winteriscoming.net Open in urlscan Pro
2600:9000:27c2:7200:a:3342:cb00:93a1  Public Scan

Submitted URL: http://winteriscoming.net/
Effective URL: https://winteriscoming.net/
Submission: On December 04 via api from US — Scanned from US

Summary

This website contacted 87 IPs in 4 countries across 55 domains to perform 281 HTTP transactions. The main IP is 2600:9000:27c2:7200:a:3342:cb00:93a1, located in United States and belongs to AMAZON-02, US. The main domain is winteriscoming.net. The Cisco Umbrella rank of the primary domain is 852465.
TLS certificate: Issued by Amazon RSA 2048 M02 on November 19th 2024. Valid for: a year.
This is the only time winteriscoming.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2600:9000:27c... 16509 (AMAZON-02)
7 2607:f8b0:400... 15169 (GOOGLE)
2 2600:9000:261... 16509 (AMAZON-02)
5 2600:9000:251... 16509 (AMAZON-02)
1 2600:9000:284... 16509 (AMAZON-02)
35 2600:9000:23c... 16509 (AMAZON-02)
2 2600:9000:251... 16509 (AMAZON-02)
4 2607:f8b0:400... 15169 (GOOGLE)
8 2607:f8b0:400... 15169 (GOOGLE)
5 2606:4700:20:... 13335 (CLOUDFLAR...)
2 7 2607:f8b0:400... 15169 (GOOGLE)
1 18.238.80.40 16509 (AMAZON-02)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
16 2a02:6ea0:c40... 60068 (CDN77 Dat...)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 2600:9000:211... 16509 (AMAZON-02)
2 4 18.173.219.84 16509 (AMAZON-02)
2 108.138.112.90 16509 (AMAZON-02)
1 4 2620:100:a00b... 19750 (AS-CRITEO)
2 74.119.117.17 19750 (AS-CRITEO)
3 162.19.138.118 16276 (OVH OVH SAS)
1 108.138.106.59 16509 (AMAZON-02)
2 18.164.108.113 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
1 13.35.93.44 16509 (AMAZON-02)
2 108.138.128.28 16509 (AMAZON-02)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
3 23.203.179.38 16625 (AKAMAI-AS)
2 2001:4860:480... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 18.211.109.241 14618 (AMAZON-AES)
4 2600:1f14:5db... 16509 (AMAZON-02)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 18.164.116.85 16509 (AMAZON-02)
1 2 98.82.158.241 14618 (AMAZON-AES)
4 2606:4700:10:... 13335 (CLOUDFLAR...)
1 52.45.239.128 14618 (AMAZON-AES)
1 162.19.138.117 16276 (OVH OVH SAS)
1 2606:ae80:145... 26762 (CNVR-US-EAST)
3 52.85.61.52 16509 (AMAZON-02)
16 2602:803:c002... 26667 (RUBICONPR...)
4 2620:100:a00b... 19750 (AS-CRITEO)
2 35.186.253.211 15169 (GOOGLE)
2 3.233.183.24 14618 (AMAZON-AES)
3 35.245.40.102 396982 (GOOGLE-CL...)
16 208.115.232.246 46475 (LIMESTONE...)
2 207.65.37.179 62713 (AS-PUBMATIC)
2 51.222.239.230 16276 (OVH OVH SAS)
2 23.41.169.52 16625 (AKAMAI-AS)
2 4 68.67.160.184 29990 (ASN-APPNEX)
2 3.220.40.212 14618 (AMAZON-AES)
2 104.18.27.193 13335 (CLOUDFLAR...)
1 17 2606:4700:10:... 13335 (CLOUDFLAR...)
2 35.162.65.214 16509 (AMAZON-02)
2 2 35.244.159.8 396982 (GOOGLE-CL...)
2 2 8.28.7.83 62713 (AS-PUBMATIC)
1 1 69.173.146.5 26667 (RUBICONPR...)
3 3 52.223.40.198 16509 (AMAZON-02)
3 3 34.111.113.62 396982 (GOOGLE-CL...)
2 172.253.122.156 15169 (GOOGLE)
1 1 2620:112:f008... 26120 (RHYTHMONE)
1 1 2607:f350:3:2... 27630 (AS-XFERNET)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2a04:4e42::485 54113 (FASTLY)
3 2620:100:a00b::4 19750 (AS-CRITEO)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 104.18.28.101 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2600:9000:251... 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 34.120.107.143 396982 (GOOGLE-CL...)
1 2607:f8b0:400... 15169 (GOOGLE)
2 34.98.64.218 396982 (GOOGLE-CL...)
10 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
2 2 2607:f8b0:400... 15169 (GOOGLE)
2 64.233.180.149 15169 (GOOGLE)
2 142.251.111.154 15169 (GOOGLE)
2 2600:9000:21f... 16509 (AMAZON-02)
2 2a02:6ea0:c40... 60068 (CDN77 Dat...)
1 13.249.91.61 16509 (AMAZON-02)
2 2607:f8b0:400... 15169 (GOOGLE)
1 151.101.193.108 54113 (FASTLY)
1 35.71.139.29 16509 (AMAZON-02)
1 104.18.25.18 13335 (CLOUDFLAR...)
1 44.193.101.54 14618 (AMAZON-AES)
1 23.203.105.107 16625 (AKAMAI-AS)
1 23.51.57.13 16625 (AKAMAI-AS)
1 51.222.39.186 16276 (OVH OVH SAS)
1 35.211.202.130 15169 (GOOGLE)
281 87
Apex Domain
Subdomains
Transfer
36 minutemediacdn.com
assets.minutemediacdn.com — Cisco Umbrella Rank: 26367
images2.minutemediacdn.com — Cisco Umbrella Rank: 15987
276 KB
26 ad.gt
id.hadron.ad.gt — Cisco Umbrella Rank: 1519
a.ad.gt — Cisco Umbrella Rank: 1619
p.ad.gt — Cisco Umbrella Rank: 1714
ids.ad.gt — Cisco Umbrella Rank: 1557
ids4.ad.gt — Cisco Umbrella Rank: 2415
seg.ad.gt — Cisco Umbrella Rank: 1984
pixels.ad.gt — Cisco Umbrella Rank: 1708
proton.ad.gt — Cisco Umbrella Rank: 4167
26 KB
22 userway.org
cdn.userway.org — Cisco Umbrella Rank: 3208
api.userway.org — Cisco Umbrella Rank: 3180
cdn77.api.userway.org — Cisco Umbrella Rank: 7080
371 KB
18 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 505
token.rubiconproject.com — Cisco Umbrella Rank: 500
eus.rubiconproject.com — Cisco Umbrella Rank: 616
11 KB
16 richaudience.com
shb.richaudience.com — Cisco Umbrella Rank: 4166
sync.richaudience.com Failed
3 KB
15 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 218
stats.g.doubleclick.net — Cisco Umbrella Rank: 135
td.doubleclick.net — Cisco Umbrella Rank: 182
cm.g.doubleclick.net — Cisco Umbrella Rank: 284
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
ad.doubleclick.net — Cisco Umbrella Rank: 145
232 KB
10 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 527
104 KB
8 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 450
mug.criteo.com — Cisco Umbrella Rank: 3746
bidder.criteo.com — Cisco Umbrella Rank: 949
3 KB
8 amazon-adsystem.com
c.aps.amazon-adsystem.com — Cisco Umbrella Rank: 5171
c.amazon-adsystem.com — Cisco Umbrella Rank: 347
config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 687
aax.amazon-adsystem.com — Cisco Umbrella Rank: 468
s.amazon-adsystem.com — Cisco Umbrella Rank: 337
87 KB
8 gstatic.com
fonts.gstatic.com
73 KB
7 googlesyndication.com
e23890915835ff161149d5e994685475.safeframe.googlesyndication.com
tpc.googlesyndication.com — Cisco Umbrella Rank: 173
pagead2.googlesyndication.com — Cisco Umbrella Rank: 110
3 KB
7 openx.net
rtb.openx.net — Cisco Umbrella Rank: 552
u.openx.net — Cisco Umbrella Rank: 761
oajs.openx.net — Cisco Umbrella Rank: 2931
google-bidout-d.openx.net — Cisco Umbrella Rank: 2790
minutemedia-d.openx.net — Cisco Umbrella Rank: 33699
1 KB
7 geoedge.be
rumcdn.geoedge.be — Cisco Umbrella Rank: 2080
gw.geoedge.be — Cisco Umbrella Rank: 3079
198 KB
7 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
4 KB
6 privacymanager.io
launchpad-wrapper.privacymanager.io — Cisco Umbrella Rank: 2787
launchpad.privacymanager.io — Cisco Umbrella Rank: 2323
geo.privacymanager.io — Cisco Umbrella Rank: 2054
ats-wrapper.privacymanager.io — Cisco Umbrella Rank: 2086
99 KB
6 bqstreamer.com
stats.bqstreamer.com — Cisco Umbrella Rank: 24441
config.bqstreamer.com — Cisco Umbrella Rank: 26849
19 KB
5 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 281
secure.adnxs.com — Cisco Umbrella Rank: 495
acdn.adnxs.com — Cisco Umbrella Rank: 643
4 KB
5 pubmatic.com
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 494
image2.pubmatic.com — Cisco Umbrella Rank: 886
ads.pubmatic.com — Cisco Umbrella Rank: 570
904 B
4 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 373
524 KB
4 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 533
cdn.id5-sync.com — Cisco Umbrella Rank: 1004
31 KB
4 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 186
6 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
411 KB
3 criteo.net
static.criteo.net — Cisco Umbrella Rank: 793
44 KB
3 adtrafficquality.google
ep1.adtrafficquality.google — Cisco Umbrella Rank: 389
ep2.adtrafficquality.google — Cisco Umbrella Rank: 403
20 KB
3 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 470
1 KB
3 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 377
2 KB
3 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 576
743 B
3 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 712
829 B
3 omnitagjs.com
hb-api.omnitagjs.com — Cisco Umbrella Rank: 3983
visitor.omnitagjs.com — Cisco Umbrella Rank: 848
2 KB
3 3lift.com
tlx.3lift.com — Cisco Umbrella Rank: 551
eb2.3lift.com — Cisco Umbrella Rank: 429
2 KB
3 bidswitch.net
grid.bidswitch.net — Cisco Umbrella Rank: 1460
x.bidswitch.net — Cisco Umbrella Rank: 393
821 B
3 google.com
analytics.google.com — Cisco Umbrella Rank: 142
www.google.com — Cisco Umbrella Rank: 3
3 fastclick.net
secure.cdn.fastclick.net — Cisco Umbrella Rank: 1120
88 KB
3 crwdcntrl.net
tags.crwdcntrl.net — Cisco Umbrella Rank: 1010
bcp.crwdcntrl.net — Cisco Umbrella Rank: 1026
26 KB
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 96
40 B
2 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 496
1 KB
2 teads.tv
a.teads.tv — Cisco Umbrella Rank: 1737
923 B
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
211 B
2 minutemedia-prebid.com
hb.minutemedia-prebid.com — Cisco Umbrella Rank: 3670
947 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 192
74 KB
2 privacy-center.org
sdk.privacy-center.org — Cisco Umbrella Rank: 4542
130 KB
2 mmctsvc.com
cdn.mmctsvc.com — Cisco Umbrella Rank: 24048
258 KB
1 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 698
1 uidapi.com
cdn.prod.uidapi.com — Cisco Umbrella Rank: 4220
4 KB
1 33across.com
cdn-ima.33across.com — Cisco Umbrella Rank: 1329
7 KB
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 2357
8 KB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 318
897 B
1 sonobi.com
sync.go.sonobi.com — Cisco Umbrella Rank: 915
665 B
1 turn.com
d.turn.com — Cisco Umbrella Rank: 1126
