5a7f7d0881ac0d494447eb8541e5f645d2edc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "777a63c7bb73394365962e8e0fd2dc01"
x-amz-version-id: tHAtBRpN__u5ySMyvqtc44KVZeaJWugx
age: 673681
x-cache: Hit from cloudfront
x-amz-cf-id: FD6K6y4d41pRevsPnBt2AVlJtTvo-RoDne3LX09s_OUehZ426vFFDQ==
date: Thu, 31 Oct 2024 20:02:22 GMT
content-type: application/javascript
last-modified: Thu, 31 Oct 2024 20:01:47 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 25896
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bl-bde0e05-db807c95.js Show response
tagan.adlightning.com/setupad/ Frame E08D 205 KB
0 1ms
1ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/bl-bde0e05-db807c95.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e7954fac79433b0086e20fd1d5cd260dfeca6822b5c6b435dc4228e1377883f4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "d58e5cda0682b3fdff8d81d4c80e05c0"
x-amz-version-id: FcXW0o78kksyyjEhui6Gmc296WaIR3vo
age: 14873
x-cache: Hit from cloudfront
x-amz-cf-id: _oEJRAQUiYhctcu6n8yfnj3MThctQW7rEfYCIuUZqAICNl9Qn88DAg==
date: Fri, 08 Nov 2024 11:02:30 GMT
content-type: application/javascript
last-modified: Fri, 08 Nov 2024 10:40:23 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 74694
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/a/latest/ Frame DFFD 61 KB
915 B 447ms
38ms Fetch
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/a/latest/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Access-Control-Expose-Headers
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"3bd20e5fbdd6d804d194856ed36c4ccb"
Age: 599700
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AshlTzIrwTPkprQEp%2FcyZOLMfw3f6Sri8%2F%2Fx%2FPF8qKWMFnGkWl5Dbobiuq%2BmaCFbGbKF%2FXyiLRLsGlyi2gjPEEE7Qw5GvPKcVw9XfMwzEtvF0k%2Fi1hlGVjoFBMcfaQlp"}],"group":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=24930&sent=28&recv=24&lost=0&retrans=0&sent_bytes=24274&recv_bytes=2787&delivery_rate=756745&cwnd=229&unsent_bytes=0&cid=717adb38a4154f6f&ts=123&x=0"
Date: Fri, 08 Nov 2024 15:10:23 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:29 GMT
Vary: Origin, Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 8df67d534c9434f2-WAW
Access-Control-Allow-Origin: *
Server: cloudflare

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/a/latest/ Frame FA54 61 KB
909 B 488ms
39ms Fetch
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/a/latest/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Access-Control-Expose-Headers
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"3bd20e5fbdd6d804d194856ed36c4ccb"
Age: 599700
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OfW62gDyQQY5n55ssS5QaLgsHHy9RpGsk3T6TIW0XGKJszRy5H7dzIZ3ThPNvP5UyrD8ClarRopP5jd8rYwl0HWy%2F0ll%2ByW0hqCCtA%2BndCSLXkxbFCXx5hTbp9%2F3CYm3"}],"group":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=24651&sent=29&recv=26&lost=0&retrans=0&sent_bytes=25211&recv_bytes=3338&delivery_rate=756745&cwnd=229&unsent_bytes=0&cid=717adb38a4154f6f&ts=160&x=0"
Date: Fri, 08 Nov 2024 15:10:23 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:29 GMT
Vary: Origin, Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 8df67d538cd434f2-WAW
Access-Control-Allow-Origin: *
Server: cloudflare

GET
H2 200 b-bde0e05-b5b90430.js Show response
tagan.adlightning.com/setupad/ Frame AA19 68 KB
0 0ms
0ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8006523641cfe7752eff7fab6bb5a7f7d0881ac0d494447eb8541e5f645d2edc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "777a63c7bb73394365962e8e0fd2dc01"
x-amz-version-id: tHAtBRpN__u5ySMyvqtc44KVZeaJWugx
age: 673681
x-cache: Hit from cloudfront
x-amz-cf-id: FD6K6y4d41pRevsPnBt2AVlJtTvo-RoDne3LX09s_OUehZ426vFFDQ==
date: Thu, 31 Oct 2024 20:02:22 GMT
content-type: application/javascript
last-modified: Thu, 31 Oct 2024 20:01:47 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 25896
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bl-bde0e05-db807c95.js Show response
tagan.adlightning.com/setupad/ Frame AA19 205 KB
0 1ms
1ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/bl-bde0e05-db807c95.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e7954fac79433b0086e20fd1d5cd260dfeca6822b5c6b435dc4228e1377883f4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "d58e5cda0682b3fdff8d81d4c80e05c0"
x-amz-version-id: FcXW0o78kksyyjEhui6Gmc296WaIR3vo
age: 14873
x-cache: Hit from cloudfront
x-amz-cf-id: _oEJRAQUiYhctcu6n8yfnj3MThctQW7rEfYCIuUZqAICNl9Qn88DAg==
date: Fri, 08 Nov 2024 11:02:30 GMT
content-type: application/javascript
last-modified: Fri, 08 Nov 2024 10:40:23 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 74694
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/a/latest/ Frame 2628 61 KB
901 B 511ms
34ms Fetch
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/a/latest/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Access-Control-Expose-Headers
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"3bd20e5fbdd6d804d194856ed36c4ccb"
Age: 599700
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ehiElt8I7ESk7D5PPpN4GjedTk8gOBobTq9VOUmhFNDNzoDjNK5w8rSZIMcQxKXjJPkmcaueSvF9b57F4UuUzyQbuOmNG3NNBV9yHvtJfwA9BQyrkk8EMUjv9Pl87LLi"}],"group":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=25674&sent=30&recv=27&lost=0&retrans=0&sent_bytes=26142&recv_bytes=3889&delivery_rate=756745&cwnd=229&unsent_bytes=0&cid=717adb38a4154f6f&ts=204&x=0"
Date: Fri, 08 Nov 2024 15:10:23 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:29 GMT
Vary: Origin, Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 8df67d53dd0e34f2-WAW
Access-Control-Allow-Origin: *
Server: cloudflare

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/a/latest/ Frame E08D 61 KB
911 B 544ms
40ms Fetch
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/a/latest/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Access-Control-Expose-Headers
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"3bd20e5fbdd6d804d194856ed36c4ccb"
Age: 599700
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6bsl9PsXrcH1Qzew%2FLZVivdX2iOm4pg63wysDaNR2xhSnX2sqMIp5sh%2BlR9Bqmf8hmw5O8XlyLZ5z%2BjbtZ5mp%2BUIi4jWePH8tk1Uzvl9JG7%2FubGlePnUZzAqFeJm4bAJ"}],"group":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=25574&sent=31&recv=28&lost=0&retrans=0&sent_bytes=27065&recv_bytes=4440&delivery_rate=756745&cwnd=229&unsent_bytes=0&cid=717adb38a4154f6f&ts=246&x=0"
Date: Fri, 08 Nov 2024 15:10:23 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:29 GMT
Vary: Origin, Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 8df67d540d6934f2-WAW
Access-Control-Allow-Origin: *
Server: cloudflare

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame 98F5 45 B
286 B 219ms
40ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

03f7ec3e4f7196c41aab2cf917f6df3fbbaac8db792dc36d9b479af22d9ef3a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame DFFD 45 B
287 B 179ms
40ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

dc03a5a384ff5aee17787f5064cef75b611c0c8ea4fa5fd95746373391225f6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H/1.1 200
OK adagio.js Show response
script.4dex.io/a/latest/ Frame AA19 61 KB
909 B 588ms
48ms Fetch
application/javascript 172.67.75.241
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/a/latest/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.75.241 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

Access-Control-Expose-Headers
Content-Encoding: br
CF-Cache-Status: HIT
ETag: W/"3bd20e5fbdd6d804d194856ed36c4ccb"
Age: 599700
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c%2BGBX8ZwwiCNkUO3CvvQG63ORHh3Tn0qCPMAR6FxBLKku6La%2FTCWAImBMnTrh6aoU9EAqo1uVA1uIIsR7bghThmlp%2BnIGPkMQcN1dSwgE0n%2BKZ0eH2RsHbexbneII9Ka"}],"group":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=25401&sent=32&recv=29&lost=0&retrans=0&sent_bytes=27998&recv_bytes=4991&delivery_rate=756745&cwnd=229&unsent_bytes=0&cid=717adb38a4154f6f&ts=285&x=0"
Date: Fri, 08 Nov 2024 15:10:23 GMT
Last-Modified: Wed, 28 Aug 2024 15:06:29 GMT
Vary: Origin, Accept-Encoding
Content-Type: application/javascript
Cache-Control: public, max-age=1800
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 8df67d544da834f2-WAW
Access-Control-Allow-Origin: *
Server: cloudflare

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame FA54 45 B
286 B 263ms
45ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

415157e9287ceaa71dee0bdd96014b8aa5fcbd5e70b77988df52496bebe467bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame 2628 45 B
286 B 302ms
48ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

06a33223d4ecd029e6ac4bff395de3287a3d513bd1ed841e8df4f3547ed54c40

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame E08D 45 B
286 B 343ms
52ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

c0b0cd2dcf0f952ad76b4c7b215dbf058261003a3d6de7f31eaac5a905ebc179

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ Frame AA19 45 B
286 B 388ms
43ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

2f141c417bd5946c1f3a44651b9fb5af7153c1c50eb472f4ec89d58632a26680

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:22 GMT
content-type: application/json;charset=UTF-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2

200

/
ads.us.e-planning.net/uspd/1/ Frame 32A0
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

0
0

49ms
49ms

Document
text/html

193.3.178.4
E-PLANNING-

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.3.178.4 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
cache-control: max-age=0, no-cache
content-encoding: gzip
content-type: text/html
date: Fri, 08 Nov 2024 15:10:23 GMT
expires: Fri, 08 Nov 2024 15:10:23 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: AMS-937

Redirect headers

content-type: text/html; charset=iso-8859-1
date: Fri, 08 Nov 2024 15:10:23 GMT
location: /uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: AMS-937

GET
H2

200

/
ads.us.e-planning.net/uspd/1/ Frame CAE4
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

0
0

57ms
57ms

Document
text/html

193.3.178.4
E-PLANNING-

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.3.178.4 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
cache-control: max-age=0, no-cache
content-encoding: gzip
content-type: text/html
date: Fri, 08 Nov 2024 15:10:23 GMT
expires: Fri, 08 Nov 2024 15:10:23 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: AMS-937

