scamalytics.com Open in urlscan Pro
152.89.76.23  Public Scan

3 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48

• https://pbjs.e-planning.net/pbjs/1/7d9e8/1/scamalytics.com/ROS?rnd=0.7264323921286&e=728x90_0%3A728x90%2C970x90%2C980x90%2C990x90%2C468x60%2B160x600_0%3A160x600%2C120x600%2B160x600_1%3A160x600%2C120x600&ur=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&pbv=8.45.0&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122 HTTP 302
• https://pbjs.e-planning.net/hb/1/7d9e8/1/scamalytics.com/ROS?ct=1&r=pbjs&rnd=0.7264323921286&e=728x90_0%3A728x90%2C970x90%2C980x90%2C990x90%2C468x60%2B160x600_0%3A160x600%2C120x600%2B160x600_1%3A160x600%2C120x600&ur=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&pbv=8.45.0&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122

Request Chain 70

• https://lexicon.33across.com/v1/envelope?pid=0015a0000344WPrAAM&src=aps&ver=1.14.0 HTTP 307
• https://lexicon.33across.com/v1/envelope?pid=0015a0000344WPrAAM&src=aps&ver=1.14.0&b=1&tp=FullEYz%2F%2FDNLtmtDlDrb7lDgni2Or%2BZGDyTR3g2zoLg%3D

Request Chain 71

• https://lexicon.33across.com/v1/envelope?pid=0015a0000344WPrAAM&src=aps&ver=1.14.0 HTTP 307
• https://lexicon.33across.com/v1/envelope?pid=0015a0000344WPrAAM&src=aps&ver=1.14.0&b=1&tp=DsQ3kTJkY2SBRyhJYMjjC8ID2a%2BwqGFVkL1Tyx5CzUY%3D

Request Chain 77

• https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-LoopMe_n-adMediaV1_snb_n-MediaNet_n-Beeswax_smrt_cnv_n-adYouLike_n-adman-v2_n-onetag_n-simpli.fi_rbd_ppt_n-baidu_n-nativo_an-db5_n-Rise_n-Outbrain HTTP 302
• https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-LoopMe_n-adMediaV1_snb_n-MediaNet_n-Beeswax_smrt_cnv_n-adYouLike_n-adman-v2_n-onetag_n-simpli.fi_rbd_ppt_n-baidu_n-nativo_an-db5_n-Rise_n-Outbrain&dcc=t