443 B
1 dotomi.com
proc.ad.cpe.dotomi.com — Cisco Umbrella Rank: 3098
465 B
1 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 946
290 B
1 hadronid.net
cdn.hadronid.net — Cisco Umbrella Rank: 1791
12 KB
1 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 36
1 fansided.com
app.fansided.com — Cisco Umbrella Rank: 65246
2 KB
1 winteriscoming.net
winteriscoming.net — Cisco Umbrella Rank: 852465
76 KB
281 55
Domain Requested by
35 images2.minutemediacdn.com winteriscoming.net
16 shb.richaudience.com cdn.mmctsvc.com
16 fastlane.rubiconproject.com cdn.mmctsvc.com
16 cdn.userway.org rumcdn.geoedge.be
cdn.userway.org
10 cdn.ampproject.org rumcdn.geoedge.be
10 ids.ad.gt 1 redirects winteriscoming.net
8 fonts.gstatic.com fonts.googleapis.com
7 securepubads.g.doubleclick.net 2 redirects rumcdn.geoedge.be
winteriscoming.net
securepubads.g.doubleclick.net
7 fonts.googleapis.com winteriscoming.net
rumcdn.geoedge.be
client
5 p.ad.gt rumcdn.geoedge.be
p.ad.gt
5 stats.bqstreamer.com cdn.mmctsvc.com
5 rumcdn.geoedge.be winteriscoming.net
rumcdn.geoedge.be
4 s0.2mdn.net winteriscoming.net
4 tpc.googlesyndication.com winteriscoming.net
rumcdn.geoedge.be
4 api.userway.org cdn.userway.org
4 gum.criteo.com 1 redirects rumcdn.geoedge.be
4 sb.scorecardresearch.com 2 redirects winteriscoming.net
4 www.googletagmanager.com winteriscoming.net
www.googletagmanager.com
rumcdn.geoedge.be
3 static.criteo.net rumcdn.geoedge.be
cdn.mmctsvc.com
static.criteo.net
3 seg.ad.gt p.ad.gt
3 pixel.tapad.com 3 redirects
3 match.adsrvr.org 3 redirects
3 ads.yieldmo.com cdn.mmctsvc.com
3 onetag-sys.com cdn.mmctsvc.com
3 geo.privacymanager.io launchpad.privacymanager.io
ats-wrapper.privacymanager.io
3 secure.cdn.fastclick.net rumcdn.geoedge.be
secure.cdn.fastclick.net
3 id5-sync.com cdn.mmctsvc.com
cdn.id5-sync.com
2 pagead2.googlesyndication.com
2 cdn77.api.userway.org cdn.userway.org
2 gw.geoedge.be rumcdn.geoedge.be
2 www.googleadservices.com winteriscoming.net
2 ad.doubleclick.net winteriscoming.net
2 googleads.g.doubleclick.net 2 redirects winteriscoming.net
2 ep2.adtrafficquality.google rumcdn.geoedge.be
2 cm.g.doubleclick.net winteriscoming.net
2 image2.pubmatic.com 2 redirects
2 u.openx.net 2 redirects
2 secure.adnxs.com 2 redirects
2 ids4.ad.gt winteriscoming.net
2 a.ad.gt rumcdn.geoedge.be
p.ad.gt
2 htlb.casalemedia.com cdn.mmctsvc.com
2 ib.adnxs.com cdn.mmctsvc.com
2 a.teads.tv cdn.mmctsvc.com
2 hbopenbid.pubmatic.com cdn.mmctsvc.com
2 hb-api.omnitagjs.com cdn.mmctsvc.com
2 tlx.3lift.com cdn.mmctsvc.com
2 grid.bidswitch.net cdn.mmctsvc.com
2 rtb.openx.net cdn.mmctsvc.com
2 bidder.criteo.com cdn.mmctsvc.com
2 id.hadron.ad.gt cdn.hadronid.net
2 s.amazon-adsystem.com 1 redirects rumcdn.geoedge.be
2 www.facebook.com winteriscoming.net
2 hb.minutemedia-prebid.com cdn.mmctsvc.com
2 analytics.google.com www.googletagmanager.com
2 tags.crwdcntrl.net rumcdn.geoedge.be
2 aax.amazon-adsystem.com c.aps.amazon-adsystem.com
2 mug.criteo.com winteriscoming.net
2 c.amazon-adsystem.com c.aps.amazon-adsystem.com
2 connect.facebook.net winteriscoming.net
connect.facebook.net
2 sdk.privacy-center.org winteriscoming.net
sdk.privacy-center.org
2 cdn.mmctsvc.com winteriscoming.net
rumcdn.geoedge.be
1 x.bidswitch.net
1 visitor.omnitagjs.com cdn.mmctsvc.com
1 ads.pubmatic.com cdn.mmctsvc.com
1 minutemedia-d.openx.net cdn.mmctsvc.com
1 eus.rubiconproject.com cdn.mmctsvc.com
1 js-sec.indexww.com cdn.mmctsvc.com
1 eb2.3lift.com cdn.mmctsvc.com
1 acdn.adnxs.com cdn.mmctsvc.com
1 ats-wrapper.privacymanager.io rumcdn.geoedge.be
1 google-bidout-d.openx.net rumcdn.geoedge.be
1 www.google.com rumcdn.geoedge.be
winteriscoming.net
1 oajs.openx.net oa.openxcdn.net
1 e23890915835ff161149d5e994685475.safeframe.googlesyndication.com securepubads.g.doubleclick.net
1 cdn.prod.uidapi.com rumcdn.geoedge.be
1 cdn.id5-sync.com rumcdn.geoedge.be
1 cdn-ima.33across.com rumcdn.geoedge.be
1 oa.openxcdn.net rumcdn.geoedge.be
1 cdn.jsdelivr.net rumcdn.geoedge.be
1 ep1.adtrafficquality.google securepubads.g.doubleclick.net
1 proton.ad.gt rumcdn.geoedge.be
1 pixels.ad.gt rumcdn.geoedge.be
1 sync.go.sonobi.com 1 redirects
1 d.turn.com 1 redirects
1 token.rubiconproject.com 1 redirects
1 proc.ad.cpe.dotomi.com secure.cdn.fastclick.net
1 lb.eu-1-id5-sync.com cdn.mmctsvc.com
1 bcp.crwdcntrl.net tags.crwdcntrl.net
1 launchpad.privacymanager.io launchpad-wrapper.privacymanager.io
1 td.doubleclick.net www.googletagmanager.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 cdn.hadronid.net winteriscoming.net
1 launchpad-wrapper.privacymanager.io rumcdn.geoedge.be
1 www.google-analytics.com www.googletagmanager.com
1 config.aps.amazon-adsystem.com rumcdn.geoedge.be
1 app.fansided.com rumcdn.geoedge.be
1 config.bqstreamer.com cdn.mmctsvc.com
1 c.aps.amazon-adsystem.com rumcdn.geoedge.be
1 assets.minutemediacdn.com winteriscoming.net
1 winteriscoming.net
0 sync.richaudience.com Failed cdn.mmctsvc.com
281 101
Subject Issuer Validity Valid
editorinleaf.com
Amazon RSA 2048 M02
2024-11-19 -
2025-12-19
a year crt.sh
upload.video.google.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
cdn.mmctsvc.com
Amazon RSA 2048 M02
2024-04-04 -
2025-05-03
a year crt.sh
gw.geoedge.be
Amazon RSA 2048 M03
2024-07-12 -
2025-08-09
a year crt.sh
assets.minutemediacdn.com
Amazon RSA 2048 M02
2024-03-26 -
2025-04-25
a year crt.sh
images.mmctsvc.com
Amazon RSA 2048 M02
2024-04-02 -
2025-05-01
a year crt.sh
*.privacy-center.org
Amazon RSA 2048 M03
2024-03-10 -
2025-04-07
a year crt.sh
*.google-analytics.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
*.gstatic.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
bqstreamer.com
WE1
2024-10-26 -
2025-01-24
3 months crt.sh
*.g.doubleclick.net
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
c.aps.amazon-adsystem.com
Amazon RSA 2048 M02
2024-05-30 -
2025-06-29
a year crt.sh
1667503734.rsc.cdn77.org
E6
2024-09-25 -
2024-12-24
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-09-12 -
2024-12-11
3 months crt.sh
*.fansided.com
Amazon RSA 2048 M02
2024-06-01 -
2025-06-30
a year crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M03
2024-11-19 -
2025-12-18
a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-12-03 -
2025-03-03
3 months crt.sh
id5-sync.com
E6
2024-11-11 -
2025-02-09
3 months crt.sh
config.aps.amazon-adsystem.com
Amazon RSA 2048 M02
2024-01-21 -
2025-02-19
a year crt.sh
alt1-3ps.amazon-adsystem.com
Amazon RSA 2048 M03
2024-03-29 -
2025-04-28
a year crt.sh
*.privacymanager.io
Amazon RSA 2048 M03
2024-06-26 -
2025-07-24
a year crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M02
2024-09-07 -
2025-10-07
a year crt.sh
hadronid.net
WE1
2024-11-22 -
2025-02-20
3 months crt.sh
secure.cdn.fastclick.net
DigiCert TLS RSA SHA256 2020 CA1
2024-08-07 -
2025-08-07
a year crt.sh
*.google.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
*.doubleclick.net
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
*.minutemedia-prebid.com
Amazon ECDSA 256 M03
2024-03-09 -
2025-04-08
a year crt.sh
api.userway.org
Amazon RSA 2048 M02
2024-08-02 -
2025-08-31
a year crt.sh
s.amazon-adsystem.com
Amazon RSA 2048 M01
2024-04-24 -
2025-04-17
a year crt.sh
id.hadron.ad.gt
WE1
2024-11-18 -
2025-02-16
3 months crt.sh
eu-1-id5-sync.com
R11
2024-11-11 -
2025-02-09
3 months crt.sh
ad.cpe.dotomi.com
GlobalSign RSA OV SSL CA 2018
2024-06-17 -
2025-07-19
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2024-07-30 -
2025-04-03
8 months crt.sh
*.openx.net
RapidSSL TLS RSA CA G1
2024-08-14 -
2025-08-18
a year crt.sh
*.bidswitch.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-11-29 -
2025-02-23
3 months crt.sh
*.3lift.com
Amazon RSA 2048 M02
2024-03-13 -
2025-04-10
a year crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA
2024-07-02 -
2025-08-01
a year crt.sh
*.richaudience.com
RapidSSL TLS RSA CA G1
2024-02-14 -
2025-02-25
a year crt.sh
*.pubmatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-03-19 -
2025-04-19
a year crt.sh
*.onetag-sys.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1
2024-01-23 -
2025-01-29
a year crt.sh
teads.tv
R10
2024-11-25 -
2025-02-23
3 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2024-02-14 -
2025-03-16
a year crt.sh
*.yieldmo.com
Amazon RSA 2048 M03
2024-07-15 -
2025-08-14
a year crt.sh
casalemedia.com
E6
2024-10-13 -
2025-01-11
3 months crt.sh
a.ad.gt
WE1
2024-12-03 -
2025-03-03
3 months crt.sh
p.ad.gt
WE1
2024-10-08 -
2025-01-06
3 months crt.sh
ids.ad.gt
WE1
2024-11-13 -
2025-02-11
3 months crt.sh
*.ad.gt
Amazon RSA 2048 M02
2024-03-10 -
2025-04-08
a year crt.sh
seg.ad.gt
WE1
2024-11-03 -
2025-02-01
3 months crt.sh
pixels.ad.gt
WE1
2024-11-03 -
2025-02-01
3 months crt.sh
proton.ad.gt
WE1
2024-11-05 -
2025-02-03
3 months crt.sh
adtrafficquality.google
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3
2024-07-30 -
2025-08-31
a year crt.sh
*.criteo.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-11-29 -
2025-02-25
3 months crt.sh
oa.openxcdn.net
WR3
2024-11-13 -
2025-02-11
3 months crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA
2024-09-05 -
2025-09-30
a year crt.sh
cdn.prod.uidapi.com
Amazon RSA 2048 M03
2024-11-20 -
2025-12-20
a year crt.sh
misc-sni.google.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
tpc.googlesyndication.com
WR2
2024-10-21 -
2025-01-13
3 months crt.sh
1784939676.rsc.cdn77.org
E5
2024-10-18 -
2025-01-16
3 months crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1
2024-04-08 -
2025-05-09
a year crt.sh
indexww.com
WE1
2024-11-30 -
2025-02-28
3 months crt.sh