Redirect headers

content-type: text/html; charset=iso-8859-1
date: Fri, 08 Nov 2024 15:10:23 GMT
location: /uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: AMS-937

GET
H2 200 pbs-iframe
pbs-cs.yellowblue.io/ Frame 45A8 0
0 209ms
77ms Document
text/html 34.252.44.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.252.44.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-44-15.eu-west-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://www.onworks.net/
content-length: 0
content-type: text/html
date: Fri, 08 Nov 2024 15:10:23 GMT
server: istio-envoy
x-envoy-upstream-service-time: 12
x-reason: could not perform CS due to compliance policy: gdpr is not applied

GET
H2

200

/
ads.us.e-planning.net/uspd/1/ Frame 70EC
Redirect Chain

https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

0
0

100ms
62ms

Document
text/html

193.3.178.4
E-PLANNING-

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.3.178.4 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
cache-control: max-age=0, no-cache
content-encoding: gzip
content-type: text/html
date: Fri, 08 Nov 2024 15:10:23 GMT
expires: Fri, 08 Nov 2024 15:10:23 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: AMS-937

Redirect headers

content-type: text/html; charset=iso-8859-1
date: Fri, 08 Nov 2024 15:10:23 GMT
location: /uspd/1/?ct=1&du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: AMS-937

GET
H2 200 cookie
cm.adform.net/ Frame E08D 35 B
475 B 259ms
63ms Image
image/gif 37.157.2.228
ADFORM

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 37.157.2.228 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software: nginx /
Resource Hash: 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

access-control-max-age: 86400
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: image/gif
server: nginx
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2 200 /
ads.us.e-planning.net/uspd/1/ Frame D416 0
0 56ms
56ms Document
text/html 193.3.178.4
E-PLANNING-

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.3.178.4 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
cache-control: max-age=0, no-cache
content-encoding: gzip
content-type: text/html
date: Fri, 08 Nov 2024 15:10:23 GMT
expires: Fri, 08 Nov 2024 15:10:23 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: AMS-937

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AA19 17 KB
13 KB 197ms
62ms XHR
application/json 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202410310101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

8cf60f19a7dd2f5842d95e3d1e1a93a7f52c1a4fd5bb40445ee9831264d09ec0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

timing-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 12797
date: Fri, 08 Nov 2024 15:10:23 GMT
x-xss-protection: 0
content-type: application/json; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ Frame AA19 658 B
359 B 397ms
319ms Fetch
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=1873655614934182&correlator=743944910778264&eid=31086890%2C31088721%2C95344999&output=ldjh&gdfp_req=1&vrg=202410310101&ptt=17&impl=fifs&iu_parts=147246189%3A22385467611%2Conworks.net_970x90_sticky_anchor_desktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90%7C1000x100%7C728x90%7C990x90%7C970x50%7C960x90%7C950x90%7C980x90&ifi=1&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1731078623265&lmt=1731078623&adxs=0&adys=3149&biw=1600&bih=1200&isw=300&ish=150&scr_x=0&scr_y=0&btvi=1&ucis=x8a10kckvhsp&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ref=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&top=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&vis=1&psz=300x150&msz=300x0&fws=256&ohw=0&td=1&egid=20812&tan=d89fcd5f-a137-42d5-b6c6-83e149380bd3&tdf=2&topics=5&tps=5&htps=5&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1731078620673&idt=1714&prev_scp=pbsd%3D1%26hb_env%3Dweb%26hb_adomain%3Dactivejet.pl%26hb_source%3Ds2s%26hb_format%3Dbanner%26hb_adid%3D320de76c012c9cc%26hb_size%3D728x90%26hb_pb%3D0.01%26hb_bidder%3DadformS2S&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=2150855633&frm=23&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

de09a955218a653aa9ec818f1c63b4a1aeb07209d2400f52fe3edd1bc33005ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
google-lineitem-id: -2
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 330
x-xss-protection: 0
server: cafe

GET
H2 200 container.html
e756d1533fa4840d9ae222009a760a9b.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8DCB 0
0 477ms
48ms Document
text/html 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e756d1533fa4840d9ae222009a760a9b.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 08 Nov 2024 15:10:23 GMT
expires: Fri, 08 Nov 2024 15:10:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ Frame FA54 661 B
358 B 408ms
362ms Fetch
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=1798533278393953&correlator=1712969871253726&output=ldjh&gdfp_req=1&vrg=202410310101&ptt=17&impl=fifs&iu_parts=147246189%3A22385467611%2Conworks.net_1200x300_top_billboard_desktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x250%7C728x90%7C970x90%7C1200x300%7C980x300%7C1200x200%7C1100x200%7C1000x200%7C1000x250%7C970x300%7C980x240%7C980x120%7C970x200%7C970x120%7C728x100%7C728x250&ifi=1&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1731078623312&lmt=1731078623&adxs=650&adys=2382&biw=1600&bih=1200&isw=300&ish=150&scr_x=0&scr_y=0&btvi=1&ucis=lu7kni8gruh3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ref=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&top=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&vis=1&psz=300x150&msz=300x0&fws=256&ohw=0&td=1&egid=20812&tan=0f7d6a56-f57d-4a5f-ac92-4acc6a7a2a52&tdf=2&topics=5&tps=5&htps=5&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1731078620660&idt=1394&prev_scp=pbsd%3D1%26hb_env%3Dweb%26hb_adomain%3Dactivejet.pl%26hb_source%3Ds2s%26hb_format%3Dbanner%26hb_adid%3D33d5d606882a24e%26hb_size%3D728x90%26hb_pb%3D0.01%26hb_bidder%3DadformS2S&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=4136289833&frm=23&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

b7ade427b9d3343a815b66b5d10665457f42367ee12bf3ef686ef757dc4704e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
google-lineitem-id: -2
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 329
x-xss-protection: 0
server: cafe

GET
H2 200 container.html
ce2c41b846950fb9c400d7bb76d25a22.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F2D7 0
0 465ms
49ms Document
text/html 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ce2c41b846950fb9c400d7bb76d25a22.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 08 Nov 2024 15:10:23 GMT
expires: Fri, 08 Nov 2024 15:10:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 481.json Show response
id5-sync.com/g/v2/ Frame DFFD 251 B
447 B 135ms
41ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

5878e17644221caf8e1cb80bb0eca6e87ad56cacd5037c372e7cea0bb7458c31

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: application/json
vary: Origin
access-control-allow-credentials: true

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ Frame 98F5 662 B
363 B 316ms
291ms Fetch
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=1312519725741584&correlator=4478313823230712&eid=31088722%2C95345697%2C95340252%2C95340254&output=ldjh&gdfp_req=1&vrg=202410310101&ptt=17&impl=fifs&iu_parts=147246189%3A22385467611%2Conworks.net_1200x300_lazy_billboard_desktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x250%7C728x90%7C970x90%7C1200x300%7C980x300%7C1200x200%7C1100x200%7C1000x200%7C1000x250%7C970x300%7C980x240%7C980x120%7C970x200%7C970x120%7C728x100%7C728x250&ifi=1&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1731078623338&lmt=1731078623&adxs=650&adys=2182&biw=1600&bih=1200&isw=300&ish=150&scr_x=0&scr_y=0&btvi=1&ucis=tse3rkn4pprj&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ref=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&top=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&vis=1&psz=300x150&msz=300x0&fws=256&ohw=0&td=1&egid=20812&tan=094f1709-3593-4558-b94a-b29100d81723&tdf=2&topics=5&tps=5&htps=5&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1731078620771&idt=933&prev_scp=pbsd%3D1%26hb_env%3Dweb%26hb_adomain%3Dactivejet.pl%26hb_source%3Ds2s%26hb_format%3Dbanner%26hb_adid%3D346ccbeb87c4a6b%26hb_size%3D728x90%26hb_pb%3D0.01%26hb_bidder%3DadformS2S&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=1288007980&frm=23&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

c70cbb0442fb7d096828e4864b01f1805066f9f579195d4f6c9131d801b45a1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
google-lineitem-id: -2
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 334
x-xss-protection: 0
server: cafe

GET
H2 200 container.html
d208809318659122e338c9736db856b1.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 5463 0
0 457ms
51ms Document
text/html 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d208809318659122e338c9736db856b1.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 08 Nov 2024 15:10:23 GMT
expires: Fri, 08 Nov 2024 15:10:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 481.json Show response
id5-sync.com/g/v2/ Frame 98F5 251 B
446 B 155ms
81ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

01abc952e2565112f0bc1d6eab5c4b8ce57da286769aaa407dce5d9850f57620

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: application/json
vary: Origin
access-control-allow-credentials: true

GET
H2 200 /
ads.us.e-planning.net/uspd/1/ Frame B185 0
0 56ms
55ms Document
text/html 193.3.178.4
E-PLANNING-

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.3.178.4 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
cache-control: max-age=0, no-cache
content-encoding: gzip
content-type: text/html
date: Fri, 08 Nov 2024 15:10:23 GMT
expires: Fri, 08 Nov 2024 15:10:23 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: AMS-937

POST
H2 200 481.json Show response
id5-sync.com/g/v2/ Frame FA54 251 B
446 B 111ms
42ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

adc90988345fa6f0d22f6b312623128ac8f7c5c2b161100d8d8e0ba243357ccf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: application/json
vary: Origin
access-control-allow-credentials: true

POST
H2 200 481.json Show response
id5-sync.com/g/v2/ Frame 2628 251 B
446 B 142ms
81ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

6f8037656fc8ee731d4f286be37ee2a24d7446480c879635670eb2836a46eed5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: application/json
vary: Origin
access-control-allow-credentials: true

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ Frame 2628 48 KB
11 KB 366ms
362ms Fetch
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=1678537031888821&correlator=1266458307026671&eid=31087616%2C31085776&output=ldjh&gdfp_req=1&vrg=202410310101&ptt=17&impl=fifs&iu_parts=147246189%3A22385467611%2Conworks.net_200x600_sidebar_right_desktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600%7C200x600%7C120x600&ifi=1&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1731078623367&lmt=1731078623&adxs=1350&adys=400&biw=1600&bih=1200&isw=300&ish=150&scr_x=0&scr_y=0&btvi=0&ucis=sskmnrvcezex&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ref=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&top=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&vis=1&psz=300x150&msz=300x0&fws=256&ohw=0&td=1&egid=20812&tan=44dd0d7f-aa3d-4a6b-b778-4abd79cf553b&tdf=2&topics=5&tps=5&htps=5&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1731078620784&idt=1394&prev_scp=pbsd%3D1%26hb_env%3Dweb%26hb_adomain%3Dlg.com%26hb_source%3Ds2s%26hb_format%3Dbanner%26hb_adid%3D33e8bc173d72ead%26hb_size%3D160x600%26hb_pb%3D0.02%26hb_bidder%3DadformS2S&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=481353401&frm=23&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