100 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request 31.171.154.122 Show response scamalytics.com/ip/	31 KB 7 KB	222ms 51ms	Document text/html	152.89.76.23 KRYSTAL Krystal H...
General Check archive.org Show headers Download Go to Full URL https://scamalytics.com/ip/31.171.154.122 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 152.89.76.23 Edison, United States, ASN12488 (KRYSTAL Krystal Hosting Ltd, GB), Reverse DNS www1.scamalytics.katapult.cloud Software nginx / Resource Hash f0f1b6143a15a830562dbf91904db1e31485a88592a35c013fa3eb2af11e8dd1 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Cache-Control no-store, no-cache, must-revalidate Connection keep-alive Content-Encoding gzip Content-Type text/html; charset=UTF-8 Date Wed, 18 Dec 2024 15:50:15 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Pragma no-cache Server nginx Transfer-Encoding chunked
GET H2	200	js Show response www.googletagmanager.com/gtag/	272 KB 96 KB	128ms 56ms	Script application/javascript	2607:f8b0:4004:c0b::61 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-XYDQLQEZ30 Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c0b::61 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash a22edfbd93f597a32d3fc90d0c34595f16ade29d999e41a97ac6a32ded43b49f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding br report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],} expires Wed, 18 Dec 2024 15:50:15 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:15 GMT content-type application/javascript; charset=UTF-8 vary Accept-Encoding access-control-allow-headers Cache-Control strict-transport-security max-age=31536000; includeSubDomains cache-control private, max-age=900 cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0 access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 97846 x-xss-protection 0 server Google Tag Manager
GET H/1.1	200 OK	logo_path_375x77.svg scamalytics.com/images/svg/	7 KB 7 KB	32ms 31ms	Image image/svg+xml	152.89.76.23 KRYSTAL Krystal H...
General Check archive.org Show headers Download Go to Show image Full URL https://scamalytics.com/images/svg/logo_path_375x77.svg Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 152.89.76.23 Edison, United States, ASN12488 (KRYSTAL Krystal Hosting Ltd, GB), Reverse DNS www1.scamalytics.katapult.cloud Software nginx / Resource Hash 1ff6452d3f084a592dbebd75fa0aa41428b6270f79286b9ca6fa99b28472cfcb Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ip/31.171.154.122 Response headers Cache-Control max-age=2592000, max-age=2629746, public ETag "668eb9e1-1b97" Connection keep-alive Expires Fri, 17 Jan 2025 15:50:15 GMT Accept-Ranges bytes Content-Length 7063 Date Wed, 18 Dec 2024 15:50:15 GMT Content-Type image/svg+xml Last-Modified Wed, 10 Jul 2024 16:42:09 GMT Server nginx
GET H/1.1	200 OK	icon_search.png scamalytics.com/	2 KB 2 KB	78ms 38ms	Image image/png	152.89.76.23 KRYSTAL Krystal H...
General Check archive.org Show headers Download Go to Show image Full URL https://scamalytics.com/icon_search.png Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 152.89.76.23 Edison, United States, ASN12488 (KRYSTAL Krystal Hosting Ltd, GB), Reverse DNS www1.scamalytics.katapult.cloud Software nginx / Resource Hash 37df602cc77f5c76cbce6e233a3c516a374cc82e2997f0a1179df5cb5e271dd7 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ip/31.171.154.122 Response headers Cache-Control max-age=2592000, max-age=2629746, public ETag "5c86a789-6ac" Connection keep-alive Expires Fri, 17 Jan 2025 15:50:15 GMT Accept-Ranges bytes Content-Length 1708 Date Wed, 18 Dec 2024 15:50:15 GMT Content-Type image/png Last-Modified Mon, 11 Mar 2019 18:23:05 GMT Server nginx
GET H/1.1	200 OK	db-ip.webp scamalytics.com/	3 KB 3 KB	65ms 31ms	Image image/webp	152.89.76.23 KRYSTAL Krystal H...
General Check archive.org Show headers Download Go to Show image Full URL https://scamalytics.com/db-ip.webp Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 152.89.76.23 Edison, United States, ASN12488 (KRYSTAL Krystal Hosting Ltd, GB), Reverse DNS www1.scamalytics.katapult.cloud Software nginx / Resource Hash bce4de473ca51f0a59c6f74532cf36e0a670f407ea12ebf9541220f75b6c031d Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ip/31.171.154.122 Response headers ETag "6662efa2-b68" Connection keep-alive Accept-Ranges bytes Content-Length 2920 Date Wed, 18 Dec 2024 15:50:15 GMT Content-Type image/webp Last-Modified Fri, 07 Jun 2024 11:31:46 GMT Server nginx
GET H/1.1	200 OK	ip2proxy_header.webp scamalytics.com/	1 KB 2 KB	78ms 33ms	Image image/webp	152.89.76.23 KRYSTAL Krystal H...
General Check archive.org Show headers Download Go to Show image Full URL https://scamalytics.com/ip2proxy_header.webp Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 152.89.76.23 Edison, United States, ASN12488 (KRYSTAL Krystal Hosting Ltd, GB), Reverse DNS www1.scamalytics.katapult.cloud Software nginx / Resource Hash 12cef6c4a80fb459520722a20bb3f7c54df732a46b9e42254f3c53fa456c06b3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ip/31.171.154.122 Response headers ETag "6662efab-5a0" Connection keep-alive Accept-Ranges bytes Content-Length 1440 Date Wed, 18 Dec 2024 15:50:15 GMT Content-Type image/webp Last-Modified Fri, 07 Jun 2024 11:31:55 GMT Server nginx
GET H/1.1	200 OK	twitter.svg scamalytics.com/images/svg/	1 KB 2 KB	88ms 30ms	Image image/svg+xml	152.89.76.23 KRYSTAL Krystal H...
General Check archive.org Show headers Download Go to Show image Full URL https://scamalytics.com/images/svg/twitter.svg Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 152.89.76.23 Edison, United States, ASN12488 (KRYSTAL Krystal Hosting Ltd, GB), Reverse DNS www1.scamalytics.katapult.cloud Software nginx / Resource Hash c9ed8684fbe733c8e9f9d0e06b76d9acf2ec4f550c0b7cff25847eadf22a70d4 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ip/31.171.154.122 Response headers Cache-Control max-age=2592000, max-age=2629746, public ETag "64946c28-4d5" Connection keep-alive Expires Fri, 17 Jan 2025 15:50:15 GMT Accept-Ranges bytes Content-Length 1237 Date Wed, 18 Dec 2024 15:50:15 GMT Content-Type image/svg+xml Last-Modified Thu, 22 Jun 2023 15:43:36 GMT Server nginx
GET H2	200	scamalytics.js Show response cdn4.buysellads.net/pub/	730 KB 184 KB	416ms 136ms	Script application/javascript	24.144.70.77 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 24.144.70.77 Santa Clara, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software srv-sfo3-1 / Resource Hash c4fda510bb7d4b79dd8e90419931d34a1d3f43be703a8710cf9694815276bc24 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control public, max-age=3600, stale-while-revalidate content-encoding br etag 7656a766d751364a1a2e1145b71ab07d9cb91e37 date Wed, 18 Dec 2024 15:50:15 GMT content-type application/javascript vary Accept-Encoding server srv-sfo3-1
GET H2	200	monetization.js Show response m.servedby-buysellads.com/	76 KB 17 KB	179ms 35ms	Script application/javascript	2600:9000:244d:6000:12:352e:e540:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://m.servedby-buysellads.com/monetization.js Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:244d:6000:12:352e:e540:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 4f6dfd1d04c3634a8b8ecb1890d5c461b5cd25e1b1d9a7a2023c5ce47cf33d63 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers x-amz-cf-pop IAD61-P2 content-encoding gzip etag W/"662297620fc328d2fb335565fd03b8f6" age 51741 via 1.1 9a7233ae68a3338294c89b1bf53bc426.cloudfront.net (CloudFront) x-cache Hit from cloudfront x-amz-cf-id 6BnQ8gEYD7mGBEUz00Eu_UjzbHPgjSw1qbt49WjNaOvcp8TZ1iE0yg== date Wed, 18 Dec 2024 01:27:55 GMT content-type application/javascript vary accept-encoding server AmazonS3 last-modified Wed, 08 May 2024 18:33:12 GMT x-amz-server-side-encryption AES256
POST H2	204	collect www.google-analytics.com/g/	0 0	109ms 40ms	Fetch text/plain	2607:f8b0:4004:c17::8b GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/g/collect?v=2&tid=G-XYDQLQEZ30&gtm=45je4cc1v9123002285za200&_p=1734537015192&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&cid=950709372.1734537015&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1734537015&sct=1&seg=0&dl=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&dt=31.171.154.122%20(%20Keminet%20SHPK%20)%20Fraud%20Risk&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=472 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-XYDQLQEZ30 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c17::8b Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0 report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],} expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin https://scamalytics.com cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:15 GMT content-type text/plain server Golfe2
GET H2	200	CW7D6K7W.json Show response srv.buysellads.com/ads/	941 B 581 B	33ms 32ms	Fetch application/json	159.203.151.34 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://srv.buysellads.com/ads/CW7D6K7W.json?segment=placement:scamalyticscom&v=true Requested by Host: m.servedby-buysellads.com URL: https://m.servedby-buysellads.com/monetization.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 159.203.151.34 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software srv-nyc3-0 / Resource Hash e57ba5cf28bfa8c955e5452f6c38b4f83c93eea8ea4a110108948fa4f207764b Request headers x-origin https://scamalytics.com/ip/31.171.154.122 Referer https://scamalytics.com/ User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 x-client monetization.js/20231024 (target:%23responsive_scamalyticscom;script_id:_bsa_srv-CW7D6K7W_0;platforms:desktop%2Cmobile;viewable:true) Response headers content-encoding br access-control-allow-origin * content-length 524 date Wed, 18 Dec 2024 15:50:15 GMT content-type application/json; charset=utf-8 vary Accept-Encoding server srv-nyc3-0 access-control-allow-headers *
OPTIONS H2	200	CW7D6K7W.json srv.buysellads.com/ads/ Frame	0 0	178ms 30ms	Preflight	159.203.151.34 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://srv.buysellads.com/ads/CW7D6K7W.json?segment=placement:scamalyticscom&v=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 159.203.151.34 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software srv-nyc3-0 / Resource Hash Request headers Accept */* Access-Control-Request-Headers x-client,x-origin Access-Control-Request-Method GET Origin https://scamalytics.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-headers * access-control-allow-origin * content-length 0 date Wed, 18 Dec 2024 15:50:15 GMT server srv-nyc3-0 vary Accept-Encoding
GET H2	200	tag Show response btloader.com/	72 KB 23 KB	72ms 25ms	Script application/javascript	2606:4700:10::6816:4ad8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://btloader.com/tag?o=5102648370397184&upapi=true Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:4ad8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0c6a178d0b83598540bcbb926bcf11d12d9ecc90a679e60bc49684a31ed9b302 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers x-robots-tag noindex, nofollow cache-control public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300 content-encoding gzip cf-cache-status HIT etag "f6932ecacd9ba3f9cdbd12d009155eca" age 2680 via 1.1 google cf-ray 8f404ebdd836a251-YUL accept-ranges bytes content-length 23474 date Wed, 18 Dec 2024 15:50:15 GMT content-type application/javascript last-modified Wed, 18 Dec 2024 15:03:09 GMT vary Origin, Accept-Encoding server cloudflare
GET H3	200	gpt.js Show response securepubads.g.doubleclick.net/tag/js/	104 KB 33 KB	146ms 50ms	Script text/javascript	142.251.167.156 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/tag/js/gpt.js Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.167.156 Farmingdale, United States, ASN15169 (GOOGLE, US), Reverse DNS ww-in-f156.1e100.net Software cafe / Resource Hash 12fd70b138594913c1b6eb6dcecf05e57d300130f7a04745f4b54463378133fc Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding br etag 789 / 20075 / m202412090101 / config-hash: 16775640167977932469 x-content-type-options nosniff expires Wed, 18 Dec 2024 15:50:16 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" date Wed, 18 Dec 2024 15:50:16 GMT content-type text/javascript; charset=UTF-8 vary Accept-Encoding content-disposition attachment; filename="f.txt" cache-control private, max-age=900, stale-while-revalidate=3600 timing-allow-origin * cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 33719 x-xss-protection 0 server cafe
GET H3	200	px.gif Show response bt.dns-finder.com/	43 B 1 KB	106ms 36ms	Fetch image/gif	172.67.134.120 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bt.dns-finder.com/px.gif Requested by Host: btloader.com URL: https://btloader.com/tag?o=5102648370397184&upapi=true Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.134.120 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers x-goog-metageneration 2 x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 182 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ly4B9z%2FH%2Bw2mMmZxDuDimeaCNFJ%2FRCCNl1fFh86N%2FVmSWWYPjyAQ6VrRIsbjP8T98QIz3CT5qh4gCy32%2BBA6m0oTHeGOt07S7dt1DS6uBMPYWUTlvhybz88GNAnCxNMRNyLiYA%3D%3D"}],"group":"cf-nel","max_age":604800} x-goog-stored-content-encoding identity expires Wed, 18 Dec 2024 16:47:14 GMT alt-svc h3=":443"; ma=86400 x-goog-stored-content-length 43 server-timing cfL4;desc="?proto=QUIC&rtt=23392&min_rtt=23371&rtt_var=8779&sent=10&recv=8&lost=0&retrans=0&sent_bytes=4085&recv_bytes=5510&delivery_rate=138069&cwnd=12000&unsent_bytes=0&cid=8ce11e200d20bcdc&ts=39&x=1", cfExtPri, cfHdrFlush;dur=0 date Wed, 18 Dec 2024 15:50:16 GMT content-type image/gif last-modified Fri, 19 Jul 2024 16:36:17 GMT vary Accept-Encoding priority u=1,i x-guploader-uploadid AFiumC5pud--GnIBW6XipVLF0dkCe2nDgWqlKGKdxABzYZaQ1bX-nFl11KXOwbAWYZt5aJggvoI cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-goog-storage-class STANDARD cf-ray 8f404ebe78b5ac6c-YYZ accept-ranges bytes x-goog-generation 1721406977485562 content-length 43 server cloudflare
GET H2	200	px.gif ad-delivery.net/	43 B 1 KB	80ms 29ms	Image image/gif	2606:4700:20::681a:346 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ad-delivery.net/px.gif?ch=2 Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1694465 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BxHnoUUXN%2B8wgafc30XWxV8D1piF0woChqbtPQ9gjTiUCTXmdXpETuNNcMrurAF6GV5sVsiuLowzTlLmKX8xeiZyDOj1%2FpQuEgAJFOMjQobvwg6VRDDIgNIUyR5KRy6hCJwnH9JNJ06a8EtjiQ%3D%3D"}],"group":"cf-nel","max_age":604800} x-goog-stored-content-encoding identity expires Fri, 29 Nov 2024 01:18:18 GMT server-timing cfL4;desc="?proto=TCP&rtt=16305&min_rtt=16277&rtt_var=3484&sent=8&recv=12&lost=0&retrans=0&sent_bytes=4029&recv_bytes=2405&delivery_rate=236923&cwnd=252&unsent_bytes=0&cid=a999e65c62b8ae39&ts=36&x=0" x-goog-stored-content-length 43 date Wed, 18 Dec 2024 15:50:16 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT vary Accept-Encoding x-guploader-uploadid AFiumC53XsXI1k3JCi-5Be-JdbbhosVGwpmyk7bWj1ztFXh14MijEx6quuYb4XP9yWrK01AJ9rA cache-control public, max-age=86400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-goog-storage-class MULTI_REGIONAL cf-ray 8f404ebe5bf86e08-YUL accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H3	200	favicon.ico ad.doubleclick.net/	1 KB 130 B	70ms 32ms	Image image/x-icon	142.251.167.149 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.167.149 Farmingdale, United States, ASN15169 (GOOGLE, US), Reverse DNS ww-in-f149.1e100.net Software sffe / Resource Hash d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding gzip age 76176 report-to {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]} x-content-type-options nosniff expires Wed, 18 Dec 2024 18:40:40 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Tue, 17 Dec 2024 18:40:40 GMT last-modified Tue, 08 May 2012 13:08:06 GMT content-type image/x-icon vary Accept-Encoding cache-control public, max-age=86400 cross-origin-resource-policy cross-origin accept-ranges bytes access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="ads-doubleclick-media" content-length 104 x-xss-protection 0 server sffe
GET H2	200	px.gif ad-delivery.net/	43 B 487 B	80ms 30ms	Image image/gif	2606:4700:20::681a:346 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ad-delivery.net/px.gif?ch=1&e=0.7650511595515181 Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1694465 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F2fj3fmKyEhTqsvi1L6rVZTtddCs5Cl6HBlTvffIXJbyZBE9CmVGzlx7QPucuqYZAnGdT3LX2WF6pZkDRP9xWdYw8mk4q0Uqz1fKmhDeG9NkL3pnJzTNCbgTMytZgdUKQ97G6MXh9QDhfiefJQ%3D%3D"}],"group":"cf-nel","max_age":604800} x-goog-stored-content-encoding identity expires Fri, 29 Nov 2024 01:18:18 GMT server-timing cfL4;desc="?proto=TCP&rtt=16305&min_rtt=16277&rtt_var=3484&sent=11&recv=12&lost=0&retrans=0&sent_bytes=5171&recv_bytes=2405&delivery_rate=236923&cwnd=252&unsent_bytes=0&cid=a999e65c62b8ae39&ts=38&x=0" x-goog-stored-content-length 43 date Wed, 18 Dec 2024 15:50:16 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT vary Accept-Encoding x-guploader-uploadid AFiumC53XsXI1k3JCi-5Be-JdbbhosVGwpmyk7bWj1ztFXh14MijEx6quuYb4XP9yWrK01AJ9rA cache-control public, max-age=86400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-goog-storage-class MULTI_REGIONAL cf-ray 8f404ebe5bfa6e08-YUL accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H3	200	px.gif Show response bt.dns-finder.com/	43 B 0	106ms 106ms	Fetch image/gif	172.67.134.120 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://bt.dns-finder.com/px.gif Requested by Host: btloader.com URL: https://btloader.com/tag?o=5102648370397184&upapi=true Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.134.120 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers x-goog-metageneration 2 x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 182 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ly4B9z%2FH%2Bw2mMmZxDuDimeaCNFJ%2FRCCNl1fFh86N%2FVmSWWYPjyAQ6VrRIsbjP8T98QIz3CT5qh4gCy32%2BBA6m0oTHeGOt07S7dt1DS6uBMPYWUTlvhybz88GNAnCxNMRNyLiYA%3D%3D"}],"group":"cf-nel","max_age":604800} x-goog-stored-content-encoding identity expires Wed, 18 Dec 2024 16:47:14 GMT alt-svc h3=":443"; ma=86400 x-goog-stored-content-length 43 server-timing cfL4;desc="?proto=QUIC&rtt=23392&min_rtt=23371&rtt_var=8779&sent=10&recv=8&lost=0&retrans=0&sent_bytes=4085&recv_bytes=5510&delivery_rate=138069&cwnd=12000&unsent_bytes=0&cid=8ce11e200d20bcdc&ts=39&x=1", cfExtPri, cfHdrFlush;dur=0 date Wed, 18 Dec 2024 15:50:16 GMT content-type image/gif last-modified Fri, 19 Jul 2024 16:36:17 GMT vary Accept-Encoding priority u=1,i x-guploader-uploadid AFiumC5pud--GnIBW6XipVLF0dkCe2nDgWqlKGKdxABzYZaQ1bX-nFl11KXOwbAWYZt5aJggvoI cache-control public, max-age=14400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-goog-storage-class STANDARD cf-ray 8f404ebe78b5ac6c-YYZ accept-ranges bytes x-goog-generation 1721406977485562 content-length 43 server cloudflare