This page contains 27 frames:

Primary Page: https://winteriscoming.net/
Frame ID: 2A24F4B9BBEDF53B7201A6F40A7DB860
Requests: 209 HTTP requests in this frame

Frame: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Frame ID: F4D784828B07078F399C4EF02DF2C11A
Requests: 4 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-NB8RD6J3M6&gacid=574771359.1733278767&gtm=45je4bk0v881192982z872382166za200zb72382166&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485&z=86697198
Frame ID: 41A6DD5C16CFD2E2940D4C22DC8C3667
Requests: 1 HTTP requests in this frame

Frame: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-adman-v2_n-acuityads&dcc=t
Frame ID: 94338643C1200E774FEDB6C7093819D8
Requests: 1 HTTP requests in this frame

Frame: https://proton.ad.gt/join-ad-interest-groups.html
Frame ID: 547E5B3A92948B987F6A2A5432D68B98
Requests: 2 HTTP requests in this frame

Frame: https://cdn.userway.org/styles/2024-12-02-09-47-30/widget_base.css?v=1733132850231
Frame ID: 20288F6999F4FFC1E3ABCC291351BA47
Requests: 1 HTTP requests in this frame

Frame: https://cdn.userway.org/styles/2024-12-02-09-47-30/widget_base.css?v=1733132850231
Frame ID: E8BD53B939BC325FAE26A07C5D210D45
Requests: 1 HTTP requests in this frame

Frame: https://cdn.userway.org/styles/2024-12-02-09-47-30/widget_base.css?v=1733132850231
Frame ID: 88DC474DB7B24BD668454BC5261D538F
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: A9D0F5AD0057C430B0AACE7F5C3BE621
Requests: 1 HTTP requests in this frame

Frame: https://e23890915835ff161149d5e994685475.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F3BD70B088872F7DBD73F185EF6EFF81
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=winteriscoming.net&gdpr=0&gdpr_consent=
Frame ID: E116224AAECA976C487D69191FE7F710
Requests: 1 HTTP requests in this frame