286e7026e46b337d1e965009057e4453ad34548a8fdfbb08f67783bf18719d9c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: x-google-amp-ad-validated-version
content-encoding: br
google-lineitem-id: -1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -1
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 11740
x-xss-protection: 0
server: cafe

GET container.html
9a42d1c9e06b5e3ceb15748e19eb0ae6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2223 0
0

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ Frame E08D 58 KB
13 KB 558ms
558ms Fetch
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=4346546098074885&correlator=2842223364338889&eid=95340252%2C95340254&output=ldjh&gdfp_req=1&vrg=202410310101&ptt=17&impl=fifs&iu_parts=147246189%3A22385467611%2Conworks.net_1000x100_leaderboard_desktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=970x90%7C1000x100%7C728x90%7C990x90%7C970x50%7C960x90%7C950x90%7C980x90&ifi=1&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1731078623385&lmt=1731078623&adxs=650&adys=108&biw=1600&bih=1200&isw=300&ish=150&scr_x=0&scr_y=0&btvi=0&ucis=9etqm9150yg9&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ref=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&top=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&vis=1&psz=300x150&msz=300x0&fws=256&ohw=0&td=1&egid=20812&tan=3c8af4b5-cf29-46a7-b35c-003e9531da53&tdf=2&topics=5&tps=5&htps=5&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1731078620627&idt=1651&prev_scp=pbsd%3D1%26hb_env%3Dweb%26hb_adomain%3Dactivejet.pl%26hb_source%3Ds2s%26hb_format%3Dbanner%26hb_adid%3D32e0be6affde%26hb_size%3D728x90%26hb_pb%3D0.01%26hb_bidder%3DadformS2S&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=3491453002&frm=23&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

cfbb9587d81547ee88e982ede25782502918209a7c0b1e4a0a2360b532f20d7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

access-control-expose-headers: x-google-amp-ad-validated-version
content-encoding: br
google-lineitem-id: -1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -1
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 13329
x-xss-protection: 0
server: cafe

GET
H2 200 container.html
09c54a2f1a5a7b0671c548cb63a6c725.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D341 0
0 512ms
92ms Document
text/html 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://09c54a2f1a5a7b0671c548cb63a6c725.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 08 Nov 2024 15:10:23 GMT
expires: Fri, 08 Nov 2024 15:10:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pbs-iframe
pbs-cs.yellowblue.io/ Frame 4CFF 0
0 69ms
67ms Document
text/html 34.252.44.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.252.44.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-44-15.eu-west-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://www.onworks.net/
content-length: 0
content-type: text/html
date: Fri, 08 Nov 2024 15:10:23 GMT
server: istio-envoy
x-envoy-upstream-service-time: 5
x-reason: could not perform CS due to compliance policy: gdpr is not applied

POST
H2 200 481.json Show response
id5-sync.com/g/v2/ Frame E08D 251 B
446 B 103ms
82ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

a74575e6522e55be393a71461a159d4ae6ae0b927954d37065db1b4b38f616ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: application/json
vary: Origin
access-control-allow-credentials: true

POST
H2 200 481.json Show response
id5-sync.com/g/v2/ Frame AA19 251 B
446 B 87ms
78ms Fetch
application/json 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/481.json

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

0d97fa50f475a560fb5204d5791e96468193c934133a721b5273eb4550ab1fa9

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://www.onworks.net
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: application/json
vary: Origin
access-control-allow-credentials: true

GET
H3 200 ads Show response
pagead2.googlesyndication.com/gampad/ Frame DFFD 659 B
363 B 347ms
345ms Fetch
text/plain 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/gampad/ads?pvsid=3779161004916457&correlator=3007912865546666&eid=31088721&output=ldjh&gdfp_req=1&vrg=202410310101&ptt=17&impl=fifs&iu_parts=147246189%3A22385467611%2Conworks.net_200x600_sidebar_left_desktop&enc_prev_ius=%2F0%2F1&prev_iu_szs=160x600%7C200x600%7C120x600&ifi=1&sfv=1-0-40&eri=1&sc=1&abxe=1&dt=1731078623427&lmt=1731078623&adxs=100&adys=400&biw=1600&bih=1200&isw=300&ish=150&scr_x=0&scr_y=0&btvi=0&ucis=fk86rp637o9e&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=60&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&nhd=1&url=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&ref=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&top=https%3A%2F%2Fwww.onworks.net%2Fonworkssession.php&vis=1&psz=300x150&msz=300x0&fws=256&ohw=0&td=1&egid=20812&tan=2ffa82f1-f7f1-4c2b-a37e-f740a8dd0781&tdf=2&topics=5&tps=5&htps=5&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1731078620687&idt=1200&prev_scp=pbsd%3D1%26hb_env%3Dweb%26hb_adomain%3Dlg.com%26hb_source%3Ds2s%26hb_format%3Dbanner%26hb_adid%3D33331640ccf4ee4%26hb_size%3D160x600%26hb_pb%3D0.02%26hb_bidder%3DadformS2S&cust_params=origin%3Ddirect%26ECT%3D4g%26hb_rf%3D0&adks=4227105449&frm=23&eoidce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

2e41a15f51d22d1ef5880bdfcd31724a12fee3252937b5cd5c5b45d3ca2670d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
google-lineitem-id: -2
x-content-type-options: nosniff
google-mediationtag-id: -2
google-mediationgroup-id: -2
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -2
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.onworks.net
content-length: 334
x-xss-protection: 0
server: cafe

GET
H2 200 container.html
e566f6526a225c306f09ba2cb5bd0071.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3BEF 0
0 490ms
48ms Document
text/html 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e566f6526a225c306f09ba2cb5bd0071.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410310101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 08 Nov 2024 15:10:23 GMT
expires: Fri, 08 Nov 2024 15:10:23 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame AA19 18 KB
7 KB 544ms
111ms Script
text/javascript 216.58.206.33
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/op.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f1.1e100.net

Software

sffe /

Resource Hash

ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "1727224258380615"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 15:10:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: private, max-age=3000
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 6445
x-xss-protection: 0
server: sffe

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame 98F5 96 KB
31 KB 513ms
88ms Script
text/javascript 178.250.1.3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.144.js

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Sat, 09 Nov 2024 15:10:23 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 /
ads.us.e-planning.net/uspd/1/ Frame 6537 0
0 53ms
52ms Document
text/html 193.3.178.4
E-PLANNING-

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.us.e-planning.net/uspd/1/?du=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Deplanning%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 193.3.178.4 , United States, ASN399668 (E-PLANNING-, US),
Reverse DNS: ads.us.e-planning.net
Software: openresty /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ch: sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64
cache-control: max-age=0, no-cache
content-encoding: gzip
content-type: text/html
date: Fri, 08 Nov 2024 15:10:23 GMT
expires: Fri, 08 Nov 2024 15:10:23 GMT
p3p: policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
server: openresty
x-sid: AMS-937

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame DFFD 96 KB
0 484ms
484ms Script
text/javascript 178.250.1.3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Sat, 09 Nov 2024 15:10:23 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame FA54 96 KB
0 441ms
441ms Script
text/javascript 178.250.1.3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Sat, 09 Nov 2024 15:10:23 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame 2628 96 KB
0 384ms
384ms Script
text/javascript 178.250.1.3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Sat, 09 Nov 2024 15:10:23 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame E08D 96 KB
0 356ms
356ms Script
text/javascript 178.250.1.3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Sat, 09 Nov 2024 15:10:23 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame AA19 96 KB
0 315ms
315ms Script
text/javascript 178.250.1.3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Sat, 09 Nov 2024 15:10:23 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 sync
ssbsync-global.smartadserver.com/api/ Frame 98F5 0
45 B 221ms
49ms Image
text/plain 217.182.178.229
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.182.178.229 , France, ASN16276 (OVH, FR),
Reverse DNS: ip229.ip-217-182-178.eu
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

date: Fri, 08 Nov 2024 15:10:23 GMT
content-length: 0

GET
H2 200 sync
ssbsync-global.smartadserver.com/api/ Frame DFFD 0
44 B 271ms
50ms Image
text/plain 217.182.178.229
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.182.178.229 , France, ASN16276 (OVH, FR),
Reverse DNS: ip229.ip-217-182-178.eu
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

date: Fri, 08 Nov 2024 15:10:23 GMT
content-length: 0

GET
H2 200 b-bde0e05-b5b90430.js Show response
tagan.adlightning.com/setupad/ Frame 76EC 68 KB
0 0ms
0ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8006523641cfe7752eff7fab6bb5a7f7d0881ac0d494447eb8541e5f645d2edc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "777a63c7bb73394365962e8e0fd2dc01"
x-amz-version-id: tHAtBRpN__u5ySMyvqtc44KVZeaJWugx
age: 673681
x-cache: Hit from cloudfront
x-amz-cf-id: FD6K6y4d41pRevsPnBt2AVlJtTvo-RoDne3LX09s_OUehZ426vFFDQ==
date: Thu, 31 Oct 2024 20:02:22 GMT
content-type: application/javascript
last-modified: Thu, 31 Oct 2024 20:01:47 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 25896
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

POST
H2 200 node.php Show response
node.setupad.com/node/ Frame 2628 0
241 B 147ms
43ms XHR
text/html 159.89.25.223
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://node.setupad.com/node/node.php
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.89.25.223 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
content-encoding: gzip
pragma: no-cache
access-control-allow-methods: GET, POST
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)
access-control-allow-headers: X-Requested-With

GET
H2

200

sync
eb2.3lift.com/ Frame 03D9
Redirect Chain

https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24...