GET H2	200	px.gif ad-delivery.net/	43 B 493 B	81ms 31ms	Image image/gif	2606:4700:20::681a:346 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://ad-delivery.net/px.gif?ch=1&e=0.723528799582787 Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:346 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers x-goog-metageneration 5 access-control-expose-headers *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace x-goog-hash crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== cf-cache-status HIT etag "ad4b0f606e0f8465bc4c4c170b37e1a3" age 1694465 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XTixaD5CGthyhIUidXZk0dVnAmwVesX1BCvpSBDwdg5x4KYSi5VedpP93mTsuvGKWjgnRtwcYYVHY%2F4TzVFRcc8Z70%2B4%2FG8hL3n1vGGzYDM8n9E79Ke1i8Lr0EDbarvwpX%2Ba%2Ba%2Bibq2meR9u0A%3D%3D"}],"group":"cf-nel","max_age":604800} x-goog-stored-content-encoding identity expires Fri, 29 Nov 2024 01:18:18 GMT server-timing cfL4;desc="?proto=TCP&rtt=16305&min_rtt=16277&rtt_var=3484&sent=13&recv=12&lost=0&retrans=0&sent_bytes=5724&recv_bytes=2405&delivery_rate=236923&cwnd=252&unsent_bytes=0&cid=a999e65c62b8ae39&ts=39&x=0" x-goog-stored-content-length 43 date Wed, 18 Dec 2024 15:50:16 GMT content-type image/gif last-modified Wed, 05 May 2021 19:25:32 GMT vary Accept-Encoding x-guploader-uploadid AFiumC53XsXI1k3JCi-5Be-JdbbhosVGwpmyk7bWj1ztFXh14MijEx6quuYb4XP9yWrK01AJ9rA cache-control public, max-age=86400 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} x-goog-storage-class MULTI_REGIONAL cf-ray 8f404ebe5bfd6e08-YUL accept-ranges bytes access-control-allow-origin * x-goog-generation 1620242732037093 content-length 43 server cloudflare
GET H3	200	pubads_impl.js Show response securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/	492 KB 153 KB	33ms 32ms	Script text/javascript	142.251.167.156 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/pubads_impl.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.167.156 Farmingdale, United States, ASN15169 (GOOGLE, US), Reverse DNS ww-in-f156.1e100.net Software cafe / Resource Hash 04d85fdaa240e9c6964c1b3afe75b8802720a8d9a98e6c35f346f599b1113af4 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding br etag 5395541545685299795 age 19943 x-content-type-options nosniff expires Thu, 18 Dec 2025 10:17:53 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" date Wed, 18 Dec 2024 10:17:53 GMT content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 vary Accept-Encoding cache-control public, immutable, max-age=31536000 timing-allow-origin * cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 156760 x-xss-protection 0 server cafe
GET H2	200	country Show response api.btloader.com/	37 B 153 B	127ms 48ms	Fetch application/json	130.211.23.194 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.btloader.com/country?o=5102648370397184 Requested by Host: btloader.com URL: https://btloader.com/tag?o=5102648370397184&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 194.23.211.130.bc.googleusercontent.com Software / Resource Hash 63c8a71e02dad8f567226247d5694840937f61e94ddb0c49288e8e68873c6097 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control private, max-age=300, stale-while-revalidate=600, stale-if-error=600 via 1.1 google access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 37 date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json vary Origin
GET H2	204	pv Show response api.btloader.com/	0 128 B	124ms 48ms	XHR text/plain	130.211.23.194 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://api.btloader.com/pv?tid=WcKyoXA4UV-0vD5TmaE-93da7672ba&w=5167574358949888&o=5102648370397184&cv=2.1.66&widget=false&r=false&vr=1600x1200&pageURL=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&sid=r5LM0bKB-qQ5AJ9SF-93da7672ba&pm=true&upapi=true Requested by Host: btloader.com URL: https://btloader.com/tag?o=5102648370397184&upapi=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 130.211.23.194 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 194.23.211.130.bc.googleusercontent.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers via 1.1 google access-control-allow-origin * cache-control no-cache, no-store, must-revalidate alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:16 GMT vary Origin
GET H3	200	gpt securepubads.g.doubleclick.net/pagead/managed/dict/m202412050101/	63 KB 22 KB	34ms 32ms	Other text/plain	142.251.167.156 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/pagead/managed/dict/m202412050101/gpt Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.167.156 Farmingdale, United States, ASN15169 (GOOGLE, US), Reverse DNS ww-in-f156.1e100.net Software cafe / Resource Hash 3afadb2c1b557e72372f35ddac45c9638faa3de842363f36e560ab7d1045b32a Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer Response headers content-encoding br etag 4443559573512225521 age 19943 x-content-type-options nosniff expires Thu, 19 Dec 2024 10:17:53 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" date Wed, 18 Dec 2024 10:17:53 GMT content-type text/plain; charset=UTF-8 vary Accept-Encoding cache-control public, max-age=86400, stale-while-revalidate=7200 timing-allow-origin * cross-origin-resource-policy cross-origin access-control-allow-origin * content-length 22952 x-xss-protection 0 server cafe use-as-dictionary match="/gampad/ads", id="m202412050101"
GET H2	200	22960212090 Show response fundingchoicesmessages.google.com/i/	197 KB 65 KB	189ms 73ms	Script application/javascript	2607:f8b0:4004:c0b::66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fundingchoicesmessages.google.com/i/22960212090?ers=3 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c0b::66 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash ea2d55df53229ab487c830849c2125b3e01e0bbef0a9ce9695811b184c793bf0 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-FxraQRnf2ytIWSWktJQFlw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding gzip x-content-type-options nosniff expires Mon, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:16 GMT content-type application/javascript; charset=utf-8 x-frame-options SAMEORIGIN reporting-endpoints default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmLw05BikPj6kkkNiJ3SZ7AGAHHrzXOsk4HYaO15VgcgTvp3nrUAiA0VLrHaA7Fj0SVWTyBW7bnEagzE99ddYn0OxB_qL7P-AOIZ5y-zLgDiIokrrA1AzPD1CisHEAvxcOy4172bTWDG7_UHGJU0kvIL45Pz80qKMpNKS_KL0pLTUotTi8pSi-KNDIxMDI0MjfQMDOMLDACQyEWu" content-security-policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-FxraQRnf2ytIWSWktJQFlw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist cache-control no-cache, no-store, max-age=0, must-revalidate timing-allow-origin * cross-origin-opener-policy same-origin pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version cross-origin-resource-policy cross-origin permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=* x-xss-protection 0 server ESF
GET H2	200	AGSKWxXX31co0tjjAbl8D68Hq2o4Xi0Sn7cCIWSGHvoXoHqIai7H8oTOQ5Gem_Ynka4-vOYcqfvajVVxibA2okz7p4YKDSc8fR_rKzWNNBveW530T-wRc8c-V28iQZPuBt-pbSc26IgEAg== Show response fundingchoicesmessages.google.com/f/	3 KB 2 KB	58ms 57ms	Script application/javascript	2607:f8b0:4004:c0b::66 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fundingchoicesmessages.google.com/f/AGSKWxXX31co0tjjAbl8D68Hq2o4Xi0Sn7cCIWSGHvoXoHqIai7H8oTOQ5Gem_Ynka4-vOYcqfvajVVxibA2okz7p4YKDSc8fR_rKzWNNBveW530T-wRc8c-V28iQZPuBt-pbSc26IgEAg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM0NTM3MDE2LDUyNjAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9zY2FtYWx5dGljcy5jb20vaXAvMzEuMTcxLjE1NC4xMjIiLG51bGwsW1s4LCJJTXo1N3ljNWhWdyJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ Requested by Host: URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/am=DAY/d=1/rs=AJlcJMw3zS1wjusUi0gw9griloTCXJzNKw/m=kernel_loader,loader_js_executable Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c0b::66 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash 782d5986ba5db2caca3ba5738e1ed4c9cc6c025c9f9459956216cedb822402f4 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-P8yV1eMJZYU9A2t29wN41g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding gzip x-content-type-options nosniff expires Mon, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:16 GMT content-type application/javascript; charset=utf-8 x-frame-options SAMEORIGIN reporting-endpoints default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmLw1pBikPj6kkkNiJ3SZ7AGAHHrzXOsk4HYaO15VgcgTvp3nrUAiA0VLrHaA7Fj0SVWTyBW7bnEagzE99ddYn0OxB_qL7P-AOIZ5y-zLgDiIokrrA1AzPD1CisHEAvxcOy4172bTeDE6vYeJiWNpPzC-OT8vJKizKTSkvyitOS01OLUorLUongjAyMTQyNDIz0Dw_gCAwB5f0Uw" content-security-policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-P8yV1eMJZYU9A2t29wN41g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist cache-control no-cache, no-store, max-age=0, must-revalidate timing-allow-origin * cross-origin-opener-policy same-origin pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version cross-origin-resource-policy cross-origin permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=* x-xss-protection 0 server ESF
GET H3	200	topics_frame.html securepubads.g.doubleclick.net/static/topics/ Frame 19F6	0 0	103ms 41ms	Document text/html	142.251.167.157 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/static/topics/topics_frame.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/pubads_impl.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.167.157 Farmingdale, United States, ASN15169 (GOOGLE, US), Reverse DNS ww-in-f157.1e100.net Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://scamalytics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes age 1908 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=3000, stale-while-revalidate=3600 content-encoding br content-length 29117 content-type text/html cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" cross-origin-resource-policy cross-origin date Wed, 18 Dec 2024 15:18:28 GMT expires Wed, 18 Dec 2024 16:08:28 GMT last-modified Mon, 09 Dec 2024 20:44:42 GMT report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} server sffe vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
OPTIONS H2	204	openrtb ex.ingage.tech/v1/ Frame	0 0	134ms 50ms	Preflight	2606:4700::6812:1ad8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ex.ingage.tech/v1/openrtb Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1ad8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash Request headers Accept */* Access-Control-Request-Headers content-type Access-Control-Request-Method POST Origin https://scamalytics.com Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers access-control-allow-credentials true access-control-allow-headers content-type access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin https://scamalytics.com access-control-max-age 86400 cf-cache-status DYNAMIC cf-ray 8f404ec2a95c6e02-YUL date Wed, 18 Dec 2024 15:50:16 GMT server cloudflare vary Origin, Access-Control-Request-Headers
GET H2	200	apstag.js Show response c.amazon-adsystem.com/aax2/	345 KB 85 KB	152ms 37ms	Script application/javascript	3.171.86.171 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/aax2/apstag.js Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.171.86.171 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-171-86-171.iad89.r.cloudfront.net Software AmazonS3 / Resource Hash 3bf4f940a69cf7d1af0797f0371ddae937a8274190b22ebe165f0f7223b0e670 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers vary Accept-Encoding cache-control max-age=3600 content-encoding gzip etag W/"812ceba01127f3bf5aede260eaddcd29" age 3465 via 1.1 8ea525de0a543f72f5e5f9278e2150b4.cloudfront.net (CloudFront), 1.1 e907cf8941244cce88eeb7bc240528b8.cloudfront.net (CloudFront) x-cache Hit from cloudfront x-amz-cf-id y0Et9auBvm3FbRHPkrsmKJg1Qh_5k1zF46851zdbFyLWMQ7CZx5OJw== date Wed, 18 Dec 2024 14:52:32 GMT content-type application/javascript last-modified Wed, 06 Nov 2024 22:51:07 GMT server AmazonS3 x-amz-cf-pop IAD55-P7, IAD89-P3 x-amz-server-side-encryption AES256
GET H2	200	CWYIK53I.json Show response srv.buysellads.com/ads/	1 KB 589 B	33ms 33ms	Fetch application/json	159.203.151.34 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://srv.buysellads.com/ads/CWYIK53I.json?forcebanner=564861&ignoretargeting=yes Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 159.203.151.34 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software srv-nyc3-0 / Resource Hash a2afb46c19cc1a94a60255ae0cb5046e47e6a677d6aa43cc312b04c8a7b46451 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding br access-control-allow-origin * content-length 535 date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json; charset=utf-8 vary Accept-Encoding server srv-nyc3-0 access-control-allow-headers *
GET H/1.1	200 OK	localstore.js Show response script.4dex.io/	1 KB 2 KB	111ms 26ms	Script text/javascript	2606:4700:20::681a:8a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.4dex.io/localstore.js Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers Content-Encoding br CF-Cache-Status HIT ETag W/"00a8e13a83b2bbab51af8e55f52be363" Age 12125 Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UiJBB7%2B2OGstEbb5NN6m1z8xeC7hQKQOKY3wzeJCNar1iialmNr9D%2BALEdyWAMw%2Fl2JYkwdUHfzYQUiCUtg%2F%2BNOAaiSWLgx2B0MafQSjmbhbl%2FzSEidcU%2Fi4YUI%2Bfo9JEENiTEciGlfUCNqC"}],"group":"cf-nel","max_age":604800} server-timing cfL4;desc="?proto=TCP&rtt=16390&min_rtt=16326&rtt_var=3474&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3473&recv_bytes=2266&delivery_rate=237154&cwnd=252&unsent_bytes=0&cid=3e4c9a51e43d8003&ts=32&x=0" Date Wed, 18 Dec 2024 15:50:16 GMT Content-Type text/javascript Last-Modified Tue, 10 Dec 2024 11:30:51 GMT Vary Accept-Encoding Transfer-Encoding chunked Cache-Control max-age=1800 NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Connection keep-alive CF-RAY 8f404ec258c6a2fc-YUL Server cloudflare
POST H2	200	hb-multi Show response hb.yellowblue.io/	82 B 626 B	153ms 33ms	Fetch application/json	3.167.112.81 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://hb.yellowblue.io/hb-multi Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.167.112.81 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-167-112-81.iad55.r.cloudfront.net Software istio-envoy / Resource Hash 82b4b3d9155d56daa6f44ba11ec233083e799e133c404fa8ab8b236656d3662c Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers content-encoding gzip x-envoy-upstream-service-time 1 access-control-allow-credentials true access-control-allow-methods GET, OPTIONS via 1.1 de8b5f44ffbaf97a58ad36dbe4a4a7c0.cloudfront.net (CloudFront) access-control-allow-origin https://scamalytics.com x-cache Miss from cloudfront content-length 107 x-amz-cf-id qacuwFjXrS-DBSzzvY0GcpVKuCdK-Oq3SM7VAQe9im426XgwkyV70w== date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json x-amz-cf-pop IAD55-P8 server istio-envoy x-reason maxmind hosting provider access-control-allow-headers Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
POST H/1.1	204 No Content	65e9e879eab3382166f737dc Show response exchange.cootlogix.com/prebid/multi/	0 997 B	450ms 335ms	Fetch	24.144.65.172 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://exchange.cootlogix.com/prebid/multi/65e9e879eab3382166f737dc Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 24.144.65.172 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers access-control-allow-origin https://scamalytics.com cache-control max-age=0, no-cache, must-revalidate, proxy-revalidate date Wed, 18 Dec 2024 15:50:17 GMT access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
POST H/1.1	204 No Content	65e9e879eab3382166f737dc Show response exchange.cootlogix.com/prebid/multi/	0 994 B	528ms 413ms	Fetch	24.144.65.172 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://exchange.cootlogix.com/prebid/multi/65e9e879eab3382166f737dc Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 24.144.65.172 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers access-control-allow-origin https://scamalytics.com cache-control max-age=0, no-cache, must-revalidate, proxy-revalidate date Wed, 18 Dec 2024 15:50:17 GMT access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
POST H/1.1	204 No Content	65e9e879eab3382166f737dc Show response exchange.cootlogix.com/prebid/multi/	0 998 B	487ms 372ms	Fetch	24.144.65.172 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://exchange.cootlogix.com/prebid/multi/65e9e879eab3382166f737dc Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 24.144.65.172 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers access-control-allow-origin https://scamalytics.com cache-control max-age=0, no-cache, must-revalidate, proxy-revalidate date Wed, 18 Dec 2024 15:50:17 GMT access-control-allow-credentials true access-control-allow-headers Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
POST H2	204	cdb Show response bidder.criteo.com/	0 511 B	430ms 345ms	Fetch	2620:100:a00b::30 AS-CRITEO
General Check archive.org Show headers Download Go to Full URL https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.45.0&cb=47860003362&lsavail=1 Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US), Reverse DNS Software Kestrel / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers strict-transport-security max-age=31536000; preload; cross-origin-resource-policy cross-origin access-control-allow-credentials true observe-browsing-topics ?1 access-control-allow-origin https://scamalytics.com date Wed, 18 Dec 2024 15:50:16 GMT vary Origin server Kestrel
POST H2	200	v1 Show response hb-api.omnitagjs.com/hb-api/prebid/	1 KB 894 B	220ms 117ms	Fetch application/json	35.245.40.102 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&PageUrl=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&PageReferrer=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&CanonicalUrl=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122 Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.245.40.102 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 102.40.245.35.bc.googleusercontent.com Software / Resource Hash 579922fa2c774649a859a7ebce342babd2d77903efd968e2d3e20b8d7de37c32 Security Headers Name Value X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers access-control-max-age 3600 content-encoding br access-control-allow-methods OPTIONS, POST x-content-type-options nosniff expires 0 x-kong-proxy-latency 1 p3p CP="CAO PSA OUR" date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json; charset=utf-8 vary Accept-Encoding, Accept-Encoding access-control-allow-headers Accept-Encoding, Content-Type cache-control no-cache, no-store, must-revalidate x-kong-request-id 04226751ad1e8d2b1087a50ef780ce52 pragma no-cache access-control-allow-credentials true via kong/3.6.1 x-kong-upstream-latency 85 access-control-allow-origin https://scamalytics.com