Frame: https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Frame ID: 8E7F976C2D2794B708DDA45894C25B97
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: EAAF7C9C75393F74435741524B69113F
Requests: 1 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 78DF483E2AB857D46B638BB1EDF3DFB2
Requests: 1 HTTP requests in this frame

Frame: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Frame ID: 79DE90FB58EAE4BE0C33FEF7E7ED355D
Requests: 22 HTTP requests in this frame

Frame: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Frame ID: 6F3C7C15ACC8C93A020E1F6D3BDE227A
Requests: 22 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=winteriscoming.net&gdpr=0&gdpr_consent=&us_privacy=1---
Frame ID: ADF9F7074622C39EBADB7E573DA86F4C
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: E26DC2D0D162A6E0B28C71E3599624D3
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?us_privacy=1---&
Frame ID: EF700733C0173F869ACEA6C5F888486B
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: DA6E66ED5F03982110E1326CBA518E79
Requests: 1 HTTP requests in this frame

Frame: https://ads.yieldmo.com/pbcas?us_privacy=1---&gdpr=0&gdpr_consent=&type=iframe
Frame ID: 8676D9AB58B212464861BF6AB90139A1
Requests: 1 HTTP requests in this frame

Frame: https://sync.richaudience.com/dcf3528a0b8aa83634892d50e91c306e/?ord=9822740132
Frame ID: 76FFD8E07454F71EDA2220837D3D638C
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?gdpr=0&us_privacy=1---
Frame ID: 72939446B4ACD0D541602333DC67C40B
Requests: 1 HTTP requests in this frame

Frame: https://minutemedia-d.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=&us_privacy=1---
Frame ID: 1DCF6E66A606D1B62469660909DB96BB
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=159660&gdpr=0&gdpr_consent=&us_privacy=1---
Frame ID: 38539E075561746E2E5E87126DBEEC58
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1733278767046&gdpr=0&us_privacy=1---
Frame ID: C70EF94DDA3E3B86C495AFC43709E7D1
Requests: 1 HTTP requests in this frame

Frame: https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&gdpr=0&gdpr_consent=&us_privacy=1---
Frame ID: 4DF97C3244613429AB1EF3EE1E9D73F0
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Game of Thrones and sci-fi/fantasy news, TV, and movies

Page URL History Show full URLs

  1. http://winteriscoming.net/ HTTP 307
    https://winteriscoming.net/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • sdk\.privacy-center\.org/.*/loader\.js

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • cdn\.userway\.org/widget.*\.js

Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

281
Requests

92 %
HTTPS

49 %
IPv6

55
Domains

101
Subdomains

87
IPs

4
Countries

3242 kB
Transfer

12703 kB
Size

188
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://winteriscoming.net/ HTTP 307
    https://winteriscoming.net/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 58
  • https://sb.scorecardresearch.com/cs/18120612/beacon.js HTTP 302
  • https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Request Chain 64
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwinteriscoming.net%2F&domain=winteriscoming.net&cw=1&lsw=1&us_privacy=1---&gdpr=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=o-OLV3w3UloyL2hvcEFJYzZHaFRxbE1nTmdYMU5iUjc2VEo4L0VEWk5vSjNhdyt2VUpjNWlzYnpjaGlEN0d4enBpYkFRd1dlQ2RmcStXTnJxdUpOZC9wRTlpV1U3U1JJcFN4VEphNUp5NlJIUGxma0JpZXdZUVI0Q1A2bDhEKzJSYmdHMlB6aVhqbEpPakUrRG9SY2o3dFg1R2pqbTVMRjZsNDBzYmI2N3U5NVRQeHJ5K25uaDdHNWpGaE9XTjJsZXdYYlpQb1JTZW5aYlliMHR4VzU4OHBYQncveXBqdksvWTNZNnpINTJ5UU1QYXgwOGUxT0ZQK29xclBNc3JyazVBa00wdFZmWDIrdWVmTWNLMjI4TUxpOW85dz09fA&cppv=2
Request Chain 81
  • https://sb.scorecardresearch.com/b?c1=2&c2=18120612&cs_it=b9&cv=4.10.0%2B2411181312&ns__t=1733278766730&ns_c=UTF-8&cs_cfg=100111&c7=https%3A%2F%2Fwinteriscoming.net%2F&c8=Game%20of%20Thrones%20and%20sci-fi%2Ffantasy%20news%2C%20TV%2C%20and%20movies&c9= HTTP 302
  • https://sb.scorecardresearch.com/b2?c1=2&c2=18120612&cs_it=b9&cv=4.10.0%2B2411181312&ns__t=1733278766730&ns_c=UTF-8&cs_cfg=100111&c7=https%3A%2F%2Fwinteriscoming.net%2F&c8=Game%20of%20Thrones%20and%20sci-fi%2Ffantasy%20news%2C%20TV%2C%20and%20movies&c9=
Request Chain 86
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-adman-v2_n-acuityads HTTP 302
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-adman-v2_n-acuityads&dcc=t
Request Chain 133
  • https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&adnxs_id=$UID&gdpr=0 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY%26adnxs_id%3D%24UID%26gdpr%3D0 HTTP 302
  • https://ids.ad.gt/api/v1/match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&adnxs_id=8843601102025909604&gdpr=0
Request Chain 134
  • https://u.openx.net/w/1.0/cm?id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY%26auid%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY HTTP 302
  • https://u.openx.net/w/1.0/cm?cc=1&id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY%26auid%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY HTTP 302
  • https://ids.ad.gt/api/v1/openx?openx_id=7070f282-8576-4335-8184-d6e6179295cf&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&auid=AU1D-0100-001733278767-XOAZ8OUS-LOSY
Request Chain 135
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY HTTP 302
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY HTTP 302
  • https://ids.ad.gt/api/v1/pbm_match?pbm=7415F8D0-48B4-44DD-BE32-EE89B7ABBAD1&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
Request Chain 136
  • https://token.rubiconproject.com/token?pid=50242&puid=AU1D-0100-001733278767-XOAZ8OUS-LOSY&gdpr=0 HTTP 302
  • https://ids.ad.gt/api/v1/rub_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&rub=M499FC1M-K-A26U&gdpr=0
Request Chain 137
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001733278767-XOAZ8OUS-LOSY&gdpr=0 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001733278767-XOAZ8OUS-LOSY&gdpr=0 HTTP 302
  • https://ids.ad.gt/api/v1/t_match?tdid=abe3c0b0-f74c-469b-b5c7-d768bd26015e&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
Request Chain 138
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3185&partner_device_id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY%26tapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3185&partner_device_id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY%26tapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=0a9d9cb7-c62d-434b-904f-e6fe9527f1a1%252Chttps%25253A%25252F%25252Fids.ad.gt%25252Fapi%25252Fv1%25252Ftapad_match%25253Fid%25253DAU1D-0100-001733278767-XOAZ8OUS-LOSY%252526tapad_id%25253D0a9d9cb7-c62d-434b-904f-e6fe9527f1a1%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=abe3c0b0-f74c-469b-b5c7-d768bd26015e&ttd_puid=0a9d9cb7-c62d-434b-904f-e6fe9527f1a1%2Chttps%253A%252F%252Fids.ad.gt%252Fapi%252Fv1%252Ftapad_match%253Fid%253DAU1D-0100-001733278767-XOAZ8OUS-LOSY%2526tapad_id%253D0a9d9cb7-c62d-434b-904f-e6fe9527f1a1%2C HTTP 302
  • https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&tapad_id=0a9d9cb7-c62d-434b-904f-e6fe9527f1a1
Request Chain 140
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODI0MTY1OC90LzA/url/https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Famo_match%3Fturn_id%3D%24!%7BTURN_UUID%7D%26id%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY HTTP 302
  • https://ids.ad.gt/api/v1/amo_match?turn_id=4459252098359499415&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
Request Chain 141
  • https://sync.go.sonobi.com/us?https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&uid=[UID]&gdpr=0 HTTP 302
  • https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&uid=d903c47d-2bb4-44fd-8a4e-a31e5828d564&gdpr=0
Request Chain 142
  • https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTczMzI3ODc2Ny1YT0FaOE9VUy1MT1NZ
Request Chain 228