0
0

42ms
42ms

Document
text/html

13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&ld=1
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1096
content-type: text/html; charset=utf-8
date: Fri, 08 Nov 2024 15:10:24 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Fri, 08 Nov 2024 15:10:23 GMT
location: /sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID&ld=1
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012406241625000/ Frame 76EC 196 KB
56 KB 459ms
42ms Script
text/javascript 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406241625000/amp4ads-v0.mjs

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

7330191facb7e2ececc564f92a6e4db89028c010eb1d46114c19615354f02bd1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: "cc18f0752fb26ed7"
age: 171347
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:34:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:34:37 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
content-length: 56144
x-xss-protection: 0
server: sffe

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012406241625000/v0/ Frame 76EC 15 KB
5 KB 528ms
114ms Script
text/javascript 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

63a8ed4d42e2e14d5eeb92b559c0942083d03c633e8aa8d82511b06057b5790c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: "a54ee7ef81300879"
age: 172025
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:23:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:23:19 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
content-length: 5218
x-xss-protection: 0
server: sffe

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012406241625000/v0/ Frame 76EC 95 KB
28 KB 455ms
118ms Script
text/javascript 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-analytics-0.1.mjs

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

a1dc183a1e37c034f6528f4768d7912a229f7f25f9e4ed4ad283d0b1d7630551

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: "ed67e306da4f50af"
age: 171857
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:26:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:26:07 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
content-length: 29004
x-xss-protection: 0
server: sffe

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012406241625000/v0/ Frame 76EC 5 KB
2 KB 433ms
140ms Script
text/javascript 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-fit-text-0.1.mjs

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

bdb5fbbf823cdc9431ac0ac26c06d3106dbb27bed5297e1ff8a3da8d72a9bba9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: "318c9ffc754fdb7f"
age: 171808
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:26:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:26:56 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
content-length: 1913
x-xss-protection: 0
server: sffe

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012406241625000/v0/ Frame 76EC 40 KB
13 KB 418ms
132ms Script
text/javascript 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-form-0.1.mjs

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

26dca3cd2ff32a9934a9fe12f32f973e38263f497e28ef43175d81b78af04be2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: "6b189ee8e91db6e8"
age: 171550
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:31:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:31:14 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
content-length: 12940
x-xss-protection: 0
server: sffe

GET
H2 200 15925481110373601238
tpc.googlesyndication.com/simgad/ Frame 76EC 65 KB
66 KB 43ms
42ms Image
image/png 216.58.206.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/15925481110373601238?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnVE1jpPD0CLSaVU4s7Ve5WKch8_w

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f1.1e100.net

Software

sffe /

Resource Hash

65c21a5274c055b673c742a0156dd26107f4984b9f666e297b98bda88ce580e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

age: 283099
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options: nosniff
expires: Wed, 05 Nov 2025 08:32:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 05 Nov 2024 08:32:04 GMT
last-modified: Mon, 23 Sep 2024 09:24:33 GMT
content-type: image/png
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
content-length: 66937
x-xss-protection: 0
server: sffe

GET
H3 200 en.png
pagead2.googlesyndication.com/pagead/images/adchoices/ Frame 76EC 2 KB
2 KB 53ms
49ms Image
image/png 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: public, max-age=86400
timing-allow-origin: *
etag: 14819457070020093239
age: 41264
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Sat, 09 Nov 2024 03:42:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 2502
x-xss-protection: 0
date: Fri, 08 Nov 2024 03:42:39 GMT
content-type: image/png
vary: Accept-Encoding
server: cafe

GET
H3 200 icon.png
pagead2.googlesyndication.com/pagead/images/adchoices/ Frame 76EC 295 B
319 B 51ms
48ms Image
image/png 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: public, max-age=86400
timing-allow-origin: *
etag: 426692510519060060
age: 66749
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 20:37:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 295
x-xss-protection: 0
date: Thu, 07 Nov 2024 20:37:54 GMT
content-type: image/png
vary: Accept-Encoding
server: cafe

GET adview
pagead2.googlesyndication.com/pagead/ Frame 76EC 0
0

GET
DATA 200
OK truncated
/ Frame 76EC 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05074b5f02e83c457b1a775690282477c3162690ffe39d263b9e1bc0bf452dce

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H2 200 sync
ssbsync-global.smartadserver.com/api/ Frame AA19 0
44 B 137ms
50ms Image
text/plain 217.182.178.229
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.182.178.229 , France, ASN16276 (OVH, FR),
Reverse DNS: ip229.ip-217-182-178.eu
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

date: Fri, 08 Nov 2024 15:10:23 GMT
content-length: 0

GET
H2 200 b-bde0e05-b5b90430.js Show response
tagan.adlightning.com/setupad/ Frame B1FF 68 KB
0 0ms
0ms Script
application/javascript 18.66.147.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js
Requested by: Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-43.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8006523641cfe7752eff7fab6bb5a7f7d0881ac0d494447eb8541e5f645d2edc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: gzip
etag: "777a63c7bb73394365962e8e0fd2dc01"
x-amz-version-id: tHAtBRpN__u5ySMyvqtc44KVZeaJWugx
age: 673681
x-cache: Hit from cloudfront
x-amz-cf-id: FD6K6y4d41pRevsPnBt2AVlJtTvo-RoDne3LX09s_OUehZ426vFFDQ==
date: Thu, 31 Oct 2024 20:02:22 GMT
content-type: application/javascript
last-modified: Thu, 31 Oct 2024 20:01:47 GMT
cache-control: max-age=31536000
via: 1.1 32db37931b5639dc27ebaba3ad4f3d2c.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 25896
x-amz-meta-git_commit: bde0e05
x-amz-cf-pop: FRA60-P4
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012406241625000/ Frame B1FF 196 KB
0 276ms
276ms Script
text/javascript 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406241625000/amp4ads-v0.mjs

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

7330191facb7e2ececc564f92a6e4db89028c010eb1d46114c19615354f02bd1

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: "cc18f0752fb26ed7"
age: 171347
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:34:37 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:34:37 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
content-length: 56144
x-xss-protection: 0
server: sffe

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012406241625000/v0/ Frame B1FF 15 KB
0 3ms
3ms Script
text/javascript 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

63a8ed4d42e2e14d5eeb92b559c0942083d03c633e8aa8d82511b06057b5790c

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: "a54ee7ef81300879"
age: 172025
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:23:19 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:23:19 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
content-length: 5218
x-xss-protection: 0
server: sffe

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012406241625000/v0/ Frame B1FF 95 KB
0 3ms
3ms Script
text/javascript 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-analytics-0.1.mjs

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

a1dc183a1e37c034f6528f4768d7912a229f7f25f9e4ed4ad283d0b1d7630551

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: "ed67e306da4f50af"
age: 171857
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:26:07 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:26:07 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
content-length: 29004
x-xss-protection: 0
server: sffe

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012406241625000/v0/ Frame B1FF 5 KB
0 27ms
27ms Script
text/javascript 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-fit-text-0.1.mjs

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

bdb5fbbf823cdc9431ac0ac26c06d3106dbb27bed5297e1ff8a3da8d72a9bba9

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: "318c9ffc754fdb7f"
age: 171808
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:26:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:26:56 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
content-length: 1913
x-xss-protection: 0
server: sffe

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012406241625000/v0/ Frame B1FF 40 KB
0 18ms
18ms Script
text/javascript 216.58.206.65
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012406241625000/v0/amp-form-0.1.mjs

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.65 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

tzfraa-aa-in-f1.1e100.net

Software

sffe /

Resource Hash

26dca3cd2ff32a9934a9fe12f32f973e38263f497e28ef43175d81b78af04be2

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

content-encoding: br
etag: "6b189ee8e91db6e8"
age: 171550
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options: nosniff
expires: Thu, 06 Nov 2025 15:31:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 06 Nov 2024 15:31:14 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
content-length: 12940
x-xss-protection: 0
server: sffe

GET css
fonts.googleapis.com/ Frame B1FF 0
0

GET
H3 200 en.png
pagead2.googlesyndication.com/pagead/images/adchoices/ Frame B1FF 2 KB
0 53ms
49ms Image
image/png 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: public, max-age=86400
timing-allow-origin: *
etag: 14819457070020093239
age: 41264
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Sat, 09 Nov 2024 03:42:39 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 2502
x-xss-protection: 0
date: Fri, 08 Nov 2024 03:42:39 GMT
content-type: image/png
vary: Accept-Encoding
server: cafe

GET
H3 200 icon.png
pagead2.googlesyndication.com/pagead/images/adchoices/ Frame B1FF 295 B
0 51ms
48ms Image
image/png 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: tagan.adlightning.com
URL: https://tagan.adlightning.com/setupad/b-bde0e05-b5b90430.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: public, max-age=86400
timing-allow-origin: *
etag: 426692510519060060
age: 66749
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 08 Nov 2024 20:37:54 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 295
x-xss-protection: 0
date: Thu, 07 Nov 2024 20:37:54 GMT
content-type: image/png
vary: Accept-Encoding
server: cafe

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/13316875249630456905/ Frame B1FF 2 KB
2 KB 46ms
45ms Image
image/jpeg 216.58.206.33
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/13316875249630456905/14763004658117789537?w=100&h=100&tw=1&q=75

Requested by

Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.33 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil07s07-in-f1.1e100.net

Software

sffe /

Resource Hash

7709afd64de4750d71a3c893a3c31bffe577fe95447cc560b9a32f28d8a45618

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

age: 283794
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
x-content-type-options: nosniff
expires: Wed, 05 Nov 2025 08:20:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons: true
date: Tue, 05 Nov 2024 08:20:30 GMT
last-modified: Tue, 25 Jul 2023 11:11:02 GMT
content-type: image/jpeg
cache-control: public, max-age=31536000
timing-allow-origin: *
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
content-length: 2212
x-xss-protection: 0
server: sffe

GET
DATA 200
OK truncated
/ Frame B1FF 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e581f1feefc8289304fe499383240cdd5db8c3efe7ec2935af380becf6869ef3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET adview
pagead2.googlesyndication.com/pagead/ Frame B1FF 0
0

POST
H2 200 node.php Show response
node.setupad.com/node/ Frame E08D 0
240 B 44ms
41ms XHR
text/html 159.89.25.223
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://node.setupad.com/node/node.php
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.89.25.223 Frankfurt am Main, Germany, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-type: application/x-www-form-urlencoded
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache
content-encoding: gzip
pragma: no-cache
access-control-allow-methods: GET, POST
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:24 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.18.0 (Ubuntu)
access-control-allow-headers: X-Requested-With