POST H2	200	v2 Show response i.connectad.io/api/	83 B 506 B	163ms 79ms	Fetch application/json	2606:4700:10::6816:36ce CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://i.connectad.io/api/v2 Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:36ce , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 2b059f200e4f9ff2d06398209826272838b002661214682eb2996f4c4dc197f7 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers cache-control no-cache, private content-encoding gzip cf-cache-status DYNAMIC access-control-allow-credentials true cf-ray 8f404ec28aeda2eb-YUL permissions-policy browsing-topics=() access-control-allow-origin https://scamalytics.com alt-svc h3=":443"; ma=86400 p3p CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json vary Accept-Encoding server cloudflare
POST H2	200	prebid Show response ib.adnxs.com/ut/v3/	19 B 710 B	102ms 38ms	Fetch application/json	68.67.160.117 ASN-APPNEX
General Check archive.org Show headers Download Go to Full URL https://ib.adnxs.com/ut/v3/prebid Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.2, ECDHE_ECDSA, AES_128_GCM Server 68.67.160.117 Colonia, United States, ASN29990 (ASN-APPNEX, US), Reverse DNS 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net Software nginx/1.23.4 / Resource Hash 0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5 Security Headers Name Value X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers cache-control no-store, no-cache, private pragma no-cache accept-ch Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness access-control-allow-credentials true x-proxy-origin 167.114.209.103; 167.114.209.103; 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com expires Sat, 15 Nov 2008 16:00:00 GMT access-control-allow-origin https://scamalytics.com an-x-request-uuid ef5a575a-787c-4831-bb56-9f23bdaba2cc content-length 19 p3p policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" date Wed, 18 Dec 2024 15:50:16 GMT x-xss-protection 0 content-type application/json; charset=utf-8 server nginx/1.23.4
POST H2	204	hb Show response rt.marphezis.com/	0 267 B	419ms 335ms	Fetch	146.190.197.85 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://rt.marphezis.com/hb Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 146.190.197.85 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers access-control-max-age 86400 access-control-expose-headers Content-Length cache-control no-store pragma no-cache access-control-allow-credentials true access-control-allow-methods GET,POST,PUT,DELETE,OPTIONS expires 0 access-control-allow-origin https://scamalytics.com date Wed, 18 Dec 2024 15:50:16 GMT access-control-allow-headers Content-Type, Authorization, X-Requested-With
POST H2	200	prebid-request Show response onetag-sys.com/	15 B 412 B	129ms 62ms	Fetch application/json	51.222.39.186 OVH OVH SAS
General Check archive.org Show headers Download Go to Full URL https://onetag-sys.com/prebid-request Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 51.222.39.186 , Canada, ASN16276 (OVH OVH SAS, FR), Reverse DNS ip186.ip-51-222-39.net Software / Resource Hash 663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707 Security Headers Name Value Strict-Transport-Security max-age=15552000 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers strict-transport-security max-age=15552000 cache-control no-transform, no-cache content-encoding gzip access-control-allow-credentials true access-control-allow-origin https://scamalytics.com alt-svc h3=":443"; ma=900, h3-29=":443"; ma=900 p3p CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR' content-length 41 content-type application/json access-control-allow-headers content-type, origin, referer, user-agent
POST H2	204	translator Show response hbopenbid.pubmatic.com/	0 112 B	169ms 38ms	Fetch	207.65.37.179 AS-PUBMATIC
General Check archive.org Show headers Download Go to Full URL https://hbopenbid.pubmatic.com/translator?source=prebid-client Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 207.65.37.179 , United States, ASN62713 (AS-PUBMATIC, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers cache-control no-cache, no-store, must-revalidate access-control-allow-origin https://scamalytics.com date Wed, 18 Dec 2024 15:50:16 GMT access-control-allow-credentials true
POST H2	200	prebid Show response prebid.media.net/rtb/	2 KB 1 KB	234ms 174ms	Fetch application/json	34.120.63.153 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://prebid.media.net/rtb/prebid?cid=8CU18831I Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 153.63.120.34.bc.googleusercontent.com Software envoy / Resource Hash 648dc8057fe28da3404dcfc62f8a2aa25108cca19f7d3873102060fadab884cb Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers cache-control max-age=0, no-cache, no-store, must-revalidate content-encoding gzip pragma no-cache accept-ch Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model x-envoy-upstream-service-time 128 access-control-allow-credentials true via 1.1 google expires Wed, 18 Dec 2024 15:50:16 GMT access-control-allow-origin https://scamalytics.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 817 date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json;charset=utf-8 server envoy
GET H2	200	imp Show response g2.gumgum.com/hbid/	663 B 847 B	122ms 39ms	Fetch application/json	52.2.204.106 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://g2.gumgum.com/hbid/imp?displaymanager=Prebid.js%20-%20gumgum&displaymanagerver=8.45.0&lt=1734537016631&to=480&aun=bsa-zone_1708496684202-2_123456&gpid=%2F22960212090%2C23071784392%2FScamalytics_S2S_Fixedfooter_ROS%23bsa-zone_1708496684202-2_123456&t=2pjmfhs4&pi=2&schain=1.0%2C1!buysellads.com%2C17758%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.45.0%22%7D&ogu=null&ns=10240 Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.2.204.106 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-2-204-106.compute-1.amazonaws.com Software nginx / Resource Hash 48f8ff6d0fe2c07a15bef2b8eb0fb30e07a52b97c62188e99e97d57d25f16a1e Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers cache-control private, no-store, must-revalidate, max-age=0 timing-allow-origin * content-encoding gzip pragma no-cache access-control-allow-credentials true expires 0 access-control-allow-origin https://scamalytics.com date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json;charset=UTF-8 server nginx
GET H2	200	imp Show response g2.gumgum.com/hbid/	449 B 702 B	123ms 40ms	Fetch application/json	52.2.204.106 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://g2.gumgum.com/hbid/imp?displaymanager=Prebid.js%20-%20gumgum&displaymanagerver=8.45.0&lt=1734537016631&to=480&aun=bsa-zone_1729764394974-7_123456&gpid=%2F22960212090%2C23071784392%2FScamalytics_S2S_LeftSidebar_ROS%23bsa-zone_1729764394974-7_123456&t=2pjmfhs4&pi=3&maxw=160&maxh=600&si=1223875&bf=120x600%2C160x600&schain=1.0%2C1!buysellads.com%2C17758%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.45.0%22%7D&ogu=null&ns=10240 Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.2.204.106 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-2-204-106.compute-1.amazonaws.com Software nginx / Resource Hash abf5f52f3c4304677503a147f06167da08f194fd2d01a5bfef77e2b67d3ae099 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers cache-control private, no-store, must-revalidate, max-age=0 timing-allow-origin * content-encoding gzip pragma no-cache access-control-allow-credentials true expires 0 access-control-allow-origin https://scamalytics.com date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json;charset=UTF-8 server nginx
GET H2	200	imp Show response g2.gumgum.com/hbid/	449 B 704 B	119ms 37ms	Fetch application/json	52.2.204.106 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://g2.gumgum.com/hbid/imp?displaymanager=Prebid.js%20-%20gumgum&displaymanagerver=8.45.0&lt=1734537016631&to=480&aun=bsa-zone_1729764580046-9_123456&gpid=%2F22960212090%2C23071784392%2FScamalytics_S2S_RightSidebar_ROS%23bsa-zone_1729764580046-9_123456&t=2pjmfhs4&pi=3&maxw=160&maxh=600&si=1223875&bf=120x600%2C160x600&schain=1.0%2C1!buysellads.com%2C17758%2C1%2C%2C%2C&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%228.45.0%22%7D&ogu=null&ns=10240 Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.2.204.106 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-2-204-106.compute-1.amazonaws.com Software nginx / Resource Hash 46823c840be7a7a993a689dbfd76836214f62772d57e02e77cfa12af0ed1e809 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers cache-control private, no-store, must-revalidate, max-age=0 timing-allow-origin * content-encoding gzip pragma no-cache access-control-allow-credentials true expires 0 access-control-allow-origin https://scamalytics.com date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json;charset=UTF-8 server nginx
GET H2	200	fastlane.json Show response fastlane.rubiconproject.com/a/api/	453 B 804 B	155ms 34ms	Fetch application/json	2602:803:c002:200::32 RUBICONPROJECT
General Check archive.org Show headers Download Go to Full URL https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=532750&zone_id=3259904&size_id=2&alt_size_ids=1%2C55&rp_schain=1.0,1!buysellads.com,17758,1,,,&rf=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&tg_i.domain=scamalytics.com&tg_i.page=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&tg_i.pbadslot=%2F22960212090%2C23071784392%2FScamalytics_S2S_Fixedfooter_ROS%23bsa-zone_1708496684202-2_123456&tk_flint=pbjs_lite_v8.45.0&l_pb_bid_id=564e75559b29568&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22960212090%2C23071784392%2FScamalytics_S2S_Fixedfooter_ROS%23bsa-zone_1708496684202-2_123456&m_ch_mobile=%3F0&slots=1&rand=0.08256982320690676 Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software nginx/1.27.2 / Resource Hash 6aea66bff4b25774a94e766d477341f19869963a876debd2d91a1c494693948a Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache access-control-allow-credentials true expires Wed, 17 Sep 1975 21:32:10 GMT access-control-allow-origin https://scamalytics.com content-length 453 date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json vary Accept-Encoding server nginx/1.27.2
GET H2	200	fastlane.json Show response fastlane.rubiconproject.com/a/api/	450 B 800 B	151ms 34ms	Fetch application/json	2602:803:c002:200::32 RUBICONPROJECT
General Check archive.org Show headers Download Go to Full URL https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=532750&zone_id=3259904&size_id=9&alt_size_ids=8&rp_schain=1.0,1!buysellads.com,17758,1,,,&rf=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&tg_i.domain=scamalytics.com&tg_i.page=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&tg_i.pbadslot=%2F22960212090%2C23071784392%2FScamalytics_S2S_LeftSidebar_ROS%23bsa-zone_1729764394974-7_123456&tk_flint=pbjs_lite_v8.45.0&l_pb_bid_id=576299a942eeb79&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22960212090%2C23071784392%2FScamalytics_S2S_LeftSidebar_ROS%23bsa-zone_1729764394974-7_123456&m_ch_mobile=%3F0&slots=1&rand=0.46150492761651307 Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software nginx/1.27.2 / Resource Hash 53da5df5ca8bddb9348e3533cb616f2919ab62e86953c4de5c3d26169bcf7055 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache access-control-allow-credentials true expires Wed, 17 Sep 1975 21:32:10 GMT access-control-allow-origin https://scamalytics.com content-length 450 date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json vary Accept-Encoding server nginx/1.27.2
GET H2	200	fastlane.json Show response fastlane.rubiconproject.com/a/api/	451 B 975 B	151ms 33ms	Fetch application/json	2602:803:c002:200::32 RUBICONPROJECT
General Check archive.org Show headers Download Go to Full URL https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=532750&zone_id=3259904&size_id=9&alt_size_ids=8&rp_schain=1.0,1!buysellads.com,17758,1,,,&rf=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&tg_i.domain=scamalytics.com&tg_i.page=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&tg_i.pbadslot=%2F22960212090%2C23071784392%2FScamalytics_S2S_RightSidebar_ROS%23bsa-zone_1729764580046-9_123456&tk_flint=pbjs_lite_v8.45.0&l_pb_bid_id=58457e02d325d0c&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=%2F22960212090%2C23071784392%2FScamalytics_S2S_RightSidebar_ROS%23bsa-zone_1729764580046-9_123456&m_ch_mobile=%3F0&slots=1&rand=0.642482850467019 Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US), Reverse DNS Software nginx/1.27.2 / Resource Hash 01cc8f7344d639d50538b98b66e5a3ecdbf6d4cb4601890ccc7d97a9ad58a909 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers cache-control no-cache, no-store, max-age=0, must-revalidate pragma no-cache access-control-allow-credentials true expires Wed, 17 Sep 1975 21:32:10 GMT access-control-allow-origin https://scamalytics.com content-length 451 date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json vary Accept-Encoding server nginx/1.27.2
GET H2	200	ROS Show response pbjs.e-planning.net/hb/1/7d9e8/1/scamalytics.com/ Redirect Chain https://pbjs.e-planning.net/pbjs/1/7d9e8/1/scamalytics.com/ROS?rnd=0.7264323921286&e=728x90_0%3A728x90%2C970x90%2C980x90%2C990x90%2C468x60%2B160x600_0%3A160x600%2C120x600%2B160x600_1%3A160x600%2C12... https://pbjs.e-planning.net/hb/1/7d9e8/1/scamalytics.com/ROS?ct=1&r=pbjs&rnd=0.7264323921286&e=728x90_0%3A728x90%2C970x90%2C980x90%2C990x90%2C468x60%2B160x600_0%3A160x600%2C120x600%2B160x600_1%3A16...	98 B 562 B	36ms 36ms	Fetch application/json	172.98.26.245 E-PLANNING-
General Check archive.org Show headers Download Go to Full URL https://pbjs.e-planning.net/hb/1/7d9e8/1/scamalytics.com/ROS?ct=1&r=pbjs&rnd=0.7264323921286&e=728x90_0%3A728x90%2C970x90%2C980x90%2C990x90%2C468x60%2B160x600_0%3A160x600%2C120x600%2B160x600_1%3A160x600%2C120x600&ur=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&pbv=8.45.0&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122 Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H2 Server 172.98.26.245 Ashburn, United States, ASN399668 (E-PLANNING-, US), Reverse DNS ads.us.e-planning.net Software openresty / Resource Hash 693d8a5d3b2e1d29e4ea21882f4e57742ac0f5f153ae245f706319cc756faa83 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control max-age=0, no-cache accept-ch sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-ch-ua-platform-version,sec-ch-ua-full-version,sec-ch-ua-full-version-list,sec-ch-ua-model,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-wow64 access-control-allow-credentials true expires Wed, 18 Dec 2024 15:50:16 GMT x-sid IAD-1220 access-control-allow-origin https://scamalytics.com p3p policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV" content-length 98 date Wed, 18 Dec 2024 15:50:17 GMT content-type application/json server openresty Redirect headers location /hb/1/7d9e8/1/scamalytics.com/ROS?ct=1&r=pbjs&rnd=0.7264323921286&e=728x90_0%3A728x90%2C970x90%2C980x90%2C990x90%2C468x60%2B160x600_0%3A160x600%2C120x600%2B160x600_1%3A160x600%2C120x600&ur=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&pbv=8.45.0&ncb=1&vs=FFF&crs=UTF-8&fr=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122 access-control-allow-credentials true x-sid IAD-1220 access-control-allow-origin https://scamalytics.com p3p policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV" date Wed, 18 Dec 2024 15:50:16 GMT content-type text/html; charset=iso-8859-1 server openresty
POST H2	200	openrtb Show response ex.ingage.tech/v1/	482 B 738 B	178ms 140ms	Fetch application/json	2606:4700::6812:1ad8 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://ex.ingage.tech/v1/openrtb Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1ad8 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash fd032a96e34e20845f13b257272d90ecb01fd34888915f02d863c3d3def34d22 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type application/json Referer https://scamalytics.com/ Response headers content-encoding gzip cf-cache-status DYNAMIC access-control-allow-credentials true cf-ray 8f404ec33da4a273-YUL access-control-allow-origin https://scamalytics.com date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json; charset=utf-8 vary Origin server cloudflare
POST H2	200	v1 Show response prg.smartadserver.com/prebid/	0 239 B	380ms 36ms	Fetch application/json	147.135.119.115 OVH OVH SAS
General Check archive.org Show headers Download Go to Full URL https://prg.smartadserver.com/prebid/v1 Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 147.135.119.115 , United States, ASN16276 (OVH OVH SAS, FR), Reverse DNS ip115.ip-147-135-119.us Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers cache-control no-cache,no-store pragma no-cache access-control-allow-credentials true access-control-allow-origin https://scamalytics.com content-length 0 p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json; charset=UTF-8 vary Origin
POST H2	200	v1 Show response prg.smartadserver.com/prebid/	0 239 B	380ms 36ms	Fetch application/json	147.135.119.115 OVH OVH SAS
General Check archive.org Show headers Download Go to Full URL https://prg.smartadserver.com/prebid/v1 Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 147.135.119.115 , United States, ASN16276 (OVH OVH SAS, FR), Reverse DNS ip115.ip-147-135-119.us Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers cache-control no-cache,no-store pragma no-cache access-control-allow-credentials true access-control-allow-origin https://scamalytics.com content-length 0 p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json; charset=UTF-8 vary Origin
POST H2	200	v1 Show response prg.smartadserver.com/prebid/	0 240 B	376ms 32ms	Fetch application/json	147.135.119.115 OVH OVH SAS
General Check archive.org Show headers Download Go to Full URL https://prg.smartadserver.com/prebid/v1 Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 147.135.119.115 , United States, ASN16276 (OVH OVH SAS, FR), Reverse DNS ip115.ip-147-135-119.us Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers cache-control no-cache,no-store pragma no-cache access-control-allow-credentials true access-control-allow-origin https://scamalytics.com content-length 0 p3p CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo" date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json; charset=UTF-8 vary Origin
POST H2	200	adreq Show response ads.servenobid.com/	639 B 708 B	129ms 33ms	Fetch application/json	159.89.242.139 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://ads.servenobid.com/adreq?cb=10421 Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 159.89.242.139 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software / Resource Hash 0d8c1cefe96c103161caa58f262af10893793bd01f6f28d2a8f0d44b76f7ce91 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 content-type text/plain Referer https://scamalytics.com/ Response headers strict-transport-security max-age=31536000; includeSubDomains access-control-expose-headers AMP-Access-Control-Allow-Source-Origin cache-control no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0 content-encoding gzip access-control-allow-credentials true amp-access-control-allow-source-origin * access-control-allow-origin https://scamalytics.com date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json vary accept-encoding