  • https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ABA9p3UaLB3hAaSc7-gwyljtaKLxAJ5b4h3GtlybBA39wQbMmB_eqDrNgqrlv9VZ_IFMxs511tEO4FT1wZDsmxtGxRo-7blox3yLI-ltZyzjboEcFL43Mfi9XHf0sekQyIC8qBqIHvq4kwOJ1lzvgu5czw-cjzlLLVPMgeoM7dAH9cHoywXfGMJnrkRAa3r5v7Nk1g-kecXjEQv7UZIQJwLeN8qVh4j2loQ5IawGi9mE9yI9E&dbm_d=AKAmf-CXy0ZBkOAcWrW0H5o0MIYaoTM4eElR8XNqirOyXhfKkgWn0_0X8rLlZiWHXb4Rl-5zY5NnOll3K-LPex7tLGW1Khs82MjWz5rUgzMO4VFy9OTlv66WFhmOEkE6Z1bspaUJ5BL-VLAx8bMgLU922I2GEIZQ_KDC4rVcJ1sPwuzZmbRqfJfD-y3eyvQISBocO87U4o4fiH0g005kJrFZlrsIjQr7-T_LeZ4l1oa2CqGndZFOo7GCe6mOjT6Cj0j44T4O7OtuHSHQA1Co4es_6qiPT99jUcE3DDdRLX4W1bb-fqWyQi43cTAOSjuWOtMMg_B5AzZb1yUH88LNx8qqa0X3BXH548DWk7-NBNDbcnXnZ5jsMyxUXUqh6j8iZd_6GdtFBD-CZZ-iML8PSdJf3z-SdjFT0AHkMtqhbKP3jWwrWsBxDXTzJRviThTUB7tdne3_NMQ0kvuF0yWhTLyv0gXQhGqf6N8WGXLYqtI0O4B1ICMVgY7_mUyfJE2KHlqoixj--JV0Iokp4a7E4Nj9azLchXe6GSA_LVAb0HFyB1iAP7m-p6f7LD1FDII89YD-OPRpdPBYJqwHuzrWmUVDvhQPtD4mbFLoX41IG7mLfzKe6ONrr5E3L2a9UF0hweFJiqOsGgtAjhdKMSprWHKzahBBQKW_IaEH37rXmfFa4h-fMF2mnviHPPTtCRnxJoPVwqk_4yv7D8zYQTaauufD_EINlo9Gn1OXPsgXj8bsfsgubSNA3IxnjAhgHV6aFPYt8doEJjHyxdxohWoTcRuHmaKFJYxLIXAw7d_NcjN7BOzqyY2lUa-EKL50hV6qmMMBD1GtiSdpTP6FWtZL7AM74klP74kLyTyjUfDIjgDaIJBoSeTcZanPmY6MMcg4H07N0QukJYtAfYgT2ub1Xx8byuWA3rV6buPlhNgRnmGRv-87ePsj25DBzytdqJTp-t5TFSnyZ64q-cB5S1T2diWTIU4taMsXQhQBL6AiIh7NBa9JvhoCBTkK0-FxS51AKPmq92BJZ_pvYq3YMIrwzCr0xTsFKP3ffL5-aTKfQ6YkEfPDiuOm_XogxLajjbQfITi4wxXRaB-hBYPBxXft89qQ9N24x_TCzkfw6gBfEJogQPpV6MJEMoLOi7CodiUladued5UsW2L6hFj5F8-RlGwuhRUI3PltEm8QhLOjp8a1vKoMxUMu3cTXDf5lg9rc7SzI1bpL1W8XGd3ChcVIMpFAjAjOWQI3BzitV6iLYOLwFONwKp7uJpCYgxJCYBfjDChejxccOFjh8kXcGXj-WdAQCi6O1QAK9t3fUlvkOSHa-jBibamzkTDHjiqcP7SYS53qSiGQVUZKxBSMCFOvla6vPEopf1EE9gN6fTpXAnjYd9r5NtKI7c6JFRZFyZNAgW5R25aceyX0h1rvcOs7-JOqfADlRiOP-ddM9ixTA2V0urbDAPZnuY8bX51SpkXrnSDQWW2R8U2eB9c6kP713GrBSVhGYS-2sFSEqJsLGID0mu4qE1-Gemkv6kZUcuFcBH8058PESyFBI4gb-phNzgx5NWgFimEkuihDmOR0LuiI4SSyD1yqRpH0A5-WqMe4tbkjmZhqKxNEHPTYLm_LLLlpRyejSgS8Qv_AZOAGgKFqm0T13WFt5vtWr2RvF0GNXWmXkHG0N0O_MS4DxoSEvJpvJxf6Uj6OzeCQSzjrAv-EYkdSVNFYZIECqjzXhjVrE14X4uwYVmRwzVMfZe1c5PJk2Xtx0n-7pG8TQoOZlKD-dsxSoCzquU7ZPWunjrr-xIJYVdtR9-Xatp3iKx4wDu3tA8AvkdMygzbYnHOuz71dZZ50BqDqJP5Th0TLlpbTCuRnuOPpALmNGvm9GkbyJTbjmgF2k3ZwhZCIhquAIQNb-Fj7Wb_FXHfjLje_i4iUV5vnAeA5buOHOh_FNMBhub78_cAXnm5tSKp7Dk-bNmyMafKJKLUY41rfMmfjr1M9t_K81BicIvA4V1Rb8pZ5f0mfGVh9eL1jpAbpnE_g1oGZ8fk_kjO3suMvFkiKqq7-PLyvIMmGrcdfz8bJfQu2HBuzrVe29xNyOgpfGy8N8OLa71Bhb1Mlc3QGneieW5QstfD3dNCu8VQUnPJR7ilTmP4TJmbK2gwsJty0orHGadCopD9rqgkp-tobtFr737ZCLpirKIIEv1DzNwYhdp8yLbp-owsjJyhDyQSAQ7oQbN30r9_GaxBG_PbiSkSDB63E1mIJC7OCagH3YMLWxyc4gnbg1uTUNoN2lGc8Qa3Sy1CyVmeE2ia7ltXTUKczn5sLAhD85aKYpTo_6dgTWLs0dEV4DnBvwqPwiETU72fu-pU4mhIvMy_I88Hd78E4QxntHY0FbHWbkQo8d-tBQORrEAs_B-zk6gxol2BRVRcfq_MSBDwtTXZP3I1IUe2ykjwz8grewUyALNo0VH5TlQch1NOGJPvRE6qGC-C3NBgz_zZbVxpAwROsd9qU69KP_OSS8zN5djH5P0MdDQ6ch3pQBSltH4W9uKqx5293AEmtBs6zRQPLY8cZghQ_dqqOQQ8lIR4cVMc7EU0dgAi1UG1bLcHkMe15gLmYh_zi8HR6x0Ho9v9_jqumv_0vvwuzW9CW3whdZkXyn2965ekFhKPoNbWIAYPRnZFO2pLpKiE09-H5atsT4HbM_-bz1HE2X6yVKd78CnAJkcyKKjMh72KNCW7LMCqBeB_QjX9VIWcqZRWHnOMuun5x6-fS08t9pKgG0hDEXK3NHEG8yBeM7QXyDTE1mA3I_IWQSkf9XxF_5WzOh0cXiIdfQOTYGtu0U7z0hf9Wqwd4zypGYpp4-RqvlQDN5nphFCHAV_WVTTYzWcFRGgyuQ8dTOgOX1Nkvo881AiUc8mOVUfnT18GfRYah332FaUsIJqOUpOSdAVcIaC5iQuu7pWkHxPVA4lTKP-CVS_4GhI5ymjrmT6qmm52WTgYcRz2OBb8dwdXVub4uukVztgdrslpphkTEFwCJeVOXlUmvkkRGh0MKMgbY4blx7CDJ2rhQm2s-xMin2533vvx7WqGVn5CSK0WYed46lYERWwqhyWaPHktDRP4SJwYNGzxXRCG6odt9SczQxb9Quhbn8W_5TzBpyuSUEgSBznqnKlXxgylxgvSJpKpKTnEUJtKfzFRREiWNI7IDrAg5AX4wxB3qMwywPQvP1fTKQONq3BrwB_4A5kWTnwQk5EG2BHDunB3f39YabiUX30-WeFGok11SNtmZHUGnXn0QYEoIlYbW_cjnCToyuKcGFSTAOFnNxaHWoYYm_HGQwoJ8VgxNufC-BGgRv4QcLxSVe-RR5jr040PNr93n-tL0-d2W69GqJG4oiDszxaDb2BX2I78yHK9LYHkmBeeKmZkqEURaX3q8crfowjU3DyORmvJwEDvVdxPw7PbJpl--WG1EYtiIU-0JitzKLpHVmQXbwv--z4wH7AsqbCdo9cXdMH9rt53IpG5WVt6yW8rslo4SWpJKWMSLx2KUlqG7eIWs0MEp2fatBAY9OsNvrKrkPDwz6DPZBs3VzhkekOPHF6ZKBcD1dIR6YFP83AT859EUoXlpjMel1-2pUx1IFG7-FTT7ZVyfjQpbSfV6q3kDevoLvK0VP4FZT5B4zh0uGBcaFe8FAJmKMdKtiAovZw1cdeJsTZnYXKj9gmDEcQ0oBnNCdZbcUefCcBRp_HlfuBD2Tn8WDAHnqT_6xrwAQZrTGsALqKx1HKhnb43__Ea6V0qHti7W-lgqJn1YfuOG544HBCRCriL3r2pjHRKoyC8e5O0R0U-JBkQbukj7bxyZYkA6X8bvrgAtinqKUk2k-tytSsSbK9WuM19fhTwwbe0Zd3THT_sAabWIHs58H6tFwUfks5YMrxawYBSRRDCPNBaZOGSx9qzanBaJxmVQ7QJrARAZlZloQ6E-KjLmtgASny94Tu8LYMPIK06WNhDqVkocGg3nMwVqIflzBU0Z1KUiKHn-PFDmFhZ5m9Ncp6JtOcosx5h4gSNPd4clftddw-QA8fUtMCJ81_JoHQiQpKfY-yhzOwEHceUL7z--kdAuQ56p9zLTIhwtul36HobyOqbGROGc0Y052y77JZoh8awOnITL7ZLq56ipXYYfRj-i-knduDbx0W-G6jXn0f4EwZxmc1dHdu6rYiV1SQZSg3nWeC_RzdDRoPHxfk1b68UnRNUGEEc1rhCQd_3PvkW11rLEeZgYnJbVUV59kSqarkptnD-etMZV7QaU3LmL7mlmiLANpn3jmmaZvy3jR5w&cid=CAQSOwCa7L7devSTTb2_C3gJfszWIJezXDga1eylxyFh9qZDAbg42yY-99z4ABfMNqnAXntaxPuWXc6goZ4xGAE&dc_exteid=31973349850197936724128149189770154&dc_pubid=4 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDI1NDIxMTYKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL2dvb2dsZS5jb20iCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMzAKZXZlbnRfaW1wcmVzc2lvbl9pZDogODA1NDk0NjU5MjMzODQ3MDAzNgpkZWJ1Z19rZXk6IDE0NTIzNDYyNzE4NTk3NDY3NTA3CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyNC0xMi0wNCIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDI1NDIxMTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX01PQklMRV9CUk9XU0VSX0NMQVNTCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDAyNjk0MDUxCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzE5MzUKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMjE4NTg5MTU3MzIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA1OTU5NDE2MDQKICB9Cn0KYXJjaGV0eXBlX2lkOiAyMjA5MzMwOAphcmNoZXR5cGVfaWQ6IDIyMDkzMzA5CmFyY2hldHlwZV9pZDogMjIwOTMzMTAKYXJjaGV0eXBlX2lkOiAyMjA5MzMxMQpmbG9vZGxpZ2h0X2FjdGl2aXRpZXNfZm9yX2JpZGRpbmc6IDQxOTQ2NTEKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2dvb2dsZS5jb20iCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly95b3V0dWJlLmNvbSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2dvb2dsZS5jbiIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDc4MDgxMTYzMjY0CmRtYV9wcm9kdWN0X2lkOiAxMjI3MTU4MzcKeGZhX2F0dHJpYnV0aW9uX2FwaV90eXBlOiBYRkFfQVRUUklCVVRJT05fQVBJX1RZUEVfV0VCCmVjaG9fc2VydmVyX2FjdGlvbjogRUNIT19TRVJWRVJfQUNUSU9OX1VTRV9CRVNUX0FWQUlMQUJMRV9BUkEKZXZlbnRfcmVwb3J0aW5nX3dpbmRvd3MgewogIGVuZF90aW1lc19zZWNvbmRzOiA4NjQwMAogIGVuZF90aW1lc19zZWNvbmRzOiAzNDU2MDAKfQptYXhfZXZlbnRfbGV2ZWxfcmVwb3J0czogMgpmbG9vZGxpZ2h0X2FyYV9jb25maWdzIHsKICBhcmNoZXR5cGVzX2NvbmZpZyB7CiAgICBhZ2dyZWdhdGVfa2V5X2FyY2hldHlwZXMgewogICAgICBhcmNoZXR5cGVfaWQ6IDIyMDkzMzA4CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxMgogICAgICBjb252ZXJzaW9uX2FyY2hldHlwZV9pZDogMgogICAgICBjb252X21ldHJpY190eXBlOiBNRVRSSUNfVFlQRV9DT1VOVAogICAgICBhZ2dyZWdhdGVfa2V5X2xldmVsOiAxCiAgICAgIGNvbnRyaWJ1dGlvbl9wZXJjZW50YWdlOiAwLjAxCiAgICB9CiAgICBhZ2dyZWdhdGVfa2V5X2FyY2hldHlwZXMgewogICAgICBhcmNoZXR5cGVfaWQ6IDIyMDkzMzA5CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxMwogICAgICBjb252ZXJzaW9uX2FyY2hldHlwZV9pZDogMgogICAgICBjb252X21ldHJpY190eXBlOiBNRVRSSUNfVFlQRV9DT1VOVAogICAgICBhZ2dyZWdhdGVfa2V5X2xldmVsOiAyCiAgICAgIGNvbnRyaWJ1dGlvbl9wZXJjZW50YWdlOiAwLjAxCiAgICB9CiAgICBhZ2dyZWdhdGVfa2V5X2FyY2hldHlwZXMgewogICAgICBhcmNoZXR5cGVfaWQ6IDIyMDkzMzEwCiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxNAogICAgICBjb252ZXJzaW9uX2FyY2hldHlwZV9pZDogMgogICAgICBjb252X21ldHJpY190eXBlOiBNRVRSSUNfVFlQRV9DT1VOVAogICAgICBhZ2dyZWdhdGVfa2V5X2xldmVsOiAzCiAgICAgIGNvbnRyaWJ1dGlvbl9wZXJjZW50YWdlOiAwLjAxCiAgICB9CiAgICBhZ2dyZWdhdGVfa2V5X2FyY2hldHlwZXMgewogICAgICBhcmNoZXR5cGVfaWQ6IDIyMDkzMzExCiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxNQogICAgICBjb252ZXJzaW9uX2FyY2hldHlwZV9pZDogMgogICAgICBjb252X21ldHJpY190eXBlOiBNRVRSSUNfVFlQRV9DT1VOVAogICAgICBhZ2dyZWdhdGVfa2V5X2xldmVsOiA0CiAgICAgIGNvbnRyaWJ1dGlvbl9wZXJjZW50YWdlOiAwLjk3CiAgICB9CiAgICBpbXByZXNzaW9uX2FyY2hldHlwZXMgewogICAgICBpbXByZXNzaW9uX2FyY2hldHlwZV9pZDogMTIKICAgICAgW2Fkcy5yZWdpc3RyYXRpb25fbGliLkNvbW1vbkltcHJlc3Npb25BcmNoZXR5cGUuaW1wcmVzc2lvbl9hcmNoZXR5cGVdIHsKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogICAgICB9CiAgICB9CiAgICBpbXByZXNzaW9uX2FyY2hldHlwZXMgewogICAgICBpbXByZXNzaW9uX2FyY2hldHlwZV9pZDogMTMKICAgICAgW2Fkcy5yZWdpc3RyYXRpb25fbGliLkNvbW1vbkltcHJlc3Npb25BcmNoZXR5cGUuaW1wcmVzc2lvbl9hcmNoZXR5cGVdIHsKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX01PQklMRV9CUk9XU0VSX0NMQVNTCiAgICAgIH0KICAgIH0KICAgIGltcHJlc3Npb25fYXJjaGV0eXBlcyB7CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxNAogICAgICBbYWRzLnJlZ2lzdHJhdGlvbl9saWIuQ29tbW9uSW1wcmVzc2lvbkFyY2hldHlwZS5pbXByZXNzaW9uX2FyY2hldHlwZV0gewogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fTU9CSUxFX0JST1dTRVJfQ0xBU1MKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICAgICAgfQogICAgfQogICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVzIHsKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDE1CiAgICAgIFthZHMucmVnaXN0cmF0aW9uX2xpYi5Db21tb25JbXByZXNzaW9uQXJjaGV0eXBlLmltcHJlc3Npb25fYXJjaGV0eXBlXSB7CiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9NT0JJTEVfQlJPV1NFUl9DTEFTUwogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgICAgIH0KICAgIH0KICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlcyB7CiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIFthZHMucmVnaXN0cmF0aW9uX2xpYi5Db21tb25Db252ZXJzaW9uQXJjaGV0eXBlLmNvbnZlcnNpb25fYXJjaGV0eXBlXSB7CiAgICAgICAgY29udmVyc2lvbl9hdHRyaWJ1dGVzOiBDT05WRVJTSU9OX0RJTUVOU0lPTl9DT05WRVJTSU9OX0RBVEUKICAgICAgICBjb252ZXJzaW9uX2F0dHJpYnV0ZXM6IENPTlZFUlNJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQUNUSVZJVFlfSUQKICAgICAgICBjb252ZXJzaW9uX2F0dHJpYnV0ZXM6IENPTlZFUlNJT05fRElNRU5TSU9OX0lTX0JJRERBQkxFCiAgICAgICAgY29udmVyc2lvbl9hdHRyaWJ1dGVzOiBDT05WRVJTSU9OX0RJTUVOU0lPTl9JU19HQ0xJRF9KT0lOQUJMRQogICAgICB9CiAgICB9CiAgICBtYXhfYXR0cmlidXRpb25zX3Blcl9pbXByZXNzaW9uOiAyMAogIH0KICBzdGFydF9kYXRlOiAyMDI0MDkxMQogIGNvbmZpZ19zdGF0dXM6IFNUQVRVU19PSwp9Cg
Request Chain 229
  • https://securepubads.g.doubleclick.net/pagead/adview?ai=CBt6bL7xPZ5PMNO_E0_wP5anBqAa85Mije86f88CIE8Wp66GsPRABIOSEnzxgycapi8Ck2A-gAffKjMgDyAEGqAMBqgSeAk_Q4MyEWVoe-zEkv1kcypdKwUTflh_ZTD7d4c2z4cvcQU7gm-HnK2UiBGNe5PjvdCrA2dBFnR-8FnleQ41TomKM13-lfdXEkeSLs9ibj3XDFghqKUzGIt_pwptVXx68ObCct1p2i8dIgOH1_clBAfoPqIAYhTvRk2WRS0l_lCjL0VFPAG_ZDHyqmZQbuS6OVi7cw1sVWKpAUuz9HG59R_ypZy6O4B5enkj4a1Xuhl31B1RdUv2nyLl0XtoJ-G6cNxONfPJHUdl77g8bU7_G8bomHHUp3FOeJwkYw3dj_Q5VR_h5oxXY7RPk46HVpDdh7GLeXH0e3rC-ma6QnMHwMGrqm9eEy7gzkuFRkSa_9n9s9eO7jK-AW73ONFATzZnABK_pqrrzBOAEA4gFlKuSt1GSBQYIAxABGAGSBQYIGxABGAGSBQYIHRAEGAGSBQYIHRABGAGSBQYIHhABGAGQBgGgBjeAB_G08zeoB9XJG6gH2baxAqgHpr4bqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAf3wrEC2AcB8gcKEITOIRjksZWcAtIIJgiAYRABGB0yAooCOguAQIDAgICAoKiAAki9_cE6WM6Eg8qGjYoDmgl2aHR0cHM6Ly90di55b3V0dWJlLmNvbS93ZWxjb21lLz91dG1fY2FtcGFpZ249eXR2X2RyX3BoX3EzXzIwMjQmdXRtX3NvdXJjZT1wYWlkX21lZGlhJnV0bV9tZWRpdW09ZHYzNjAmdXRtX2NvbnRlbnQ9aW1nc4AKA8gLAdoMEQoLEODPu7XXxYP4rQESAgED4g0TCLzDg8qGjYoDFW_ilAkd5VQQZeoNEwiJxoTKho2KAxVv4pQJHeVUEGWwE6qHuBrIE_a05eUD2BMNiBQC2BQB0BUBmBYBgBcBshcgChwIABIUcHViLTYwMzE3NjY2MDc1MjcyODEYxLUeGAKyGAkSAsZSGDciAQA&sigh=WbelHYcjxN4&uach_m=%5BUACH%5D&ase=2&nis=ATTRIBUTION_REPORTING_STATUS&cid=CAQSOwCa7L7devSTTb2_C3gJfszWIJezXDga1eylxyFh9qZDAbg42yY-99z4ABfMNqnAXntaxPuWXc6goZ4xGAE&template_id=509&vt=10 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xc55c0bf5329023730000000000000000%22,%222%22:%220x7f3418be2dfbcaa10000000000000000%22,%223%22:%220xf2d4cd301fae2c890000000000000000%22,%224%22:%220x29581c12a95f11700000000000000000%22,%225%22:%220xc71200dbe4567bb40000000000000000%22},%22debug_key%22:%2210396438126020106004%22,%22debug_reporting%22:true,%22destination%22:%22https://youtube.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22956507511%22],%2222%22:[%22true%22],%224%22:[%2212-04%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%227417994710355244993%22}&andc=true
Request Chain 243