GET
H2 200 sync
ssbsync-global.smartadserver.com/api/ Frame FA54 0
44 B 52ms
51ms Image
text/plain 217.182.178.229
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.182.178.229 , France, ASN16276 (OVH, FR),
Reverse DNS: ip229.ip-217-182-178.eu
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

date: Fri, 08 Nov 2024 15:10:23 GMT
content-length: 0

GET
H2 200 sync
eb2.3lift.com/ Frame 6EED 0
0 43ms
42ms Document
text/html 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1259
content-type: text/html; charset=utf-8
date: Fri, 08 Nov 2024 15:10:24 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 pbs-iframe
pbs-cs.yellowblue.io/ Frame F65F 0
0 65ms
63ms Document
text/html 34.252.44.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.252.44.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-44-15.eu-west-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://www.onworks.net/
content-length: 0
content-type: text/html
date: Fri, 08 Nov 2024 15:10:24 GMT
server: istio-envoy
x-envoy-upstream-service-time: 1
x-reason: could not perform CS due to compliance policy: gdpr is not applied

GET
H2 200 pbs-iframe
pbs-cs.yellowblue.io/ Frame BFB0 0
0 127ms
65ms Document
text/html 34.252.44.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.252.44.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-44-15.eu-west-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://www.onworks.net/
content-length: 0
content-type: text/html
date: Fri, 08 Nov 2024 15:10:24 GMT
server: istio-envoy
x-envoy-upstream-service-time: 2
x-reason: could not perform CS due to compliance policy: gdpr is not applied

GET runner.html
tpc.googlesyndication.com/sodar/sodar2/232/ Frame C445 0
0

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame 98F5 96 KB
0 0ms
0ms XHR
text/javascript 178.250.1.3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Sat, 09 Nov 2024 15:10:23 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame DFFD 96 KB
0 1ms
1ms XHR
text/javascript 178.250.1.3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Sat, 09 Nov 2024 15:10:23 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame AA19 96 KB
0 0ms
0ms XHR
text/javascript 178.250.1.3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Sat, 09 Nov 2024 15:10:23 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame FA54 96 KB
0 0ms
0ms XHR
text/javascript 178.250.1.3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Sat, 09 Nov 2024 15:10:23 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame E08D 96 KB
0 1ms
1ms XHR
text/javascript 178.250.1.3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Sat, 09 Nov 2024 15:10:23 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 publishertag.prebid.144.js Show response
static.criteo.net/js/ld/ Frame 2628 96 KB
0 1ms
1ms XHR
text/javascript 178.250.1.3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by: Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.1.3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: nginx /
Resource Hash: 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: max-age=86400, public
timing-allow-origin: *
content-encoding: gzip
etag: W/"653b5c0e-1811e"
cross-origin-resource-policy: cross-origin
expires: Sat, 09 Nov 2024 15:10:23 GMT
access-control-allow-origin: *
date: Fri, 08 Nov 2024 15:10:23 GMT
content-type: text/javascript
last-modified: Fri, 27 Oct 2023 06:43:26 GMT
server: nginx

GET
H2 200 sync
eb2.3lift.com/ Frame 97C6 0
0 78ms
74ms Document
text/html 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1397
content-type: text/html; charset=utf-8
date: Fri, 08 Nov 2024 15:10:24 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync
eb2.3lift.com/ Frame 0F41 0
0 114ms
42ms Document
text/html 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1397
content-type: text/html; charset=utf-8
date: Fri, 08 Nov 2024 15:10:24 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame DFFD
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=5747938197863539644

86 B
1006 B

49ms
48ms

Image
image/png

104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=5747938197863539644
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O3%2BXv9EGuMy3GFNuBbuKsW09yFiiSVuT5QqpVMyXuEkYjghgG9t9NIagIauVPhWhuyBCwEvAzzE2fIxoNZK3sHYsLWRhpdxK9XX%2FE7I6c4MfUcqkJ7kNJ5%2FLGGyrPFut00P53Y9yj%2Frt"}],"group":"cf-nel","max_age":604800}
cf-ray: 8df67d59bd2dd391-FRA
expires: 0
server-timing: cfL4;desc="?proto=TCP&rtt=39678&sent=61&recv=61&lost=0&retrans=0&sent_bytes=24015&recv_bytes=17390&delivery_rate=211392&cwnd=91&unsent_bytes=0&cid=0559294454b2de95&ts=1713&x=0"
content-length: 86
date: Fri, 08 Nov 2024 15:10:24 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

access-control-max-age: 86400
location: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=5747938197863539644
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: *
content-length: 0
date: Fri, 08 Nov 2024 15:10:24 GMT
server: nginx
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame AA19
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=5747938197863539644

86 B
748 B

140ms
140ms

Image
image/png

104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=5747938197863539644
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jTw6kSicbb7zK8L4WBpAWl2pMqkCEG5BO0HE4CKFczwL6P9CDHKGjuwFnlKLRRamttEJnIOYLRH1PI52hc426LziWWbWD7rJYFt%2FaL4iRkbxlUXzKwilKQyjPFgnvAUZjlBihrEhCTp1"}],"group":"cf-nel","max_age":604800}
cf-ray: 8df67d5a2e61d391-FRA
expires: 0
server-timing: cfL4;desc="?proto=TCP&rtt=39263&sent=64&recv=64&lost=0&retrans=0&sent_bytes=25087&recv_bytes=17705&delivery_rate=211392&cwnd=91&unsent_bytes=0&cid=0559294454b2de95&ts=1868&x=0"
content-length: 86
date: Fri, 08 Nov 2024 15:10:24 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

access-control-max-age: 86400
location: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=5747938197863539644
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: *
content-length: 0
date: Fri, 08 Nov 2024 15:10:24 GMT
server: nginx
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2 200 sync
eb2.3lift.com/ Frame A282 0
0 45ms
44ms Document
text/html 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1205
content-type: text/html; charset=utf-8
date: Fri, 08 Nov 2024 15:10:24 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 sync
eb2.3lift.com/ Frame 6F48 0
0 43ms
42ms Document
text/html 13.248.245.213
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1279
content-type: text/html; charset=utf-8
date: Fri, 08 Nov 2024 15:10:24 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET view
pagead2.googlesyndication.com/btr/ Frame B1FF 0
0

GET view
pagead2.googlesyndication.com/btr/ Frame 76EC 0
0

GET
H2

200

setuid
prebid-stag.setupad.net/ Frame 2628
Redirect Chain

https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID
https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=5747938197863539644

86 B
750 B

110ms
109ms

Image
image/png

104.26.9.178
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=5747938197863539644
Protocol: H2
Server: 104.26.9.178 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

cache-control: no-cache, no-store, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sJj3qm6Sp3FOGrkHuuOGSU6zZ7AcFFnPQ8IWQoYPHSaj6P%2FQYB%2F%2BUE0dVpUdd1B6X5CgGsCjVYlKgdtxReqwGRLGkJLjlNLb5aMxLsqi5z9xmDSLADGWdrCr8sqIh5PYS02dvEpIUnWe"}],"group":"cf-nel","max_age":604800}
cf-ray: 8df67d5d8f60d391-FRA
expires: 0
server-timing: cfL4;desc="?proto=TCP&rtt=38917&sent=67&recv=67&lost=0&retrans=0&sent_bytes=25901&recv_bytes=18020&delivery_rate=211392&cwnd=91&unsent_bytes=0&cid=0559294454b2de95&ts=2383&x=0"
content-length: 86
date: Fri, 08 Nov 2024 15:10:24 GMT
content-type: image/png
vary: Origin
server: cloudflare

Redirect headers

access-control-max-age: 86400
location: https://prebid-stag.setupad.net/setuid?bidder=adform&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=5747938197863539644
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: *
content-length: 0
date: Fri, 08 Nov 2024 15:10:24 GMT
server: nginx
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With

GET
H2 200 sync
ssbsync-global.smartadserver.com/api/ Frame 2628 0
44 B 51ms
50ms Image
text/plain 217.182.178.229
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dsmartadserver%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5Bssb_sync_pid%5D
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.182.178.229 , France, ASN16276 (OVH, FR),
Reverse DNS: ip229.ip-217-182-178.eu
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.onworks.net/

Response headers

date: Fri, 08 Nov 2024 15:10:24 GMT
content-length: 0

GET
H2 200 pbs-iframe
pbs-cs.yellowblue.io/ Frame 7AC5 0
0 65ms
64ms Document
text/html 34.252.44.15
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pbs-cs.yellowblue.io/pbs-iframe?gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Drise%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BPBS_UID%5D
Requested by: Host: www.onworks.net
URL: https://www.onworks.net/onworkssession.php
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.252.44.15 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-252-44-15.eu-west-1.compute.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Referer: https://www.onworks.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://www.onworks.net/
content-length: 0
content-type: text/html
date: Fri, 08 Nov 2024 15:10:25 GMT
server: istio-envoy
x-envoy-upstream-service-time: 2
x-reason: could not perform CS due to compliance policy: gdpr is not applied

GET cookie
cm.adform.net/ Frame 98F5 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: 9a42d1c9e06b5e3ceb15748e19eb0ae6.safeframe.googlesyndication.com
URL: https://9a42d1c9e06b5e3ceb15748e19eb0ae6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/adview?ai=CrfiO3ykuZ9rMG76SjuwPqOb8gAP4tLzzetq60PGpE9nZHhABII3kvSlg6eTJhdgaoAHfrIauA8gBAqkCyJj7yRS3kD7gAgCoAwHIAwiqBLkCT9A-F6_2ElSonVy9Opgemy4X_Jm514VQjrWx1cudlhY_llZjmIj0KEAgM6snvlVJIr8smEcrdJ9os4K-ZdnfoYf6OTqCZvI4E-znD4YPShMMCcw3OHYuF4axoll8g9ddpIDKl4YGFZvkDKJ8ttzDSkfRauhc1Xism5GEh4Ztk-gTCLdcd4tHwXYCp5xuedsaoOxztj7KPCYMhYfxePSo2WtZu0hzxOITI9H_FoY-DBtnpvVpxb9sPnNdOCghbQYC2Xk7gR_2uG252nVvoCmFxHgC3aZ_4bvasMDowIV3WAXaurvODuOhYFCIE9feHNDucqHCeIaqxxzQpR2MptojzDQYXuUnFwTCoRyugmAjwCPHPtagrBis-xvaioN0_6QIrq897SPfJGRgmHgjTVNuYZpwrEv25XPOLcAErcqTxuUE4AQBiAXm3pn6UJIFBAgEGAGSBQQIBRgEoAYCgAfZ06pbqAfVyRuoB9m2sQKoB6a-G6gHjs4bqAeT2BuoB_DgG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAfIHBBCGswnSCCwIkeGAcBABGB0yB-uLgOC_gAE6CgCAgICAgJSu4ANIvf3BOljB77Wzgs2JA_IIG2FkeC1zdWJzeW4tMTYwMjYxODE2MjkxNzU3MpoJkAFodHRwczovL3d3dy54dGIuY29tL3BsP3V0bV9zb3VyY2U9Z29vZ2xlJnV0bV9tZWRpdW09Y3BjJnV0bV9jYW1wYWlnbj1nZG5femxhdGFuXzIwMjRfcHJvc3BlY3RpbmdfSUQyMDYzJnV0bV9jb250ZW50PWJyYW5kX2F3YXJlbmVzcyZnYWRfc291cmNlPTWACgPICwHiDRMIub-2s4LNiQMVPomDBx0oMx8w6g0TCOTttrOCzYkDFT6JgwcdKDMfMNgTDdAVAZgWAYAXAbIXIAocCAASFHB1Yi0zOTcwMjc3NTM1NTI4NjEzGJXiHxgBuhcCOAGyGAkSAu9OGAIiAQDQGAHoGAE&sigh=eitY0QqBWPI&uach_m=%5BUACH%5D&ase=2&nis=ATTRIBUTION_REPORTING_STATUS&ebtr=1