GET H2	200	CWYIK53I.json Show response srv.buysellads.com/ads/	1 KB 562 B	34ms 33ms	Fetch application/json	159.203.151.34 DIGITALOCEAN-ASN
General Check archive.org Show headers Download Go to Full URL https://srv.buysellads.com/ads/CWYIK53I.json?forcebanner=564861&ignoretargeting=yes Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 159.203.151.34 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US), Reverse DNS Software srv-nyc3-0 / Resource Hash a2afb46c19cc1a94a60255ae0cb5046e47e6a677d6aa43cc312b04c8a7b46451 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding br access-control-allow-origin * content-length 535 date Wed, 18 Dec 2024 15:50:16 GMT content-type application/json; charset=utf-8 vary Accept-Encoding server srv-nyc3-0 access-control-allow-headers *
GET H3	200	AGSKWxUx28U5IWTwRFb8wDkIuvEVqOv4BXjZpNkaSOyKhq_FY2nkSO2PGUXCtUcrzX3E4W1wE13TEe-AdP_gKr2A9JLcFSeWHD6SHjLTpzEIM06KLHIPLi9wLcEqWxAtPi1DygHF4oS9iA== Show response fundingchoicesmessages.google.com/f/	10 KB 4 KB	58ms 57ms	Script application/javascript	172.253.63.102 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fundingchoicesmessages.google.com/f/AGSKWxUx28U5IWTwRFb8wDkIuvEVqOv4BXjZpNkaSOyKhq_FY2nkSO2PGUXCtUcrzX3E4W1wE13TEe-AdP_gKr2A9JLcFSeWHD6SHjLTpzEIM06KLHIPLi9wLcEqWxAtPi1DygHF4oS9iA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM0NTM3MDE2LDY1OTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vc2NhbWFseXRpY3MuY29tL2lwLzMxLjE3MS4xNTQuMTIyIixudWxsLFtbOCwiSU16NTd5YzVoVnciXSxbOSwiZW4tVVMiXSxbMTksIjIiXSxbMTcsIlswXSJdXV0 Requested by Host: URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/am=DAY/d=1/rs=AJlcJMw3zS1wjusUi0gw9griloTCXJzNKw/m=kernel_loader,loader_js_executable Protocol H3 Security QUIC, , AES_128_GCM Server 172.253.63.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS bi-in-f102.1e100.net Software ESF / Resource Hash a87ca986b902525834407ca5b18118d958ee18f1bda59122d14b0f21a339cd84 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-6V-bOP_nBXlnekS-Z9Euqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding gzip x-content-type-options nosniff expires Mon, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:16 GMT content-type application/javascript; charset=utf-8 x-frame-options SAMEORIGIN reporting-endpoints default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmII0JBikPj6kkkLiJ3SZ7CGAHHrzXOs04HYaO15VhcgTvp3nrUEiA0VLrE6A7Fj0SVWTyBW7bnEag7E99ddYn0OxB_qL7P-AOIZ5y-zLgDiIokrrC1AzPD1CisHEAvxcOy4172bTeDCwQWnmZQ0kvIL45Pz80qKMpNKS_KL0pLTUotTi8pSi-KNDIxMDI0MjfQMDOMLDACguEXL" content-security-policy script-src 'report-sample' 'nonce-6V-bOP_nBXlnekS-Z9Euqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport cache-control no-cache, no-store, max-age=0, must-revalidate timing-allow-origin * cross-origin-opener-policy same-origin pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version cross-origin-resource-policy cross-origin permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=* x-xss-protection 0 server ESF
GET H2	200	script.js Show response cadmus.script.ac/dahhc4ozyvjm6/	3 B 239 B	73ms 24ms	Script application/javascript	2606:4700::6812:1691 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cadmus.script.ac/dahhc4ozyvjm6/script.js Requested by Host: script.4dex.io URL: https://script.4dex.io/localstore.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1691 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 101ead936a2281d53dcc064b7e2a2ab0d53b92ef3ef7b34b668673007895c860 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control public,max-age=259200,stale-while-revalidate=86400,stale-if-error=259200 etag W/"601055f6a0c6408859f97b5f0a84bdb88441a80e" age 0 cf-ray 8f404ec2cd83a2c9-YUL content-length 3 date Wed, 18 Dec 2024 15:50:16 GMT content-type application/javascript vary Accept-Encoding server cloudflare last-modified Mon, 01 Jan 2018 00:00:00 GMT
GET H/1.1	200 OK	adagio.js Show response script.4dex.io/a/latest/	62 KB 20 KB	70ms 34ms	Fetch application/javascript	2606:4700:20::681a:8a9 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://script.4dex.io/a/latest/adagio.js Requested by Host: script.4dex.io URL: https://script.4dex.io/localstore.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ec6f691cd52692401c8afdf8e3a90a1cd0db587ead53b25f5d0006df20d4d9c8 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers Access-Control-Expose-Headers Content-Encoding br CF-Cache-Status HIT ETag W/"efc556ed784ef6264762396d06bfd2d7" Age 705634 Report-To {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FuiDmr5wF2Ty3Ki%2B58i%2FKNzzOb9gMc6YVG2mKwzQju48QlaJc5D1pETqUNpmwr9T%2Bxf%2BdEl%2Bneqkcul8V4MwQYpAt57lw4ARuXG6d1WjhN6vEzo3TIa2jjJlp4VURTo2MxE3dY5a1XTxiFqs"}],"group":"cf-nel","max_age":604800} server-timing cfL4;desc="?proto=TCP&rtt=16012&min_rtt=15973&rtt_var=3433&sent=6&recv=9&lost=0&retrans=0&sent_bytes=3474&recv_bytes=2300&delivery_rate=241257&cwnd=252&unsent_bytes=0&cid=cdf54de425a2eb60&ts=36&x=0" Date Wed, 18 Dec 2024 15:50:16 GMT Content-Type application/javascript Last-Modified Tue, 10 Dec 2024 11:27:55 GMT Vary Origin, Accept-Encoding Transfer-Encoding chunked Cache-Control public, max-age=1800 NEL {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Connection keep-alive CF-RAY 8f404ec2bbb933f5-YUL Access-Control-Allow-Origin * Server cloudflare
GET H2	200	747b8b51-ec47-4dee-9823-b2b73124b71f Show response config.aps.amazon-adsystem.com/configs/	563 B 830 B	239ms 32ms	Script application/javascript	18.160.10.17 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://config.aps.amazon-adsystem.com/configs/747b8b51-ec47-4dee-9823-b2b73124b71f Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.160.10.17 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-160-10-17.iad12.r.cloudfront.net Software CloudFront / Resource Hash e8c11be7caa6abbe6afdcffe492b984a03898542faa4ffd099ce12ced33a4832 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control max-age=3600 age 1632 via 1.1 d0d53eedec01ac540f737b5fafb16436.cloudfront.net (CloudFront) x-cache Hit from cloudfront content-length 563 x-amz-cf-id nnTe8FzEKJQfvJhCzaN0AGaDcdqVUTX_FRbspIO5L63fp6ccI6qGpA== date Wed, 18 Dec 2024 15:23:05 GMT content-type application/javascript x-amz-cf-pop IAD12-P3 server CloudFront
GET H2	200	config Show response c.amazon-adsystem.com/cdn/prod/	3 KB 3 KB	36ms 36ms	XHR application/json	3.171.86.171 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fscamalytics.com&pubid=747b8b51-ec47-4dee-9823-b2b73124b71f Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.171.86.171 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-171-86-171.iad89.r.cloudfront.net Software Server / Resource Hash 5943a66cb5417bdb45dc7b02194bb86e3316db02a4e985b09ca706b1e1c62e91 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control max-age=21550, s-maxage=21600 age 13819 access-control-allow-credentials true via 1.1 e907cf8941244cce88eeb7bc240528b8.cloudfront.net (CloudFront) access-control-allow-origin https://scamalytics.com x-cache Hit from cloudfront content-length 2956 x-amz-cf-id nR-I7D_0HruUq31iJHmlZeWRNlbpaa-ttc8NYlGsJpHqk5YKr0jL8A== date Wed, 18 Dec 2024 11:59:57 GMT content-type application/json;charset=UTF-8 x-amz-cf-pop IAD89-P3 server Server
GET H2	200	bid Show response aax.amazon-adsystem.com/e/dtb/	250 B 549 B	362ms 165ms	XHR text/javascript	18.160.16.69 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&pid=5rEJn3G1AM0IZ&cb=0&ws=1600x1200&v=24.1105.2150&t=1500&slots=%5B%7B%22sd%22%3A%22bsa-zone_1708496684202-2_123456%22%2C%22s%22%3A%5B%22728x90%22%2C%22970x90%22%2C%22468x60%22%5D%2C%22sn%22%3A%22%2F22960212090%2C23071784392%2FScamalytics_S2S_Fixedfooter_ROS%22%7D%2C%7B%22sd%22%3A%22bsa-zone_1729764394974-7_123456%22%2C%22s%22%3A%5B%22120x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F22960212090%2C23071784392%2FScamalytics_S2S_LeftSidebar_ROS%22%7D%2C%7B%22sd%22%3A%22bsa-zone_1729764580046-9_123456%22%2C%22s%22%3A%5B%22120x600%22%2C%22160x600%22%5D%2C%22sn%22%3A%22%2F22960212090%2C23071784392%2FScamalytics_S2S_RightSidebar_ROS%22%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22platform%22%3A%7B%22brand%22%3A%22%22%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&schain=1.0%2C1%21buysellads.com%2C17758%2C1%2C%2C%2C%21google.com%2Cpub-9961814823930967%2C1%2C%2C%2C&sm=41b06b6b-52a2-49ae-9536-369d6ff6c62d&pubid=747b8b51-ec47-4dee-9823-b2b73124b71f&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.160.16.69 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-160-16-69.iad12.r.cloudfront.net Software Server / Resource Hash 456383781d972b536cd60ec4b2e8e6e01af501fe330c6500555285c658b54e6c Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding gzip access-control-allow-credentials true via 1.1 c022ca80d7b946eb138dfd2e55c98980.cloudfront.net (CloudFront) access-control-allow-origin https://scamalytics.com x-cache Miss from cloudfront content-length 215 x-amz-cf-id u1Y6mJ4eJtAY8ImGzYCMXLeCbnQSANpcZXj9DfMFVZtPPmaXmeHM1Q== date Wed, 18 Dec 2024 15:50:16 GMT content-type text/javascript;charset=UTF-8 x-amz-cf-pop IAD12-P4 server Server
GET H2	200	config Show response c.amazon-adsystem.com/cdn/prod/	3 KB 0	24ms 24ms	XHR application/json	3.171.86.171 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fscamalytics.com&pubid=747b8b51-ec47-4dee-9823-b2b73124b71f Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.171.86.171 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-171-86-171.iad89.r.cloudfront.net Software Server / Resource Hash 5943a66cb5417bdb45dc7b02194bb86e3316db02a4e985b09ca706b1e1c62e91 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control max-age=21550, s-maxage=21600 age 13819 access-control-allow-credentials true via 1.1 e907cf8941244cce88eeb7bc240528b8.cloudfront.net (CloudFront) access-control-allow-origin https://scamalytics.com x-cache Hit from cloudfront content-length 2956 x-amz-cf-id nR-I7D_0HruUq31iJHmlZeWRNlbpaa-ttc8NYlGsJpHqk5YKr0jL8A== date Wed, 18 Dec 2024 11:59:57 GMT content-type application/json;charset=UTF-8 x-amz-cf-pop IAD89-P3 server Server
GET H2	200	aps_csm.js Show response c.amazon-adsystem.com/bao-csm/aps-comm/	6 KB 3 KB	91ms 30ms	XHR application/javascript	3.171.86.171 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.171.86.171 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-171-86-171.iad89.r.cloudfront.net Software AmazonS3 / Resource Hash 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers access-control-max-age 3000 content-encoding gzip x-amz-version-id r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE etag W/"a4d296427fc806b21335359e398c025c" age 44404 access-control-allow-methods GET x-cache Hit from cloudfront x-amz-cf-id teem_Y5VyA-XuPXBc7FPetZ7PnRhgzRr5LwCqCxdmyUVYvI7ZlKCpA== date Wed, 18 Dec 2024 03:30:13 GMT content-type application/javascript vary Origin,accept-encoding last-modified Thu, 29 Feb 2024 02:13:08 GMT cache-control public, max-age=86400 via 1.1 76981f78ed432cf4780450e6a032d178.cloudfront.net (CloudFront) access-control-allow-origin * x-amz-cf-pop IAD89-P3 server AmazonS3 x-amz-server-side-encryption AES256
GET H2	200	pubcid.min.js Show response secure.cdn.fastclick.net/js/pubcid/latest/	54 KB 17 KB	235ms 70ms	Script application/javascript	23.204.206.35 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.204.206.35 , United States, ASN16625 (AKAMAI-AS, US), Reverse DNS a23-204-206-35.deploy.static.akamaitechnologies.com Software Apache / Resource Hash 43f804d38a294c6df1ce8ee64fb95ad0ff5a8d6d5685d9537df02212668a1dff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control max-age=900 content-encoding gzip etag "d734-5f2f3919e751f-gzip" expires Wed, 18 Dec 2024 16:05:17 GMT accept-ranges bytes content-length 17407 date Wed, 18 Dec 2024 15:50:17 GMT last-modified Mon, 23 Jan 2023 19:40:17 GMT content-type application/javascript server Apache vary Accept-Encoding
GET H2	200	sync.min.js Show response tags.crwdcntrl.net/lt/c/16576/	43 KB 13 KB	197ms 33ms	Script text/javascript	3.167.69.51 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.crwdcntrl.net/lt/c/16576/sync.min.js Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.167.69.51 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-167-69-51.iad61.r.cloudfront.net Software AmazonS3 / Resource Hash 5fd7fc4b8be9c2eeb3efb728f0483d444e4a8db80f0597e4ef7950105638bb08 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers vary Accept-Encoding cache-control public, max-age=86400 content-encoding gzip etag W/"ad78eaf46246cac6849005eb8b50ae6f" age 16838 via 1.1 43f82aacf5a11b46e0b09826f071ae2e.cloudfront.net (CloudFront) x-cache Hit from cloudfront x-amz-cf-id CjlccG0gUSm9fCN2Vls_Ilt0FCRdSbg_8hO1T3uj8sxD8DrJjzITww== date Wed, 18 Dec 2024 11:09:41 GMT content-type text/javascript last-modified Tue, 20 Aug 2024 18:47:23 GMT server AmazonS3 x-amz-cf-pop IAD61-P6 x-amz-server-side-encryption AES256
GET H2	200	ima.js Show response cdn-ima.33across.com/	16 KB 6 KB	201ms 38ms	Script application/javascript	104.18.28.101 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn-ima.33across.com/ima.js Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.18.28.101 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 0ee7d90acfcf61e37a67097a1f97ddb90fd685f3e9dcb6ed34931f2b94713d8d Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control public, max-age=259200 content-encoding gzip cf-cache-status HIT etag W/"671a7171-403e" age 113746 cf-ray 8f404ec45ba7ac81-YYZ expires Sat, 21 Dec 2024 15:50:17 GMT date Wed, 18 Dec 2024 15:50:17 GMT content-type application/javascript last-modified Thu, 24 Oct 2024 16:10:25 GMT vary Accept-Encoding server cloudflare
GET H2	200	hadron.js Show response cdn.hadronid.net/	11 B 323 B	194ms 31ms	Script application/javascript	2606:4700:10::6816:34ad CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&ref=&_it=amazon&partner_id=617 Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:34ad , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a73f5986eb985871284e6e216372de3505634a97229de643216728d0fbfd6227 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control max-age=432000 cf-cache-status HIT etag "ba4f7a703ea78ac1b72b5fe1be4fb407" age 3401 x-amz-request-id FGYXGKTNXP0Z2HDD cf-ray 8f404ec45e6ca2ab-YUL accept-ranges bytes content-length 11 date Wed, 18 Dec 2024 15:50:17 GMT content-type application/javascript last-modified Thu, 05 Dec 2024 20:48:49 GMT vary Accept-Encoding server cloudflare x-amz-id-2 p5rU2ed44g2PX/cfraURNiyx7HSTDdbxUiPbngku7TarfEymeXvmyF1C74vz338clTi3PYkOZq8=
GET H2	200	id5-api.js Show response cdn.id5-sync.com/api/1.0/	100 KB 29 KB	202ms 39ms	Script text/javascript	2606:4700:10::6816:3456 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.id5-sync.com/api/1.0/id5-api.js Requested by Host: scamalytics.com URL: https://scamalytics.com/ip/31.171.154.122 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 04c7f536471e1a16bb37c13fb4959de30d7e897ba4f6d66335b3c25d26289616 Security Headers Name Value Strict-Transport-Security max-age=15552000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers x-amz-id-2 JLAbzcB+wctp90/1WGs0hPk+LsjfjOp31R77N66woL/pt5FWCVHodtBHsuqGAbu08QoqVsL8Hb8= strict-transport-security max-age=15552000; includeSubDomains; preload cache-control public, max-age=3600 content-encoding br cf-cache-status HIT etag W/"4d852428cba0ba1a5108520745060d6e" age 177 x-amz-request-id 15GG6V0E9TCKXVS4 cf-ray 8f404ec45ccf4bc5-YUL date Wed, 18 Dec 2024 15:50:17 GMT content-type text/javascript;charset=utf-8 last-modified Wed, 04 Dec 2024 13:37:28 GMT vary Accept-Encoding server cloudflare x-amz-server-side-encryption AES256
POST H2	200	map Show response bcp.crwdcntrl.net/6/	156 B 613 B	118ms 41ms	XHR application/json	34.228.175.96 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://bcp.crwdcntrl.net/6/map Requested by Host: tags.crwdcntrl.net URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.228.175.96 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-228-175-96.compute-1.amazonaws.com Software Jetty(9.4.38.v20210224) / Resource Hash 05272c744ae8e623cad9b13727b2d5304456561af8856940edfd9319201af018 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://scamalytics.com/ Response headers cache-control no-cache pragma no-cache access-control-allow-credentials true expires 0 access-control-allow-origin https://scamalytics.com p3p CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV content-length 156 date Wed, 18 Dec 2024 15:50:17 GMT content-type application/json;charset=utf-8 x-server 10.40.0.31 server Jetty(9.4.38.v20210224)
POST H2	200	map Show response bcp.crwdcntrl.net/6/	156 B 531 B	152ms 75ms	XHR application/json	34.228.175.96 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://bcp.crwdcntrl.net/6/map Requested by Host: tags.crwdcntrl.net URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.228.175.96 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-34-228-175-96.compute-1.amazonaws.com Software Jetty(9.4.38.v20210224) / Resource Hash 032565edcf6e259174a5903fc198d902bb9c552e5f3b1cd3a80aac8a4df1ab35 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://scamalytics.com/ Response headers cache-control no-cache pragma no-cache access-control-allow-credentials true expires 0 access-control-allow-origin https://scamalytics.com p3p CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV content-length 156 date Wed, 18 Dec 2024 15:50:17 GMT content-type application/json;charset=utf-8 x-server 10.40.8.52 server Jetty(9.4.38.v20210224)
GET H2	200	envelope Show response lexicon.33across.com/v1/ Redirect Chain https://lexicon.33across.com/v1/envelope?pid=0015a0000344WPrAAM&src=aps&ver=1.14.0 https://lexicon.33across.com/v1/envelope?pid=0015a0000344WPrAAM&src=aps&ver=1.14.0&b=1&tp=FullEYz%2F%2FDNLtmtDlDrb7lDgni2Or%2BZGDyTR3g2zoLg%3D	42 B 138 B	34ms 33ms	XHR application/json	35.244.193.51 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://lexicon.33across.com/v1/envelope?pid=0015a0000344WPrAAM&src=aps&ver=1.14.0&b=1&tp=FullEYz%2F%2FDNLtmtDlDrb7lDgni2Or%2BZGDyTR3g2zoLg%3D Protocol H2 Server 35.244.193.51 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 51.193.244.35.bc.googleusercontent.com Software / Resource Hash 435b1ece4a55f4f8d06866b32c1aee3cc4661eb905265894795f15a57bf1b33d Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control private, must-revalidate, max-age=28800 access-control-allow-credentials true via 1.1 google access-control-allow-origin https://scamalytics.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 date Wed, 18 Dec 2024 15:50:17 GMT content-type application/json vary origin Redirect headers cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false location https://lexicon.33across.com/v1/envelope?pid=0015a0000344WPrAAM&src=aps&ver=1.14.0&b=1&tp=FullEYz%2F%2FDNLtmtDlDrb7lDgni2Or%2BZGDyTR3g2zoLg%3D access-control-allow-credentials true referrer-policy unsafe-url via 1.1 google expires Sat, 26 Jul 1997 05:00:00 GMT access-control-allow-origin https://scamalytics.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 date Wed, 18 Dec 2024 15:50:16 GMT vary origin
GET H3	200	envelope Show response lexicon.33across.com/v1/ Redirect Chain https://lexicon.33across.com/v1/envelope?pid=0015a0000344WPrAAM&src=aps&ver=1.14.0 https://lexicon.33across.com/v1/envelope?pid=0015a0000344WPrAAM&src=aps&ver=1.14.0&b=1&tp=DsQ3kTJkY2SBRyhJYMjjC8ID2a%2BwqGFVkL1Tyx5CzUY%3D	42 B 58 B	35ms 35ms	XHR application/json	35.244.193.51 GOOGLE-CLOUD-PLAT...
General Check archive.org Show headers Download Go to Full URL https://lexicon.33across.com/v1/envelope?pid=0015a0000344WPrAAM&src=aps&ver=1.14.0&b=1&tp=DsQ3kTJkY2SBRyhJYMjjC8ID2a%2BwqGFVkL1Tyx5CzUY%3D Protocol H3 Server 35.244.193.51 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US), Reverse DNS 51.193.244.35.bc.googleusercontent.com Software / Resource Hash 435b1ece4a55f4f8d06866b32c1aee3cc4661eb905265894795f15a57bf1b33d Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control private, must-revalidate, max-age=28800 access-control-allow-credentials true via 1.1 google access-control-allow-origin https://scamalytics.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 date Wed, 18 Dec 2024 15:50:17 GMT content-type application/json vary origin Redirect headers cache-control no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false location https://lexicon.33across.com/v1/envelope?pid=0015a0000344WPrAAM&src=aps&ver=1.14.0&b=1&tp=DsQ3kTJkY2SBRyhJYMjjC8ID2a%2BwqGFVkL1Tyx5CzUY%3D access-control-allow-credentials true referrer-policy unsafe-url via 1.1 google expires Sat, 26 Jul 1997 05:00:00 GMT access-control-allow-origin https://scamalytics.com alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 date Wed, 18 Dec 2024 15:50:16 GMT vary origin
GET H/1.1	200 OK	icon_128.png scamalytics.com/wp-content/uploads/2016/06/	5 KB 5 KB	30ms 29ms	Other image/png	152.89.76.23 KRYSTAL Krystal H...
General Check archive.org Show headers Download Go to Full URL https://scamalytics.com/wp-content/uploads/2016/06/icon_128.png Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 152.89.76.23 Edison, United States, ASN12488 (KRYSTAL Krystal Hosting Ltd, GB), Reverse DNS www1.scamalytics.katapult.cloud Software nginx / Resource Hash 7d076a2f2e1d4d038dc1306ed9a802bd36f4bc129435f0ba293bfea98b3656a3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ip/31.171.154.122 Response headers Cache-Control max-age=2592000, max-age=2629746, public ETag "62794e62-12d0" Connection keep-alive Expires Fri, 17 Jan 2025 15:50:17 GMT Accept-Ranges bytes Content-Length 4816 Date Wed, 18 Dec 2024 15:50:17 GMT Content-Type image/png Last-Modified Mon, 09 May 2022 17:24:50 GMT Server nginx
GET H/1.1	200 OK	icon_128.png scamalytics.com/wp-content/uploads/2016/06/	5 KB 0	0ms 0ms	Other image/png	152.89.76.23 KRYSTAL Krystal H...
General Check archive.org Show headers Download Go to Full URL https://scamalytics.com/wp-content/uploads/2016/06/icon_128.png Protocol HTTP/1.1 Security TLS 1.3, , AES_256_GCM Server 152.89.76.23 Edison, United States, ASN12488 (KRYSTAL Krystal Hosting Ltd, GB), Reverse DNS www1.scamalytics.katapult.cloud Software nginx / Resource Hash 7d076a2f2e1d4d038dc1306ed9a802bd36f4bc129435f0ba293bfea98b3656a3 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ip/31.171.154.122 Response headers Cache-Control max-age=2592000, max-age=2629746, public ETag "62794e62-12d0" Expires Fri, 17 Jan 2025 15:50:17 GMT Accept-Ranges bytes Content-Length 4816 Date Wed, 18 Dec 2024 15:50:17 GMT Content-Type image/png Last-Modified Mon, 09 May 2022 17:24:50 GMT Server nginx
GET H3	200	sodar Show response ep1.adtrafficquality.google/getconfig/	17 KB 13 KB	86ms 49ms	XHR application/json	142.250.31.155 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202412090101&st=env Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/pubads_impl.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.31.155 , United States, ASN15169 (GOOGLE, US), Reverse DNS bj-in-f155.1e100.net Software cafe / Resource Hash 3ff1a3720e1532c18421670c89aac1227a917db44ff59908c3588f8dd40d9c86 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers timing-allow-origin * content-encoding br cross-origin-resource-policy cross-origin x-content-type-options nosniff access-control-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" content-length 13160 date Wed, 18 Dec 2024 15:50:17 GMT x-xss-protection 0 content-type application/json; charset=UTF-8 content-disposition attachment; filename="f.txt" server cafe
GET H3	200	ads Show response securepubads.g.doubleclick.net/gampad/	277 KB 74 KB	379ms 378ms	Fetch text/plain	142.251.167.156 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2065559028716531&correlator=1958767204048329&eid=31089352%2C95349328&output=ldjh&gdfp_req=1&vrg=202412090101&ptt=17&impl=fifs&gdpr=0&iu_parts=22960212090%3A23071784392%2CScamalytics_S2S_Fixedfooter_ROS%2CScamalytics_S2S_LeftSidebar_ROS%2CScamalytics_S2S_RightSidebar_ROS&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=728x90%7C970x90%7C980x90%7C990x90%7C468x60%2C120x600%7C160x600%2C120x600%7C160x600&ifi=1&didk=2632783816~3751909741~3552911723&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1734537017196&lmt=1734537017&adxs=-12245933%2C37%2C1443&adys=-12245933%2C275%2C275&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=-1%7C0%7C0&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-480&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fscamalytics.com%2Fip%2F31.171.154.122&vis=1&psz=1600x-1%7C160x2441%7C160x2441&msz=0x-1%7C160x600%7C160x600&fws=640%2C0%2C0&ohw=0%2C0%2C0&topics=1&tps=1&htps=10&cbidsp=Cu8ECAESEwoEcmlzZRCeASACOAFSBHJpc2USGQoHdmlkYXpvbxCUBCACOAFSB3ZpZGF6b28SFwoGY3JpdGVvEMEDIAI4AVIGY3JpdGVvEh0KCWFkeW91bGlrZRD2AiACOAFSCWFkeW91bGlrZRIdCglhZHlvdWxpa2UQ9gIgAjgBUglhZHlvdWxpa2USHQoJY29ubmVjdGFkENgBIAI4AVIJY29ubmVjdGFkEhoKCGFwcG5leHVzEGwgAjgBUghhcHBuZXh1cxIRCgNvbXMQsAMgAjgBUgNvbXMSFwoGb25ldGFnEIYBIAI4AVIGb25ldGFnEhsKCHB1Ym1hdGljEMgBIAI4AVIIcHVibWF0aWMSGwoIcHVibWF0aWMQyAEgAjgBUghwdWJtYXRpYxIbCghtZWRpYW5ldBDrAiACOAFSCG1lZGlhbmV0EhsKCG1lZGlhbmV0EOsCIAI4AVIIbWVkaWFuZXQSGwoIbWVkaWFuZXQQ6wIgAjgBUghtZWRpYW5ldBIXCgZndW1ndW0QgAEgAjgBUgZndW1ndW0SGQoHcnViaWNvbhDJASACOAFSB3J1Ymljb24SHQoJZXBsYW5uaW5nEIwDIAI4AVIJZXBsYW5uaW5nEh8KCmluc3RpY2F0b3IQ4AIgAjgBUgppbnN0aWNhdG9yEiUKDXNtYXJ0YWRzZXJ2ZXIQhQMgAjgBUg1zbWFydGFkc2VydmVyEhUKBW5vYmlkELoBIAI4AVIFbm9iaWQYAiIkZjc5MjA4OWUtMzUyYy00ODI2LWFiY2UtYzgxOTUwZDcwMjVlKgQIAyAAMgd2OC40NS4wQNwLSgA.~CtIECAESEwoEcmlzZRCeASACOAFSBHJpc2USGQoHdmlkYXpvbxCUBCACOAFSB3ZpZGF6b28SFwoGY3JpdGVvEMEDIAI4AVIGY3JpdGVvEh0KCWFkeW91bGlrZRD2AiACOAFSCWFkeW91bGlrZRIdCglhZHlvdWxpa2UQ9gIgAjgBUglhZHlvdWxpa2USHQoJY29ubmVjdGFkENgBIAI4AVIJY29ubmVjdGFkEhoKCGFwcG5leHVzEGwgAjgBUghhcHBuZXh1cxIRCgNvbXMQsAMgAjgBUgNvbXMSFwoGb25ldGFnEIYBIAI4AVIGb25ldGFnEhsKCHB1Ym1hdGljEMgBIAI4AVIIcHVibWF0aWMSGwoIcHVibWF0aWMQyAEgAjgBUghwdWJtYXRpYxIbCghtZWRpYW5ldBDrAiACOAFSCG1lZGlhbmV0EhsKCG1lZGlhbmV0EOsCIAI4AVIIbWVkaWFuZXQSFwoGZ3VtZ3VtEIABIAI4AVIGZ3VtZ3VtEhkKB3J1Ymljb24QyQEgAjgBUgdydWJpY29uEh0KCWVwbGFubmluZxCMAyACOAFSCWVwbGFubmluZxIfCgppbnN0aWNhdG9yEOACIAI4AVIKaW5zdGljYXRvchIlCg1zbWFydGFkc2VydmVyEIUDIAI4AVINc21hcnRhZHNlcnZlchIVCgVub2JpZBC6ASACOAFSBW5vYmlkGAIiJDQyYjllZmRkLTFhYmQtNGEzNC1hN2E0LWM3MTk2ODcyNDRjZioECAMgADIHdjguNDUuMEDcC0oA~CtIECAESEwoEcmlzZRCeASACOAFSBHJpc2USGQoHdmlkYXpvbxCUBCACOAFSB3ZpZGF6b28SFwoGY3JpdGVvEMEDIAI4AVIGY3JpdGVvEh0KCWFkeW91bGlrZRD2AiACOAFSCWFkeW91bGlrZRIdCglhZHlvdWxpa2UQ9gIgAjgBUglhZHlvdWxpa2USHQoJY29ubmVjdGFkENgBIAI4AVIJY29ubmVjdGFkEhoKCGFwcG5leHVzEGwgAjgBUghhcHBuZXh1cxIRCgNvbXMQsAMgAjgBUgNvbXMSFwoGb25ldGFnEIYBIAI4AVIGb25ldGFnEhsKCHB1Ym1hdGljEMgBIAI4AVIIcHVibWF0aWMSGwoIcHVibWF0aWMQyAEgAjgBUghwdWJtYXRpYxIbCghtZWRpYW5ldBDrAiACOAFSCG1lZGlhbmV0EhsKCG1lZGlhbmV0EOsCIAI4AVIIbWVkaWFuZXQSFwoGZ3VtZ3VtEIABIAI4AVIGZ3VtZ3VtEhkKB3J1Ymljb24QyQEgAjgBUgdydWJpY29uEh0KCWVwbGFubmluZxCMAyACOAFSCWVwbGFubmluZxIfCgppbnN0aWNhdG9yEOACIAI4AVIKaW5zdGljYXRvchIlCg1zbWFydGFkc2VydmVyEIUDIAI4AVINc21hcnRhZHNlcnZlchIVCgVub2JpZBC6ASACOAFSBW5vYmlkGAIiJDc2MzIwM2RmLTZlOTItNDhkYy05NWY0LTU3Yjc4OWVkZjljYioECAMgADIHdjguNDUuMEDcC0oA&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1734537015170&idt=1035&prev_scp=amznbid%3D2%26amznp%3D2%26optimize_ad_unit_id%3Dbsa-zone_1708496684202-2_123456%26optimize_imp_id%3D1734537017177-531f5cf3%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%7Camznbid%3D2%26amznp%3D2%26optimize_ad_unit_id%3Dbsa-zone_1729764394974-7_123456%26optimize_imp_id%3D1734537017177-358dbbc5%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%7Camznbid%3D2%26amznp%3D2%26optimize_ad_unit_id%3Dbsa-zone_1729764580046-9_123456%26optimize_imp_id%3D1734537017177-51dc91d7%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0&cust_params=amznbid%3D0%26amznp%3D0%26optimize_acceptable%3Dfalse%26optimize_adl_debug%3Dfalse%26optimize_ctv_debug%3Dfalse%26optimize_debug%3Dfalse%26optimize%3Dtrue%26optimize_adl_id%3Dbsa%26optimize_amp%3Dfalse%26optimize_audience%3Dtech%26optimize_env%3Dprod%26optimize_pub%3Dscamalytics%26optimize_xp%3Da%26optimize_refreshed%3Dfalse%26optimize_pathname%3D%252Fip%252F31.171.154.122%26optimize_pv_id%3D1734537017175-2cc22806&adks=1386687424%2C3511805061%2C1539658158&frm=20&eoidce=1&td=1&egid=47805&tan=a48cf7fa-ee6b-4c8c-944d-de4ab5c6ca95%2Ca48cf7fa-ee6b-4c8c-944d-de4ab5c6ca96%2Ca48cf7fa-ee6b-4c8c-944d-de4ab5c6ca97&tdf=2 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/pubads_impl.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.167.156 Farmingdale, United States, ASN15169 (GOOGLE, US), Reverse DNS ww-in-f156.1e100.net Software cafe / Resource Hash 6becd43b612e881ef7088698ca470bfcc8877c28d782bc7281b6738cf43ca5e7 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding dcb google-lineitem-id -1,-1,-1 observe-browsing-topics ?1 x-content-type-options nosniff expires Fri, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" date Wed, 18 Dec 2024 15:50:17 GMT content-type text/plain; charset=UTF-8 google-creative-id -1,-1,-1 cache-control no-cache, must-revalidate timing-allow-origin * pragma no-cache cross-origin-resource-policy cross-origin access-control-allow-credentials true access-control-allow-origin https://scamalytics.com content-length 75384 x-xss-protection 0 server cafe
GET H2	200	container.html 54c7e6e4843aa78b33a75e6474f12928.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 83EC	0 0	137ms 33ms	Document text/html	2607:f8b0:4004:c09::84 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://54c7e6e4843aa78b33a75e6474f12928.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c09::84 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://scamalytics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=300 content-encoding br content-length 2653 content-type text/html cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" cross-origin-resource-policy cross-origin date Wed, 18 Dec 2024 15:50:17 GMT expires Wed, 18 Dec 2024 15:50:17 GMT last-modified Thu, 03 Nov 2022 19:10:08 GMT report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H/1.1	200 OK	iu3 s.amazon-adsystem.com/ Frame 7855 Redirect Chain https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-LoopMe_n-adMediaV1_snb_n-MediaNet_n-Beeswax_smrt_cnv_n-adYouLike_n-adman-v2_n-onetag_n-simpli.fi_rbd_ppt_n-baidu_n-nativo_an-... https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-LoopMe_n-adMediaV1_snb_n-MediaNet_n-Beeswax_smrt_cnv_n-adYouLike_n-adman-v2_n-onetag_n-simpli.fi_rbd_ppt_n-baidu_n-nativo_an-...	0 0	59ms 59ms	Document text/html	98.82.157.231 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-LoopMe_n-adMediaV1_snb_n-MediaNet_n-Beeswax_smrt_cnv_n-adYouLike_n-adman-v2_n-onetag_n-simpli.fi_rbd_ppt_n-baidu_n-nativo_an-db5_n-Rise_n-Outbrain&dcc=t Requested by Host: c.amazon-adsystem.com URL: https://c.amazon-adsystem.com/aax2/apstag.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 98.82.157.231 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-98-82-157-231.compute-1.amazonaws.com Software Server / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=47474747; includeSubDomains; preload Request headers Referer https://scamalytics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers Cache-Control max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0 Connection keep-alive Content-Length 420 Content-Type text/html;charset=ISO-8859-1 Date Wed, 18 Dec 2024 15:50:17 GMT Expires Thu, 01 Jan 1970 00:00:00 GMT Pragma no-cache Server Server Strict-Transport-Security max-age=47474747; includeSubDomains; preload Vary Content-Type,Accept-Encoding,User-Agent p3p policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR" x-amz-rid YNVYJQ301D9694Y1WCTH Redirect headers Cache-Control max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0 Connection keep-alive Content-Length 0 Date Wed, 18 Dec 2024 15:50:17 GMT Expires Thu, 01 Jan 1970 00:00:00 GMT Location https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-LoopMe_n-adMediaV1_snb_n-MediaNet_n-Beeswax_smrt_cnv_n-adYouLike_n-adman-v2_n-onetag_n-simpli.fi_rbd_ppt_n-baidu_n-nativo_an-db5_n-Rise_n-Outbrain&dcc=t Pragma no-cache Server Server Strict-Transport-Security max-age=47474747; includeSubDomains; preload Vary Content-Type,Accept-Encoding,User-Agent p3p policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR" x-amz-rid ZTG1Z1V6AYKZ7FSC9H6E
GET H2	200	sodar2.js Show response ep2.adtrafficquality.google/sodar/	18 KB 7 KB	98ms 32ms	Script text/javascript	2607:f8b0:4004:c06::84 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ep2.adtrafficquality.google/sodar/sodar2.js Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding gzip etag "1727224258380615" report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} x-content-type-options nosniff expires Wed, 18 Dec 2024 15:50:17 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:17 GMT content-type text/javascript vary Accept-Encoding cache-control private, max-age=3000 cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" cross-origin-resource-policy cross-origin accept-ranges bytes content-length 6445 x-xss-protection 0 server sffe
GET H3	200	datomata.widget.js Show response fundingchoicesmessages.google.com/f/AGSKWxXJG7pkv_oBNFFuuYXJaSIEQEC70k1o4WU7-GtaVKbIdW0M5AFACRtSLYfvpSYnFplDiCuJfoROPPkXy0JAX4YrqxeFSBTc89dwQECn0Nb5ADk2Ny9zVkLGdLBnGBM2zVXTQD7Qu-cgHrugV9KOkJ2Cf7XKv...	54 B 109 B	91ms 90ms	Script application/javascript	172.253.63.102 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fundingchoicesmessages.google.com/f/AGSKWxXJG7pkv_oBNFFuuYXJaSIEQEC70k1o4WU7-GtaVKbIdW0M5AFACRtSLYfvpSYnFplDiCuJfoROPPkXy0JAX4YrqxeFSBTc89dwQECn0Nb5ADk2Ny9zVkLGdLBnGBM2zVXTQD7Qu-cgHrugV9KOkJ2Cf7XKvDodhwTnnfaUS8qgxTIg8BaKzfslIhDQ/_/ad125x125./datomata.widget.js?adpartner=/SplashAd_/admicro2. Requested by Host: URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMzvURqnN7XWAIROf2f0Q-7GMaIk_w/m=ad_blocking_detection_executable Protocol H3 Security QUIC, , AES_128_GCM Server 172.253.63.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS bi-in-f102.1e100.net Software ESF / Resource Hash 78717c6c4407d0c20a3a31c9446068b643c2249c23eb099a04026eaa2fce6135 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-6d8n4JBiVxQZRpC67qBmRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding gzip x-content-type-options nosniff expires Mon, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:17 GMT content-type application/javascript; charset=utf-8 x-frame-options SAMEORIGIN reporting-endpoints default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmLw15BikPj6kkkLiJ3SZ7CGAHHrzXOs04HYaO15VhcgTvp3nrUEiA0VLrE6A7Fj0SVWTyBW7bnEag7E99ddYn0OxB_qL7P-AOIZ5y-zLgDiIokrrC1AzPD1CisHEAvxcOy8172bTeDHwQW7GJU0kvIL45Pz80qKMpNKS_KL0pLTUotTi8pSi-KNDIxMDI0MjfQMDOMLDACkikXh" content-security-policy require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-6d8n4JBiVxQZRpC67qBmRA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist cache-control no-cache, no-store, max-age=0, must-revalidate cross-origin-opener-policy same-origin pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version cross-origin-resource-policy cross-origin permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=* x-xss-protection 0 server ESF
GET H3	200	rum.js Show response pagead2.googlesyndication.com/pagead/js/	70 KB 26 KB	33ms 32ms	Script text/javascript	142.251.167.156 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true Requested by Host: URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMzvURqnN7XWAIROf2f0Q-7GMaIk_w/m=ad_blocking_detection_executable Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.167.156 Farmingdale, United States, ASN15169 (GOOGLE, US), Reverse DNS ww-in-f156.1e100.net Software cafe / Resource Hash cf93db5f15fb6b90864ea934827bca87f92e75ad6a3aab83881b1f6777ee8929 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding br etag 82456162888936996 age 2081 x-content-type-options nosniff expires Wed, 18 Dec 2024 16:15:36 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" date Wed, 18 Dec 2024 15:15:36 GMT content-disposition attachment; filename="f.txt" content-type text/javascript; charset=UTF-8 vary Accept-Encoding cache-control public, max-age=3600 timing-allow-origin * cross-origin-resource-policy cross-origin content-length 26167 x-xss-protection 0 server cafe
POST H3	204	AGSKWxUJZPtTxSDKyp5nAC4Hzb7It0ETFMm_daGRYSOr7b9E6kcu401VhsAcX-yWBnDb2oinVJutH7N7ZiGqaxpvqOnyJloSLXqWvkwSUPAyhGDV3I1Fb8_w0ZdM4ZBgwBPK-PWFJ-UcPw== Show response fundingchoicesmessages.google.com/el/	0 28 B	84ms 52ms	XHR text/html	172.253.63.102 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fundingchoicesmessages.google.com/el/AGSKWxUJZPtTxSDKyp5nAC4Hzb7It0ETFMm_daGRYSOr7b9E6kcu401VhsAcX-yWBnDb2oinVJutH7N7ZiGqaxpvqOnyJloSLXqWvkwSUPAyhGDV3I1Fb8_w0ZdM4ZBgwBPK-PWFJ-UcPw== Requested by Host: URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/am=DAY/d=1/rs=AJlcJMw3zS1wjusUi0gw9griloTCXJzNKw/m=kernel_loader,loader_js_executable Protocol H3 Security QUIC, , AES_128_GCM Server 172.253.63.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS bi-in-f102.1e100.net Software ESF / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-lcEq21Ku2t3cb93aDSwzYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain Referer https://scamalytics.com/ Response headers access-control-max-age 86400 access-control-allow-methods POST, GET, OPTIONS x-content-type-options nosniff expires Mon, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:17 GMT content-type text/html; charset=utf-8 x-frame-options SAMEORIGIN reporting-endpoints default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw0JBicEqfwRoCxB_qL7P-AGKGr1dYOYBYiIdj573u3WwCMxo-7GBUcknKL4xPzs8rSc0r0U1MKdYFsYsyk0pL8otQ2KllIBU5-enpmXnp8UYGRiaGRoZGegZm8QUGAPZAKs8" content-security-policy script-src 'report-sample' 'nonce-lcEq21Ku2t3cb93aDSwzYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport cache-control no-cache, no-store, max-age=0, must-revalidate cross-origin-opener-policy same-origin pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version access-control-allow-credentials true permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=* access-control-allow-origin https://scamalytics.com content-length 0 x-xss-protection 0 server ESF