Domain: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C900%7CGoogle%20Sans%3A400

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/adview?ai=CNHl43ykuZ4XLHOfF9u8PmdLv0AW71YSke_blrOjYEWQQASCN5L0pYOnkyYXYGqABj9Ge7CnIAQHgAgCoAwHIAwqqBLUCT9DrrGMy3oBzGErPFuujKZlaM04JXModaWSLoZdxgxb4r7cdcxjkq6smV-KF2WXqnZ6a3dqRv6JNPuPsrTSYR4KqcB4E-Fc0E_AEaOkrfuXEo7Iv45Oc3fMIYDGK6WtRGkr3Rt2VTPH2dJ0UCrfOqgU7jQjUP4nWEmlBjsZbLR-T6TinkxXt8Ql1ecsctlgXLr1hkHMPGiYTvJZuQtDTJmESdC91nN1lJ7hAkFIy_mgH79A7IuXINzSmNEvbjH-IqNrKpBvzFYC2YHPSqCwSHG9BJmPlKEgRVri8LAfMMiEHuM7N5HS1zV2krfAXN2KwgPTS7zsjZHFiqI5k_6F8JSuUs4xXvLj7bEywDkiI6G5mbjc1UEeTCnx3DGWfeviy9sbxHuX7UMeW9Q-VGKlnhELM0DWewAStx8LNuATgBAGIBZDkvLZMkgUECAQYAZIFBAgFGASAB4-J78sEqAfVyRuoB9m2sQKoB6a-G6gHjs4bqAeT2BuoB_DgG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAfIHBBCosQfSCCwIkeGAcBABGB0yB-uLgOC_gAE6CgCAgICAgJSu4ANIvf3BOlj8mrazgs2JA_IIG2FkeC1zdWJzeW4tMTYwMjYxODE2MjkxNzU3MpoJSGh0dHBzOi8vc2lkZXIuYWkvYXBwcy9scC1jaGF0Z3B0P3NvdXJjZT1nZyZwMT1haSZwMj1kaXNwbGF5JmdhZF9zb3VyY2U9NYAKA8gLAeINEwjh0razgs2JAxXnov0HHRnpG1rqDRMI_Y-3s4LNiQMV56L9Bx0Z6Rta2BMMiBQP0BUBmBYBgBcBshcgChwIABIUcHViLTM5NzAyNzc1MzU1Mjg2MTMYleIfGAG6FwI4AbIYCRICqlAYASIBANAYAQ&sigh=zS84fofgYJ4&uach_m=%5BUACH%5D&ase=2&nis=ATTRIBUTION_REPORTING_STATUS&template_id=5001&ebtr=1

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/btr/view?ai=CNHl43ykuZ4XLHOfF9u8PmdLv0AW71YSke_blrOjYEWQQASCN5L0pYOnkyYXYGqABj9Ge7CnIAQHgAgCoAwHIAwqqBLUCT9DrrGMy3oBzGErPFuujKZlaM04JXModaWSLoZdxgxb4r7cdcxjkq6smV-KF2WXqnZ6a3dqRv6JNPuPsrTSYR4KqcB4E-Fc0E_AEaOkrfuXEo7Iv45Oc3fMIYDGK6WtRGkr3Rt2VTPH2dJ0UCrfOqgU7jQjUP4nWEmlBjsZbLR-T6TinkxXt8Ql1ecsctlgXLr1hkHMPGiYTvJZuQtDTJmESdC91nN1lJ7hAkFIy_mgH79A7IuXINzSmNEvbjH-IqNrKpBvzFYC2YHPSqCwSHG9BJmPlKEgRVri8LAfMMiEHuM7N5HS1zV2krfAXN2KwgPTS7zsjZHFiqI5k_6F8JSuUs4xXvLj7bEywDkiI6G5mbjc1UEeTCnx3DGWfeviy9sbxHuX7UMeW9Q-VGKlnhELM0DWewAStx8LNuATgBAGIBZDkvLZMkgUECAQYAZIFBAgFGASAB4-J78sEqAfVyRuoB9m2sQKoB6a-G6gHjs4bqAeT2BuoB_DgG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAfIHBBCosQfSCCwIkeGAcBABGB0yB-uLgOC_gAE6CgCAgICAgJSu4ANIvf3BOlj8mrazgs2JA_IIG2FkeC1zdWJzeW4tMTYwMjYxODE2MjkxNzU3MpoJSGh0dHBzOi8vc2lkZXIuYWkvYXBwcy9scC1jaGF0Z3B0P3NvdXJjZT1nZyZwMT1haSZwMj1kaXNwbGF5JmdhZF9zb3VyY2U9NYAKA8gLAeINEwjh0razgs2JAxXnov0HHRnpG1rqDRMI_Y-3s4LNiQMV56L9Bx0Z6Rta2BMMiBQP0BUBmBYBgBcBshcgChwIABIUcHViLTM5NzAyNzc1MzU1Mjg2MTMYleIfGAG6FwI4AbIYCRICqlAYASIBANAYAQ&sigh=zS84fofgYJ4&uach_m=%5B%5D&ase=2&nis=4&template_id=5001&ibtr=1

Domain: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/btr/view?ai=CrfiO3ykuZ9rMG76SjuwPqOb8gAP4tLzzetq60PGpE9nZHhABII3kvSlg6eTJhdgaoAHfrIauA8gBAqkCyJj7yRS3kD7gAgCoAwHIAwiqBLkCT9A-F6_2ElSonVy9Opgemy4X_Jm514VQjrWx1cudlhY_llZjmIj0KEAgM6snvlVJIr8smEcrdJ9os4K-ZdnfoYf6OTqCZvI4E-znD4YPShMMCcw3OHYuF4axoll8g9ddpIDKl4YGFZvkDKJ8ttzDSkfRauhc1Xism5GEh4Ztk-gTCLdcd4tHwXYCp5xuedsaoOxztj7KPCYMhYfxePSo2WtZu0hzxOITI9H_FoY-DBtnpvVpxb9sPnNdOCghbQYC2Xk7gR_2uG252nVvoCmFxHgC3aZ_4bvasMDowIV3WAXaurvODuOhYFCIE9feHNDucqHCeIaqxxzQpR2MptojzDQYXuUnFwTCoRyugmAjwCPHPtagrBis-xvaioN0_6QIrq897SPfJGRgmHgjTVNuYZpwrEv25XPOLcAErcqTxuUE4AQBiAXm3pn6UJIFBAgEGAGSBQQIBRgEoAYCgAfZ06pbqAfVyRuoB9m2sQKoB6a-G6gHjs4bqAeT2BuoB_DgG6gH7paxAqgH_p6xAqgHr76xAqgH98KxAtgHAfIHBBCGswnSCCwIkeGAcBABGB0yB-uLgOC_gAE6CgCAgICAgJSu4ANIvf3BOljB77Wzgs2JA_IIG2FkeC1zdWJzeW4tMTYwMjYxODE2MjkxNzU3MpoJkAFodHRwczovL3d3dy54dGIuY29tL3BsP3V0bV9zb3VyY2U9Z29vZ2xlJnV0bV9tZWRpdW09Y3BjJnV0bV9jYW1wYWlnbj1nZG5femxhdGFuXzIwMjRfcHJvc3BlY3RpbmdfSUQyMDYzJnV0bV9jb250ZW50PWJyYW5kX2F3YXJlbmVzcyZnYWRfc291cmNlPTWACgPICwHiDRMIub-2s4LNiQMVPomDBx0oMx8w6g0TCOTttrOCzYkDFT6JgwcdKDMfMNgTDdAVAZgWAYAXAbIXIAocCAASFHB1Yi0zOTcwMjc3NTM1NTI4NjEzGJXiHxgBuhcCOAGyGAkSAu9OGAIiAQDQGAHoGAE&sigh=eitY0QqBWPI&uach_m=%5B%5D&ase=2&nis=4&ibtr=1

Domain: cm.adform.net
URL: https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Fprebid-stag.setupad.net%2Fsetuid%3Fbidder%3Dadform%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID

Verdicts & Comments Add Verdict or Comment

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.3lift.com/sync	1970-01-21 03:00:54	Name: sync Value: CgoIgAIQmabO4rAyCgoIgQIQj6fO4rAyCgoIggIQz6jO4rAyCgoIhwIQmabO4rAyCgkISRCPp87isDIKCQgLEI-nzuKwMgoKCIsCEM-ozuKwMgoKCIwCEJmmzuKwMgoKCM4BEI-nzuKwMgoKCI4BEJWozuKwMgoJCA4Qz6jO4rAyCgoIkAIQz6jO4rAyCgoIkQIQlajO4rAyCgoIkgIQlajO4rAyCgoIkwIQz6jO4rAyCgoIlAIQj6fO4rAyCgoI1gEQz6jO4rAyCgkIGxCZps7isDIKCgidAhCVqM7isDIKCgjeARCPp87isDIKCQhfEJmmzuKwMgoJCB8QlajO4rAyCgoIoQEQmabO4rAyCgoI4gEQmabO4rAyCgoI4wEQz6jO4rAyCgoI5gEQmabO4rAyCgoI5wEQj6fO4rAyCgoIrAIQmabO4rAyCgoIrQIQj6fO4rAyCgoIswIQz6jO4rAyCgoItAIQlajO4rAyCgoItQIQz6jO4rAyCgoItwIQj6fO4rAyCgkIORCPp87isDIKCQg6EJmmzuKwMgoKCLsCEJWozuKwMgoKCPsBEJWozuKwMgoKCL0CEJWozuKwMgoKCP8BEJWozuKwMgoJCD8Qz6jO4rAy
.onworks.net/	1970-01-21 10:27:18	Name: _ga_DN38F0DWYD Value: GS1.1.1731078620.1.0.1731078620.0.0.0
.onworks.net/	1970-01-21 10:27:18	Name: _ga Value: GA1.2.1095806677.1731078621
.onworks.net/	1970-01-21 00:52:45	Name: _gid Value: GA1.2.94928268.1731078621
.onworks.net/	1970-01-21 00:51:18	Name: _gat_gtag_UA_117545413_4 Value: 1
.onworks.net/	1970-01-21 09:36:54	Name: _sharedID Value: dafc758f-3496-4015-b836-de7633ddbd46
.onworks.net/	1970-01-21 09:36:54	Name: _sharedID_cst Value: zix7LPQsHA%3D%3D
www.onworks.net/	1970-01-21 00:51:20	Name: stpdOrigin Value: {"origin":"direct"}
.adnxs.com/	1970-01-21 10:27:18	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 03:00:54	Name: XANDR_PANID Value: TDOsZDNC-5Hez12fkki-UTm9ThSQbwJZDrLh5613Njq0wf-7jWa5Mp-MwRsgwwWk7Z0TrSitpKZ9k2eo-wopfm53bBQk44c7d2S1kFNNgRk.
.adnxs.com/	1970-01-21 03:00:54	Name: icu Value: ChgIuJJ8EAoYASABKAEw3tO4uQY4AUABSAEQ3tO4uQYYAA..
.adnxs.com/	1970-01-21 03:00:54	Name: uuid2 Value: 5752566271585438177
ads.us.e-planning.net/	1969-12-31 23:59:59	Name: CT Value: 1
.e-planning.net/	1970-01-21 10:27:18	Name: E Value: ABXtaYbmEZaIv00K
.criteo.com/	1970-01-21 10:12:54	Name: cto_bundle Value: KmtQAV9PU1h0WjFtN0djUkt0cWV6TkwyYklUOGdNOFJkSGoxRUcyWVpheVZZaG1VQW9XT2tHYU1LQmclMkZpWEhKOXp2N1hZVmFXbzhyRHM0TFZ4QmhPRkhua1g2SUwwRXkyVkh3M1ZZJTJGNDRZYWJMbXMlM0Q
.adform.net/	1970-01-21 02:17:42	Name: uid Value: 5747938197863539644
.ads.pubmatic.com/	1970-01-21 00:52:45	Name: KCCH Value: YES
.admixer.net/	1970-01-21 03:00:54	Name: am-uid Value: e680356565574d08ad0ce31f592ca4ef
.onworks.net/	1970-01-21 05:10:30	Name: __eoi Value: ID=fff8a4d3246298fd:T=1731078623:RT=1731078623:S=AA-AfjbR_ex6ldpRaR8oShG1N-Hs
.3lift.com/	1970-01-21 03:00:54	Name: tluidp Value: 4673338535564387594758
.3lift.com/	1970-01-21 03:00:54	Name: tluid Value: 4673338535564387594758
.bidswitch.net/	1970-01-21 09:36:54	Name: tuuid Value: 51308a2c-6a26-4952-ac41-863891b0fdd0
.bidswitch.net/	1970-01-21 09:36:54	Name: c Value: 1731078624
.bidswitch.net/	1970-01-21 09:36:54	Name: tuuid_lu Value: 1731078624
.doubleclick.net/	1970-01-21 10:12:54	Name: IDE Value: AHWqTUlH0aEsJ7kB2O-TkzJlT0jj3qd1vtN2GdyDzc63pP098efPg8jMe9yU5cYcGWE
.sitescout.com/	1970-01-21 09:36:54	Name: ssi Value: a92ba2c9-d140-42f9-8067-87286ad9a575#1731078624301
.w55c.net/	1970-01-21 10:20:06	Name: wfivefivec Value: MVlYdpDa1T9qCY5
.sitescout.com/	1970-01-21 01:34:30	Name: _ssuma Value: eyIyNiI6MTczMTA3ODYyNDM1NiwiMzkiOjE3MzEwNzg2MjQzNTYsIjciOjE3MzEwNzg2MjQzNTZ9
.w55c.net/	1970-01-21 01:34:30	Name: matchtriplelift Value: 5
prebid-stag.setupad.net/	1970-01-21 03:00:54	Name: uids Value: eyJ0ZW1wVUlEcyI6eyJhZGZvcm0iOnsidWlkIjoiNTc0NzkzODE5Nzg2MzUzOTY0NCIsImV4cGlyZXMiOiIyMDI0LTExLTIyVDE1OjEwOjI0LjQzNjk0NzgyMloifSwiZXBsYW5uaW5nIjp7InVpZCI6IkFCWHRhWWJtRVphSXYwMEsiLCJleHBpcmVzIjoiMjAyNC0xMS0yMlQxNToxMDoyMy43MjkwNjkwMDJaIn19fQ==
.csync.loopme.me/	1970-01-21 03:03:47	Name: viewer_token Value: 0f36d094-fdba-4cd6-a1e7-5dc2d38523e2
.adx.opera.com/	1970-01-21 09:36:54	Name: UID Value: OPU7c0a18c492024032a16d5b7ab9d18817
.bidr.io/	1970-01-21 10:19:48	Name: bito Value: AABG8E7OXFQAABTRnEokTg
.bidr.io/	1970-01-21 10:19:48	Name: bitoIsSecure Value: ok

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	Message: A bad HTTP response code (500) was received when fetching the script.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

09c54a2f1a5a7b0671c548cb63a6c725.safeframe.googlesyndication.com
9a42d1c9e06b5e3ceb15748e19eb0ae6.safeframe.googlesyndication.com
ads.us.e-planning.net
adx.adform.net
bidder.criteo.com
cadmus.script.ac
cdn.ampproject.org
cdn.jsdelivr.net
ce2c41b846950fb9c400d7bb76d25a22.safeframe.googlesyndication.com
cm.adform.net
d208809318659122e338c9736db856b1.safeframe.googlesyndication.com
downloads.uptoplay.net
e566f6526a225c306f09ba2cb5bd0071.safeframe.googlesyndication.com
e756d1533fa4840d9ae222009a760a9b.safeframe.googlesyndication.com
eb2.3lift.com
fonts.googleapis.com
gum.criteo.com
ib.adnxs.com
id5-sync.com
images.onworks.net
lb.eu-1-id5-sync.com
mp.4dex.io
node.setupad.com
pagead2.googlesyndication.com
pbs-cs.yellowblue.io
prebid-eu.creativecdn.com
prebid-stag.setupad.net
prebid.a-mo.net
prg.smartadserver.com
region1.google-analytics.com
rtb.adxpremium.services
script.4dex.io
securepubads.g.doubleclick.net
ssbsync-global.smartadserver.com
static.criteo.net
stpd.cloud
stream.onworks.net
tagan.adlightning.com
tlx.3lift.com
tpc.googlesyndication.com
web.hb.ad.cpe.dotomi.com
www.google-analytics.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.onworks.net
9a42d1c9e06b5e3ceb15748e19eb0ae6.safeframe.googlesyndication.com
cm.adform.net
fonts.googleapis.com
pagead2.googlesyndication.com
tpc.googlesyndication.com
104.18.23.145
104.18.31.49
104.26.9.178
13.248.245.213
142.250.185.131
142.250.185.168
142.250.186.162
151.101.193.229
159.89.25.223
162.19.138.117
163.5.194.33
172.217.16.194
172.64.153.78
172.67.71.155
172.67.75.241
178.250.1.11
178.250.1.3
178.250.1.56
18.66.147.43
185.106.140.18
185.184.8.90
185.89.210.122
193.3.178.4
216.239.34.36
216.58.206.33
216.58.206.34
216.58.206.46
216.58.206.65
217.182.178.229
3.124.64.248
34.252.44.15
37.157.2.228
37.157.2.229
37.60.252.138
45.8.133.83
5.135.209.96
64.158.223.146
01abc952e2565112f0bc1d6eab5c4b8ce57da286769aaa407dce5d9850f57620
03f7ec3e4f7196c41aab2cf917f6df3fbbaac8db792dc36d9b479af22d9ef3a1
05074b5f02e83c457b1a775690282477c3162690ffe39d263b9e1bc0bf452dce
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06a33223d4ecd029e6ac4bff395de3287a3d513bd1ed841e8df4f3547ed54c40
0d97fa50f475a560fb5204d5791e96468193c934133a721b5273eb4550ab1fa9
101ead936a2281d53dcc064b7e2a2ab0d53b92ef3ef7b34b668673007895c860
101ffbc58574cf8ad9080605fe602a65cdc54445b6eebf60c87bac3fe31bf636
11fefb9c374d241b645ab5030176d8d2af1b3d362b31f20620848af9e0835ec4
138485db4823c1444d2991c332c2fb4cd3ea3b6fddbed5317506170e361b38c1
14f29c0d1d5cb9f8871c929af419262d5b724aa2264ba2f47ee774c7b1740e0e
1c9b11f92ef0309941ec7f89106cf3683117b4d9ab62489f29296f1912fb9905
1cf546e201d7afa553e1a42e67825fef8860351a51ddb808e8b02f86c3848f9f
2419d5df9c26372a71c881e16f8716d02ba9fa384074fcf0dc9ab526847eef61
2440da49abf00e2fc8e09c38bbb2ac1afca94303ead6974b746c79155c789b9b
246fef45b3c78c283fb603de040c9263bbb48532dcb057d4045a790b1b149318
24e077516b89f2a627c538ae9c18493ecd80f1fe367c0528c2cadc62d6601b6d
25377c3b5fdd6f4fe4b3e8f786d6e5a475b99f242487b52b81c0162e67ece722
2554e4ac15349713d8b5318b3fe36d8da1792096d7b5290a4efb156fa7566d26
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
25b8f3aefaa2bbab5d6a50fdb519e28c7c5e68296ae272beb4a75aa46cc298f8
26dca3cd2ff32a9934a9fe12f32f973e38263f497e28ef43175d81b78af04be2
286e7026e46b337d1e965009057e4453ad34548a8fdfbb08f67783bf18719d9c
29555ba76bb2973ea85881ff0218a5975c75aa2b384a11010c5220640719ea85
2e41a15f51d22d1ef5880bdfcd31724a12fee3252937b5cd5c5b45d3ca2670d0
2ef2cc6e0030f6b7220abe2b61e5465d80c5b1177437a39e8446a61ec353fd78
2f141c417bd5946c1f3a44651b9fb5af7153c1c50eb472f4ec89d58632a26680
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3832744ee5ad77301e7bb449ada60978d9cc12e7ba659af61b4ee993abc16573
388bf206c1a54aac2a0f643ea09aa7cd8735cb5eaa18632c4f88e44044f33e15
3ad9292f7844d507f33f4de3bf19577c9115a8b7bc807f989ab26b19e3c97fe7
3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7
3b9767e5d0bea4d284bb1e624cc6ee3244b13efedfe5424eb5140ef326511eb7
3dc5c3307b9b9a11721bc963c6f44ba98bc586f2cd9740fb0b5064f5f79962cd
40bd47262beaacaccbc6fad3b200227ac6ab34a83eebab195b4d566953ed1c16
415157e9287ceaa71dee0bdd96014b8aa5fcbd5e70b77988df52496bebe467bb
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4
4981c5f70553aacb3ef7ce2630b0e3eab6539e3ed34021693fd029fe009eeea1
50f17262769a2476f090fd24ef33caffed8acd6caf684b20bdc90909c5c43758
51d187e3e6260158dcf43dcfe8294ed8ef2c2245eb258b4867e36f71d55c160e
52de3fb37e167bc691b7233a515bda92daee4d136e081ec14876f571fa8355d1
55008b153a04c2899c1fe1ff05eefae7fd5677ba3e2e0615abc8ff85f6dec469
56fdceec363758833100b58312eb4993fe9f599ca70117325ccbabe03b7d6d26
5705053c69b2c5780027375c16c0686f5e7f59c10864e70cb57f3754e35474f5
5878e17644221caf8e1cb80bb0eca6e87ad56cacd5037c372e7cea0bb7458c31
601f35d1c8363fe14704e1607b329848a04472c6012def6402a577fc0eab3e78
63a8ed4d42e2e14d5eeb92b559c0942083d03c633e8aa8d82511b06057b5790c
652ec7cc53b1d4ce7f0d5f72fbe286ad0ff0a3c44eef366f60faf26d3a3d60fd
65c21a5274c055b673c742a0156dd26107f4984b9f666e297b98bda88ce580e0
66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507
6a3cf5192354f71615ac51034b3e97c20eda99643fcaf5bbe6d41ad59bd12167
6ab23891ab9199d6c2ec7c9d39f22de4231dd5ed0f645f31ecac1108183d6ab1
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f8037656fc8ee731d4f286be37ee2a24d7446480c879635670eb2836a46eed5
7160a771fc3d7c014c59034e6ff9d2bec065d808771165bf5e6b4593a2a2de72
72826aebfbd36b0946d90411b2eb52e7e54d8b002030abce5ee27dd51eadfacd
7330191facb7e2ececc564f92a6e4db89028c010eb1d46114c19615354f02bd1
7709afd64de4750d71a3c893a3c31bffe577fe95447cc560b9a32f28d8a45618
773485acaee520be797ce2adbd1ae738c1c28b49b11e298ed784edbb11b08a2d
7ab96cf219685131aef6e1ef48f32d1e9fd5da1f2c12da0b632e867f0ea92a57
7c69058459fdf0b4521ba057f595d6aa938265ccf3095e818150886a7bb5bf44
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
8006523641cfe7752eff7fab6bb5a7f7d0881ac0d494447eb8541e5f645d2edc
81ea22e6310b2238f0c937448a5e8b9f37c3e1aeee273dd3e4a5cff86bf34a6d
8300e9e9a1efa759775b60174abaca1baadbcdbdc65e47bb087562348eca4eaf
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
87cc64769a62314612e92ffae77d8875a1efc1bbab37a294b336b7722aec9ef3
897b7859cc1e90414705ed226993f7bde573512262ab53adfe80d938b81d24aa
8b067516ddef8d0d66befec8290436bc1220931a13bd6b7b1b60c8cb89f976f7
8cf60f19a7dd2f5842d95e3d1e1a93a7f52c1a4fd5bb40445ee9831264d09ec0
90909d259afbaaa73f4accf86af27e03040ec2540cf1aca4a0a0e5aa8fbdc133
9a3272fdc40cb2636333e4ba1bd290adb9c78e01c7af4ae21da20a5cdf54b3b7
9cf6226f1172062ada2d8c2a687f869b33a84516fcc97f9e1f4284a256da13ea
a053c15264790959935565373e2a16bd950bd6cab407ce22bbe6f1b9301ab2f2
a165e3e52a937f8ca68a87b90076e1d7658f51fe558c1e24764d119f8d4c0e9f
a1dc183a1e37c034f6528f4768d7912a229f7f25f9e4ed4ad283d0b1d7630551
a3896185abb20969c8ef6851e9cb90a32159fcf5604d08a5183b939fde6d10dd
a40d694056966b1091b9a35758d28b22ee6daedeeea45053572ed19b78fa96f9
a74575e6522e55be393a71461a159d4ae6ae0b927954d37065db1b4b38f616ac
aafd776ec37c9b47abb96dc3199c4dda7aff364fa6ec9f0458822793bee3e890
adc90988345fa6f0d22f6b312623128ac8f7c5c2b161100d8d8e0ba243357ccf
b007617bb370c421bb7998a586e400470e78f68c84416f6eb032305afb7ef46a
b22ccb82da144cf5f2dac9a7efd05f52d18548007cc8738806c6a14ef746479f
b70ffb78be2399291bd01af0d91edb91139ac4229fc5428b09fb1fda2237a172
b7ade427b9d3343a815b66b5d10665457f42367ee12bf3ef686ef757dc4704e1
b831ee2bbbdc5353833b35f1176feab0fe3d5a00c04c2576e7de866bced4a3c0
b87de489c3eda2d7cc12367ec2cd76c0bd53ff131e63b0068a92acab334a0227
bdb5fbbf823cdc9431ac0ac26c06d3106dbb27bed5297e1ff8a3da8d72a9bba9
c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510
c0b0cd2dcf0f952ad76b4c7b215dbf058261003a3d6de7f31eaac5a905ebc179
c0bb478b61a1c97d3485a9075de3db15d34e1882a6af6c406516cb869097f859
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c46190260eecd200398b24a43ec8a5788657a055827eea1a302c644eb83d3b87
c5200f07ef11e7b3ca3e6b06cabaff902eb3a18da78d7bf28e15416a247d6845
c70cbb0442fb7d096828e4864b01f1805066f9f579195d4f6c9131d801b45a1a
c7887c0f698d53558fa97c35fee57be8ef4c615a0b26d6d4f0daee6a6228c4bb
c84c0e919ae72b8ef9abd4d5f8f38bddffd185e571a13c9ab0de6be1391c3c64
c88815b964f3ec67d62f2b8420f63fc68f213349e8e13c929aa5ee6e42e07a43
c8d4c98956c200fee9af8e2c1d6d9527123a0737bbaae846320f6f9ccf68780e
cf7a26ecb0b35482b0f35ddd6e28fa91a0b109cf22a5953831c91234251651b3
cfbb9587d81547ee88e982ede25782502918209a7c0b1e4a0a2360b532f20d7a
cfdc86efea1d407c9204f0c7faf17afce136acf570336610956a4ef10af37392
d1e321dc91a4d8a454525f5e8b531f72328b89e2442843eb646e9f27242cc45c
dc03a5a384ff5aee17787f5064cef75b611c0c8ea4fa5fd95746373391225f6d
dc88fca5f3240a994f4943b04be43a02aeea210184191253d09e1a549887e597
de09a955218a653aa9ec818f1c63b4a1aeb07209d2400f52fe3edd1bc33005ec
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
dfb526b9866860986cd7dd3de9355ded4ac3b9323297048ead59b0aac4a58d1d
e04b5f6537d21b1d67841c6b1699d0ef93b7ea1bbb94ae06234f999d05c23c3c
e2320f2452434b494e292e5a413126980c134215940ab091e9e496a0052d62f8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4bf411611a715a5752d6e80345cd5fa56731a8ff96e54e5212024337a1c6984
e581f1feefc8289304fe499383240cdd5db8c3efe7ec2935af380becf6869ef3
e5feaf35ed0e13d702c62be765ea88100cab64c67787173e73c9001cc51f3129
e687ea2f0b101508eb42841e23a305148562e615919a5c646aca1b753bd518a5
e7954fac79433b0086e20fd1d5cd260dfeca6822b5c6b435dc4228e1377883f4
e944876c5fd13cc8ed0441c1a8bac2657147995d36634ce300b5ada152cbf52d
ede3bbe4726ece010c34e87362b0ccecd59b1d8d3175d2235ea0c45eee5e65ab
f0c3a2b7c4d2ff4d54d25bb6f0ba197dddb4bb156578ea82e353b23242d191cd
f2ccfe0a97e6746488c0e165704fd2aa9b522e3b27d0c4a952b3f254fc630d70
f9474be1ca24b268791ddd7e16b1a0488e3cf6deb1b676783f80661835e22757
fda1c4e398b9b259a789b073bca39e6815c481e1b9f5a987060fbb8db49249e3
fef0ae74dc3bcf89260cfe9fe70df333bb482dc7e52f129aa73b177426c72152
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99

www.onworks.net Open in urlscan Pro 172.67.71.155 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

277 Requests

96 %HTTPS

0 %IPv6

31 Domains

46 Subdomains

38 IPs

7 Countries

1844 kBTransfer

11417 kBSize

34 Cookies

13 Outgoing links

Page URL History

Redirected requests

277 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.onworks.net Open in urlscan Pro
172.67.71.155 Public Scan

Screenshot
Live screenshot

Full Image

277
Requests

96 %
HTTPS

0 %
IPv6

31
Domains

46
Subdomains

38
IPs

7
Countries

1844 kB
Transfer

11417 kB
Size

34
Cookies

277 HTTP transactions
2 data transactions