POST H3	204	AGSKWxUJZPtTxSDKyp5nAC4Hzb7It0ETFMm_daGRYSOr7b9E6kcu401VhsAcX-yWBnDb2oinVJutH7N7ZiGqaxpvqOnyJloSLXqWvkwSUPAyhGDV3I1Fb8_w0ZdM4ZBgwBPK-PWFJ-UcPw== Show response fundingchoicesmessages.google.com/el/	0 28 B	48ms 46ms	XHR text/html	172.253.63.102 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fundingchoicesmessages.google.com/el/AGSKWxUJZPtTxSDKyp5nAC4Hzb7It0ETFMm_daGRYSOr7b9E6kcu401VhsAcX-yWBnDb2oinVJutH7N7ZiGqaxpvqOnyJloSLXqWvkwSUPAyhGDV3I1Fb8_w0ZdM4ZBgwBPK-PWFJ-UcPw== Requested by Host: URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/am=DAY/d=1/rs=AJlcJMw3zS1wjusUi0gw9griloTCXJzNKw/m=kernel_loader,loader_js_executable Protocol H3 Security QUIC, , AES_128_GCM Server 172.253.63.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS bi-in-f102.1e100.net Software ESF / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-NTQezS4g9mdxG2gAie7R3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain Referer https://scamalytics.com/ Response headers access-control-max-age 86400 access-control-allow-methods POST, GET, OPTIONS x-content-type-options nosniff expires Mon, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:17 GMT content-type text/html; charset=utf-8 x-frame-options SAMEORIGIN reporting-endpoints default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw1JBicEqfwRoCxB_qL7P-AGKGr1dYOYBYiIdj573u3WwCHx5c2Meo5JKUXxifnJ9XkppXopuYUqwLYhdlJpWW5BehsFPLQCpy8tPTM_PS440MjEwMjQyN9AzM4gsMACFXK2Y" content-security-policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-NTQezS4g9mdxG2gAie7R3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist cache-control no-cache, no-store, max-age=0, must-revalidate cross-origin-opener-policy same-origin pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version access-control-allow-credentials true permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=* access-control-allow-origin https://scamalytics.com content-length 0 x-xss-protection 0 server ESF
POST H2	204	csi csi.gstatic.com/	0 532 B	673ms 230ms	Ping image/gif	2404:6800:400a:813::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~m4u2k07w&ctx=0&met.9=1.w9~2.z5 Requested by Host: pagead2.googlesyndication.com URL: https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:400a:813::2003 Osaka, Japan, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers cache-control no-cache, no-store, must-revalidate pragma no-cache cross-origin-resource-policy cross-origin report-to {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgcc:41:0"}],} content-security-policy-report-only script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgcc:41:0 expires Fri, 01 Jan 1990 00:00:00 GMT access-control-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to=coop_reporting content-length 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:17 GMT last-modified Wed, 21 Jan 2004 19:51:30 GMT content-type image/gif server Golfe2
GET H2	200	runner.html ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 1E93	0 0	92ms 31ms	Document text/html	2607:f8b0:4004:c06::84 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html Requested by Host: ep2.adtrafficquality.google URL: https://ep2.adtrafficquality.google/sodar/sodar2.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c06::84 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://scamalytics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes age 1821 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control public, max-age=3000 content-encoding gzip content-length 5005 content-type text/html cross-origin-opener-policy same-origin; report-to="adspam-signals-scs" cross-origin-resource-policy cross-origin date Wed, 18 Dec 2024 15:19:56 GMT expires Wed, 18 Dec 2024 16:09:56 GMT last-modified Mon, 23 Sep 2024 18:12:21 GMT report-to {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} server sffe vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H3	200	aframe www.google.com/recaptcha/api2/ Frame 12CA	0 0	118ms 53ms	Document text/html	172.253.115.104 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google.com/recaptcha/api2/aframe Requested by Host: ep2.adtrafficquality.google URL: https://ep2.adtrafficquality.google/sodar/sodar2.js Protocol H3 Security QUIC, , AES_128_GCM Server 172.253.115.104 , United States, ASN15169 (GOOGLE, US), Reverse DNS bg-in-f104.1e100.net Software ESF / Resource Hash Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-VpTpwFVQJKUUZIHqdnEufA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://scamalytics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=300 content-encoding gzip content-security-policy script-src 'report-sample' 'nonce-VpTpwFVQJKUUZIHqdnEufA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 content-type text/html; charset=utf-8 cross-origin-embedder-policy require-corp cross-origin-opener-policy-report-only same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d" cross-origin-resource-policy cross-origin date Wed, 18 Dec 2024 15:50:17 GMT expires Wed, 18 Dec 2024 15:50:17 GMT report-to {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]} server ESF x-content-type-options nosniff x-xss-protection 0
POST H3	204	AGSKWxUJZPtTxSDKyp5nAC4Hzb7It0ETFMm_daGRYSOr7b9E6kcu401VhsAcX-yWBnDb2oinVJutH7N7ZiGqaxpvqOnyJloSLXqWvkwSUPAyhGDV3I1Fb8_w0ZdM4ZBgwBPK-PWFJ-UcPw== Show response fundingchoicesmessages.google.com/el/	0 28 B	51ms 50ms	XHR text/html	172.253.63.102 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fundingchoicesmessages.google.com/el/AGSKWxUJZPtTxSDKyp5nAC4Hzb7It0ETFMm_daGRYSOr7b9E6kcu401VhsAcX-yWBnDb2oinVJutH7N7ZiGqaxpvqOnyJloSLXqWvkwSUPAyhGDV3I1Fb8_w0ZdM4ZBgwBPK-PWFJ-UcPw== Requested by Host: URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/am=DAY/d=1/rs=AJlcJMw3zS1wjusUi0gw9griloTCXJzNKw/m=kernel_loader,loader_js_executable Protocol H3 Security QUIC, , AES_128_GCM Server 172.253.63.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS bi-in-f102.1e100.net Software ESF / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-X1Au4xzNFl9b1FUV9B_Q9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain Referer https://scamalytics.com/ Response headers access-control-max-age 86400 access-control-allow-methods POST, GET, OPTIONS x-content-type-options nosniff expires Mon, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:17 GMT content-type text/html; charset=utf-8 x-frame-options SAMEORIGIN reporting-endpoints default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmII1JBicEqfwRoCxB_qL7P-AGKGr1dYOYBYiIdj573u3WwCB7rWXmVUcknKL4xPzs8rSc0r0U1MKdYFsYsyk0pL8otQ2KllIBU5-enpmXnp8UYGRiaGRoZGegZm8QUGAP3ZKuQ" content-security-policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-X1Au4xzNFl9b1FUV9B_Q9Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist cache-control no-cache, no-store, max-age=0, must-revalidate cross-origin-opener-policy same-origin pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version access-control-allow-credentials true permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=* access-control-allow-origin https://scamalytics.com content-length 0 x-xss-protection 0 server ESF
POST H3	204	AGSKWxUJZPtTxSDKyp5nAC4Hzb7It0ETFMm_daGRYSOr7b9E6kcu401VhsAcX-yWBnDb2oinVJutH7N7ZiGqaxpvqOnyJloSLXqWvkwSUPAyhGDV3I1Fb8_w0ZdM4ZBgwBPK-PWFJ-UcPw== Show response fundingchoicesmessages.google.com/el/	0 28 B	56ms 54ms	XHR text/html	172.253.63.102 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fundingchoicesmessages.google.com/el/AGSKWxUJZPtTxSDKyp5nAC4Hzb7It0ETFMm_daGRYSOr7b9E6kcu401VhsAcX-yWBnDb2oinVJutH7N7ZiGqaxpvqOnyJloSLXqWvkwSUPAyhGDV3I1Fb8_w0ZdM4ZBgwBPK-PWFJ-UcPw== Requested by Host: URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/am=DAY/d=1/rs=AJlcJMw3zS1wjusUi0gw9griloTCXJzNKw/m=kernel_loader,loader_js_executable Protocol H3 Security QUIC, , AES_128_GCM Server 172.253.63.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS bi-in-f102.1e100.net Software ESF / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-etg01T_YFwlxcepW3KeXzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain Referer https://scamalytics.com/ Response headers access-control-max-age 86400 access-control-allow-methods POST, GET, OPTIONS x-content-type-options nosniff expires Mon, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:17 GMT content-type text/html; charset=utf-8 x-frame-options SAMEORIGIN reporting-endpoints default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw0pBicEqfwRoCxB_qL7P-AGKGr1dYOYBYiIdj573u3WwCKxa9v8mo5JKUXxifnJ9XkppXopuYUqwLYhdlJpWW5BehsFPLQCpy8tPTM_PS440MjEwMjQyN9AzM4gsMAA6yKyM" content-security-policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-etg01T_YFwlxcepW3KeXzQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist cache-control no-cache, no-store, max-age=0, must-revalidate cross-origin-opener-policy same-origin pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version access-control-allow-credentials true permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=* access-control-allow-origin https://scamalytics.com content-length 0 x-xss-protection 0 server ESF
GET H3	200	AGSKWxX8aI_v0hGEZ9gZgSgdAtb96FbHx_V1BMuxKKoYd7NZ51NY0Xy8CMq-45kHYnAHLvugTY9cTFDlnwjExwGXNhLO91Tq8YMVM089HRrKM0ezEmUBaVpaiVSYpQ_t4fGbeowkhoT2Tg== Show response fundingchoicesmessages.google.com/f/	3 KB 2 KB	83ms 82ms	Script application/javascript	172.253.63.102 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fundingchoicesmessages.google.com/f/AGSKWxX8aI_v0hGEZ9gZgSgdAtb96FbHx_V1BMuxKKoYd7NZ51NY0Xy8CMq-45kHYnAHLvugTY9cTFDlnwjExwGXNhLO91Tq8YMVM089HRrKM0ezEmUBaVpaiVSYpQ_t4fGbeowkhoT2Tg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzM0NTM3MDE3LDQyMzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9zY2FtYWx5dGljcy5jb20vaXAvMzEuMTcxLjE1NC4xMjIiLG51bGwsW1s4LCJJTXo1N3ljNWhWdyJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl1dXQ Requested by Host: URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/am=DAY/d=1/rs=AJlcJMw3zS1wjusUi0gw9griloTCXJzNKw/m=kernel_loader,loader_js_executable Protocol H3 Security QUIC, , AES_128_GCM Server 172.253.63.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS bi-in-f102.1e100.net Software ESF / Resource Hash 04e1a575a52573d9bcb83c2b8d46c8be56a27887630eabf2909487995ef99ded Security Headers Name Value Content-Security-Policy script-src 'report-sample' 'nonce-XxFNJUB3p3Y6bWK3C9q0uA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers content-encoding gzip x-content-type-options nosniff expires Mon, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:17 GMT content-type application/javascript; charset=utf-8 x-frame-options SAMEORIGIN reporting-endpoints default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtDikmII0JBikPj6kkkLiJ3SZ7CGAHHrzXOs04HYaO15VhcgTvp3nrUEiA0VLrE6A7Fj0SVWTyBW7bnEag7E99ddYn0OxB_qL7P-AOIZ5y-zLgDiIokrrC1AzPD1CisHEAvxcOy8172bTaBjwoInjEoaSfmF8cn5eSVFmUmlJflFaclpqcWpRWWpRfFGBkYmhkaGRnoGhvEFBgCPCEVr" content-security-policy script-src 'report-sample' 'nonce-XxFNJUB3p3Y6bWK3C9q0uA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport cache-control no-cache, no-store, max-age=0, must-revalidate timing-allow-origin * cross-origin-opener-policy same-origin pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version cross-origin-resource-policy cross-origin permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=* x-xss-protection 0 server ESF
POST H3	204	AGSKWxXzobWeWGHDl6NvOhMwNj67IM3J-riFYxoWJbshaq-L_9EtTizW1vVcNCsCwmgfZLwKONh8pcsUf0RrQHjxHUQ69PrBWYQ8Phg9ncv-GodR7mVxsa9816GpJsqkU5uPRNwjRHjpfQ== Show response fundingchoicesmessages.google.com/el/	0 28 B	47ms 46ms	XHR text/html	172.253.63.102 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fundingchoicesmessages.google.com/el/AGSKWxXzobWeWGHDl6NvOhMwNj67IM3J-riFYxoWJbshaq-L_9EtTizW1vVcNCsCwmgfZLwKONh8pcsUf0RrQHjxHUQ69PrBWYQ8Phg9ncv-GodR7mVxsa9816GpJsqkU5uPRNwjRHjpfQ== Requested by Host: URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_US.IMz57yc5hVw.es5.O/am=DAY/d=1/rs=AJlcJMw3zS1wjusUi0gw9griloTCXJzNKw/m=kernel_loader,loader_js_executable Protocol H3 Security QUIC, , AES_128_GCM Server 172.253.63.102 , United States, ASN15169 (GOOGLE, US), Reverse DNS bi-in-f102.1e100.net Software ESF / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Content-Security-Policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-eHUj05BLzXxmvog47a6UUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain Referer https://scamalytics.com/ Response headers access-control-max-age 86400 access-control-allow-methods POST, GET, OPTIONS x-content-type-options nosniff expires Mon, 01 Jan 1990 00:00:00 GMT alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 date Wed, 18 Dec 2024 15:50:17 GMT content-type text/html; charset=utf-8 x-frame-options SAMEORIGIN reporting-endpoints default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw15BicEqfwRoCxB_qL7P-AGKGr1dYOYBYiIdj573u3WwCCyY_bmFScknKL4xPzs8rSc0r0U1MKdYFsYsyk0pL8otQ2KllIBU5-enpmXnp8UYGRiaGRoZGegZm8QUGAOuYKqk" content-security-policy require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-eHUj05BLzXxmvog47a6UUQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist cache-control no-cache, no-store, max-age=0, must-revalidate cross-origin-opener-policy same-origin pragma no-cache accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version access-control-allow-credentials true permissions-policy ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=* access-control-allow-origin https://scamalytics.com content-length 0 x-xss-protection 0 server ESF
GET		bounce id5-sync.com/	0 0
GET H2	200	v1 Show response lb.eu-1-id5-sync.com/lb/	45 B 287 B	353ms 106ms	Fetch application/json	141.95.98.64 OVH OVH SAS
General Check archive.org Show headers Download Go to Full URL https://lb.eu-1-id5-sync.com/lb/v1 Requested by Host: cdn.id5-sync.com URL: https://cdn.id5-sync.com/api/1.0/id5-api.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 141.95.98.64 , France, ASN16276 (OVH OVH SAS, FR), Reverse DNS ns3216658.ip-141-95-98.eu Software / Resource Hash 429c09ef872b45d80fa51a8ed156e581ed31fd094c179e4d6dd1d3f1bf18f20b Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers strict-transport-security max-age=63072000; includeSubDomains; preload access-control-allow-origin https://scamalytics.com date Wed, 18 Dec 2024 15:50:17 GMT content-type application/json;charset=UTF-8 vary Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
GET H2	200	container.html 54c7e6e4843aa78b33a75e6474f12928.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 8133	0 0	0ms 0ms	Document text/html	2607:f8b0:4004:c09::84 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://54c7e6e4843aa78b33a75e6474f12928.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c09::84 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://scamalytics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=300 content-encoding br content-length 2653 content-type text/html cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" cross-origin-resource-policy cross-origin date Wed, 18 Dec 2024 15:50:17 GMT expires Wed, 18 Dec 2024 15:50:17 GMT last-modified Thu, 03 Nov 2022 19:10:08 GMT report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	container.html 54c7e6e4843aa78b33a75e6474f12928.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame CE24	0 0	0ms 0ms	Document text/html	2607:f8b0:4004:c09::84 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://54c7e6e4843aa78b33a75e6474f12928.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c09::84 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://scamalytics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=300 content-encoding br content-length 2653 content-type text/html cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" cross-origin-resource-policy cross-origin date Wed, 18 Dec 2024 15:50:17 GMT expires Wed, 18 Dec 2024 15:50:17 GMT last-modified Thu, 03 Nov 2022 19:10:08 GMT report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
GET H2	200	container.html 54c7e6e4843aa78b33a75e6474f12928.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 61C1	0 0	22ms 22ms	Document text/html	2607:f8b0:4004:c09::84 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://54c7e6e4843aa78b33a75e6474f12928.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/pubads_impl.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2607:f8b0:4004:c09::84 Washington, United States, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://scamalytics.com/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Response headers accept-ranges bytes alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 cache-control private, max-age=300 content-encoding br content-length 2653 content-type text/html cross-origin-opener-policy-report-only same-origin; report-to="ads-gpt-scs" cross-origin-resource-policy cross-origin date Wed, 18 Dec 2024 15:50:17 GMT expires Wed, 18 Dec 2024 15:50:17 GMT last-modified Thu, 03 Nov 2022 19:10:08 GMT report-to {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]} server sffe timing-allow-origin * vary Accept-Encoding x-content-type-options nosniff x-xss-protection 0
POST		v3 id5-sync.com/gm/	0 0
GET H2	200	publishertag.prebid.144.js Show response static.criteo.net/js/ld/	96 KB 31 KB	468ms 60ms	Script text/javascript	2620:100:a00b::4 AS-CRITEO
General Check archive.org Show headers Download Go to Full URL https://static.criteo.net/js/ld/publishertag.prebid.144.js Requested by Host: cdn4.buysellads.net URL: https://cdn4.buysellads.net/pub/scamalytics.js?1734537000000 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US), Reverse DNS Software nginx / Resource Hash 66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507 Security Headers Name Value Strict-Transport-Security max-age=31536000; preload; Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Referer https://scamalytics.com/ Response headers strict-transport-security max-age=31536000; preload; cache-control max-age=86400, public timing-allow-origin * content-encoding gzip etag W/"653b5c0e-1811e" cross-origin-resource-policy cross-origin expires Thu, 19 Dec 2024 15:50:18 GMT access-control-allow-origin * date Wed, 18 Dec 2024 15:50:18 GMT content-type text/javascript last-modified Fri, 27 Oct 2023 06:43:26 GMT server nginx
POST H3	204	ping pagead2.googlesyndication.com/pagead/	0 0	50ms 48ms	Fetch text/html	142.251.167.156 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://pagead2.googlesyndication.com/pagead/ping?e=1 Requested by Host: securepubads.g.doubleclick.net URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412090101/pubads_impl.js Protocol H3 Security QUIC, , AES_128_GCM Server 142.251.167.156 Farmingdale, United States, ASN15169 (GOOGLE, US), Reverse DNS ww-in-f156.1e100.net Software / Resource Hash Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Referer https://scamalytics.com/ Response headers
GET		sodar ep1.adtrafficquality.google/pagead/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

id5-sync.com

URL

https://id5-sync.com/bounce

Domain

id5-sync.com

URL

https://id5-sync.com/gm/v3

Domain

ep1.adtrafficquality.google

URL

https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202412090101&jk=2065559028716531&bg=!PD-lP3DNAAbtGp3CzRo7ADQBe5WfOOBAKaV_nKYtCRNnvTIWmliedLMDMi9Spc7bGtXyW7S1ms76StOu8oomAGut6cXzAgAAAJBSAAAABGgBB34ANuDhFS2Rt4gbJStFrci4DUWdDCYxqyC9jggUJLXppfRMhdO-UH5kIRpXnAF58yyfdNMIYUW89ZkCkZfi4naZR4N__5Ded0H9Fv0n1l3ozOMDAN88GfJo63jh6OMCjOdzYEAFt-AMrEX24lMIh5t5d-IHONVdNhnyALpjYMZwv0Ny1wgc-3VTRdkgOJ9tpU74m5iN7rZ2GEtaWj-MsfiQXKYVsytehcoeEtynVw7R9DYkbLMvgVAhQoTLoU8NcZkVpVQeWpDNY4UShlaWzRf_gaOg2bKf41-TlSEkOcWOmhqUYHuNazGPnyykk7BtEk8AkMoSeZqaIVQhJMr7hx0lJb-yF-yjBc5rGcusnzeDkHbUp09Q3LRB3oGq0uAmTsPFhqTAM2wV0yHF62ZYDlzZ6Arqv0yJCfVwWUaM038amRVjiF9420XN-0BpzauuJe4B6q73oA1F8lECs4kohISJO9ZFwT3Ga9QEWNYM-yipba0xjEv9i2T6lsayLQInCm2J4FbRHrn4klatAykNoA5uM7qm8iizZplVAfgF_HtKICQsrh6nHr_JL6eqA2ldKdzzW8MqvJ9HD0UkPEseF9xaYYXF9eUwTNvvl_x1jYe6Yvi_CJ-ltrXozW83U7QVNxjMs-Mcdy5nHYUOwJV9FfMltUsfLu-o7KYgMZW43XondWa8VQN80OH2Q5AuvOdDZrPFrvmbOMQ9fUGIKExi4RVolhN1MdNCeN82heurjjh7VNFquUpGfzcFINiefcZdeqa5QZ9YIWPZ_3UvWtMbaIi90EPNZ4ybaIrOX_YGSdh8AnSFMChtuqALGZdJUFeMb9-g5JMIy-cIQjBvQfCf3BekEJEoj_5G_C6BLZkBfNtAPCa4RVcobPrZEVTreiApnXrLMVbZ1i1UGdYVWhhE4NXPqcvNdeHDY-Ywxspq98eLX_dGy7bbSz2YkaT3-A