  • https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DqqW6hQPE1xJvxS6HikiO98ppfy9AQSUCQr5bSCh5bubz3bhM2jM5xHRJW62Fv6hqBHQ1Zq7COEUdqt4utzr1vH3d1JZDjv7nWbRKv5LDntZH8dGtHZQs_CTqBbYXYMF8HyX_37nXwetSrkgXX08BwdV85qNcY6OTCXezred0VB-RRkb0VgY09Zchd2oLEH7tkzs3xNrM_RymFmqMyHHVp5OYjNg&dbm_d=AKAmf-BwlcaIjU6LF5LSvfqyV2hqZYna15Ju7lgsBWe6pYoApad4YObDrjhHO35SB3P6OPeYfjNgRQnUqlqdh9HlsVxpAs-jJsvHRC91lxmweE5Vf86FqDlJHe10_pXYpWwS5TSi8Uxnu1SE-s07nAHfQ0YT7ONovIhgoKV3nX9gMsuthMJYbBmOXx5q-pn51MM3ifT4JI1w_2auybVFZHsTMProg10_eaXqX1BZvsRBTicDkNYNbDWjBoGx1W8_EcCAqJI6wTRRS3XV6RS7qL4fhryBk9lN-p4dYS6444p9z5PvHx7Aqizs-wxEWxlqs1DG61puyeoWXWZf8-QvzEFjC24wuXrcs5Q0DpQyD7fismjvFXnaPEvPXcFsrto0QzN8LN2h5f1HIKwdZQck8_zUzf5KGrWxhLzYD9C7YrqIGSMGixE-1hIJi3G5yjrAbXNWb-CzGSHe47w8gJARoPcpSgbG6VedY3AwOHUiYBv6AyD8tKl-HSyZLpjFK7KYMX5sElYaQrUvI_MdE71RzxGK1eaxE87J9jOxkB1nZXZy-hu4DGgYBDKLKICnrnn-Z6v-hXYWv3E_yw8y19iO1y2IiXAPIWtr3vY8tu2jlW8omtqWb8JaekVOeKjC79ApfWIi7hK07h3AY8Cb_Fk7aWVJekS4ZuWJD0lyzlPOwfRuBy8RsnzvrznqsYPJn9amHNDasZPad-eMH3D_a-5k1Y0QV2oOfWwlEVqiYIzfnmR3FBhlMipZVw8uePcaeCNcGgV6y0OM_M23WJLxi9geXprddBRZvfKKbp74oN9hsRUqEs2p6oziHb-U31uW-DTL9Ng57c_ONClzKxCM3JdNu2S_oRU4C_0-NwqciFxu-zLQr28hBi5NCMIZOhELbRyBhC3qHeAJ4OCJ7WirN0380xds5dDxN3YYqXB_KCeO1VgWu8T_VyaVhbT1YdXIXKWvMOsp5frtP-W-06-ba02xWcX8Nq2xE3xpdByuSbwfXXplWNNerXWO33wp2j4VB7WukcznVmhkmT_Znso4bxpb25Fu6AdQI_1cwDyG5fgB4Us2YpEOZzCgw60SeypJ650uNszAa79qKVwdDi7YkgtIMFbL9dB-_sBgJDNYtMtRFY4VIHwLq9nHxtUMzp7MYVvFZQF4UZxSCdt-hmlE6UYv9ZmRzaFqnUperFdNlaotfBucrDAMDDauvZCBE7E6OCzTXCFkL-T0yE-7HzGwpxBjnkNnJEO8hXGcLW3PAt4yTHnWpQ6dJo_q7OzEWsBIaB5vFPkkzyJ-WoP4FN13uGsG1cxUUKstcR1UpdOQ4eDRvfv_lNVZY9xP1WtaK0TseUxBUVmO37SE6gjOGCWXz5ukTYxWJNq2AdFNiljYIyyHkfVDvolGXOazeeLO_RLAZreM7OF3-1kZuL25pdKMLibYpoAShTWM2sERRuxs54dHeWx08Qw5OL9sBEjtsxS6P81dM0qWPmg1mF59-iyNgy4sYusOG_cl2nB_J_1K6MIl29K5swoD-abkP_aHjCr8EtoKqtHKdgwmTn_a3_b4akEL9KFxRgBfgR9DRcwtRXOhYaZ8XW5j7qSpfVhiQuGYSq1olPiy__i55sBxpfu_Q3uIExIKugSnNaG4BTteTpgQ5ck2UYmFiAgrp9Rxz_JjmBkl8q4pBfpBLWyHmerjxq_kFzPonXYoVKRlaXTqMEXow6Lxxls_19Kb8dyezno0u-cpzv4aRofs8WOTIdRgEDtRON4c_BUtAWw4BFuDseQaB1ei0Whh8WyAgs8uqCUjz6yx8VNi6zXNZfc1Hho-P-ZJnSZjh8dSv9bRQolSPcMtmvXMTWXGbP0iNnFev_-L88nLZy_6gn4xb24ohnLCJ8H9Ru1Ht1dsIVMsQZLnjOml2GfVsgO_UsPVFxoz8HZqZTCjkat2GaLLTRFAfPfMB8lWGdfS_YXWADiSMc3RDLhCxmO6Jp7XSLWvq0ju8qRehENC1MKeqNJ2j9vSWENLmpEhTQmUeHT6bWWRzpVpdte1QKBipWrVJtlYOdY-lGqGGQcI1-6qahDQspbrVgWJ0ijEwzBH92jsNOImUXD-vpa3qjJpVl381JtpEa3EtQiRkXiR7uq38MLYOcmN0ogyQO9Oqd32MWACdvSUhgyTc6OP-lU2UpHHmmMy4bTcsh5MYEAAhRtn9QI2BLSOsqMb8oaBiSuNHn7VmysN-LQUmoMYmVCAxP7vMY76bK3utnSyGzJ396zUrGNtPAg9YzHgw4ADC8yfASNCr7Hd0_ZyMeLAUSPw5iy-iCPWfQXcpVtaTroCbPEb6jhdfDpHvx5OJxT_JUwDvxADQ16X48bmj6X69IdQ6QP0z1MhI1ekX4eW1BSz2zW5bXLdDHZpDIYc2Ngp1V3apMBArdNlmau0LT4mzT4cCYH8sKW_OnWH7KInRPb3U2g5eMgKQe5yB27jJey9IrEAHUQStxxR0OwfG_QYtVVKWTthOzbV-khOW2lFBi8sTQIH8m6Fi48vbe8XXXQpg7z4OMEKB5DdWgfSrW2nE63XwBEyW9Oy6pT6jFloIx9timXqWS_E7e3x9muTfUcLZK5vOii5nUm39hC1Tn5dLpnL1W-24W0TATBLVss72mn6EqfDkZnXEYmEzYLIUSThOuEGabODN7Tr7OYRog6kM5YTlVKtnVkTLwbA5RTjQ9QZvBtRZACHo0aaU4BzdMb6c1XqNWTiRZeCmoMExJQ7OoOaMmf_uOpet41Hdp-AyS78_cl3kIiZlMQqpvn_Ws7arJVxMMBsn3Hg35VDqDaZZDI7sHh_ThrYMlA1OR8Qr9XoQl6L0oYVyvis0tTj60sBVNHm-XgqsdYr_6Mur3QGopGDrE_n09wp2Ki-1u-5ACAHDexuJTCMZuKhxcrarAmYXylHhE52R_OEHpXjTqYDjFZM-xl3wT_l5joKCiExnobZqRbTDoEutMbA-CacNbQXrHPc4KzKIh-T6wDJFF8fbNnlYxg0oGu8Tk6xxLENsxEO83AQ8TIdaPxy0oFtPwRvARBb8OajaJdy9Ks36ovu1zxjLqelXVBtZovsjYhxdQZoPSaLJRyxRFOmjHumA6bRf6sYPOLzd3Cw-lyKa641_V4eMGFaM2nfgTHl49UpCk34zj1EX4dt32A3Khs3OgxBGSrdkUyY8v1YpigTP8g1ov0Yy1qi9tAOqwOcQNg2mdDDbb-6jtE-47FgTDvhCLRvwq4_Ps4FgM3YCBXjFpX8-80A9XpssmwnPwymmTWoFCg_SHdLj0w74rNk2XcJnLU_sbGtysX0bsrQC3sdnFlDJdWdmjbBxgkUhiahYwOrtivom5mL1OYsd4vS9G82lAvPsFtiAzX2tAxI36FF9co_lZEwZNmol5OYN3u0pULcLFUrORLbIyBZQSElm8wmMTCp0ChwV75JxAloFN1pfuuQmeidhrqktcy9Lwl00lEfpgJ4q7safr6XbSE1T0D1835hXYNTX1ryktVt2rhTQrru-K-kFMIXXKnQY0HKK6ILjFqWJORm6yCZb4Q-BRFA9luNSWxWXe9CNZZhP_TIM2wOiAryLbH6gc2Fz0EFE0nIevSkPj3J5urOmYpq3WPBz4fFjMmoHn5LDGqmX9wk4GQqLK5_g3y8MfIAdc_t4ZzMm_6PC9ER4gnyyXrIkELlYHdDFz-OZAloOb-KVe_kAXP-mHBr63yv0D1Ij9Qt8LWBi3tbyFm4hRtnok_6J3nzoaWMaiXrtZDoPplSNgbsinMGgw6kZPWxLI8s5KamaA01CId_P-FBWvExwIgnqOU3F1FJBamkqZf43fppGQMs38epjb5kPwmR7RXturAKUJHubb-g_UyOjJfraRBUHvO6nZ4pdmqyOMlgSy4mfsDesGvREWkCCoegytWDqo4y4TFJJ93XtzV-VBQIuasdDO59RpBmn1Jlak-l8e9TMBma6KEQBV1k2fWF6xjVNIvK6wZWwOVewFMv8sWExlxRuHAnm7nXz24010WKzABmqQlTJCLWHm8BeCKky3YwqxQ-CH_TGap1En6prImGX2fnMjMIBCgEWBNtjxv1MpuoU8Jk30gzDQZzgCLBrYZVfZjsljYYxrCVmLb-ywqe_dalwEnm4DW3lzR8cBuY-fAcx9ot9qSGpKMeG6xyjHte5t8CtupcTGYX3UU1UgK0acUY8h8ACLJuxyvZ_N4cW79h49spm-rPPid76Ffd-STAjn6Er45n80mkbgPSXZemJwgyKpsJfRdAdb1sxH-nXsqUtnhngCI4RRdYwKWg5HgfmdZxOpme9kstM3f8Q0JNtHywr_lexR-NR8NlSBakATyFlMpfDnJwB0t30F7uhUxW-waJQZG7RdZ2j-q8yiMU7dRNyi3sQD9Swk4Yu-leOfDmLfQ2wSZ5-6UVVdebwMDj2mU6ln_qW47gIoGAv7onOW8yB1ln9g_V382SpAvT7omWQiiokmA3wOmRXWTJHYW05Ar5YGfSYaL_y2fVV18nrtfxA9OPeUatG85TQkXlzw1OK7F1V2ckmOLfrOss1VGqqEhJwrJzit0eu0oYN47raj0vH69nMcCYSHo0xg9r2GO6XUtu6QW9qaNlTVNinUzAnSAFltkZMklj1-XbOC73S0isNJysqXhgms8FxGoF74XvEesRIpE6ZslYTXQ-TS-dutrueq0FbulZ0BNalcifCFako_qSQTnAA_ME0soVH7Rfxr6OGuJJzil9Aah5Qy7Fq5JB-0H15xwDPkxXuK6Uzw6tO4CZtlp9SY8Pk2U3r8Fx18jeWKdrxaOAwE_4wSVSzxk&cid=CAQSOwCa7L7devSTTb2_C3gJfszWIJezXDga1eylxyFh9qZDAbg42yY-99z4ABfMNqnAXntaxPuWXc6goZ4xGAE&dc_exteid=31973349850194948351588208242408362&dc_pubid=4 HTTP 302
  • https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDkyMDA3ODkKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL3VuaWNlZi5vcmciCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMzAKZXZlbnRfaW1wcmVzc2lvbl9pZDogMTA3MzQzMzcwOTgyMzUyNDY0MzgKZGVidWdfa2V5OiAxMzAwMzk3MjIxODk0NDM3MTQ3MQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjQtMTItMDQiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA5MjAwNzg5CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9NT0JJTEVfQlJPV1NFUl9DTEFTUwogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQwODgzOTI0OQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzk0MzAzNAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyMTk1MzUxMDMwMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDYxMTkxMjUwMAogIH0KfQphcmNoZXR5cGVfaWQ6IDI3ODc5MDk2CmFyY2hldHlwZV9pZDogMjc4NzkwOTcKYXJjaGV0eXBlX2lkOiAyNzg3OTA5OAphcmNoZXR5cGVfaWQ6IDI3ODc5MDk5CmZsb29kbGlnaHRfYWN0aXZpdGllc19mb3JfYmlkZGluZzogOTMxMjg4NwphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vdW5pY2VmLm9yZyIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2FtYXpvbi1hZHN5c3RlbS5jb20iCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly91bmljZWZ1c2Eub3JnIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzgwODExNjMyNjQKZG1hX3Byb2R1Y3RfaWQ6IDEyMjcxNTgzNwp4ZmFfYXR0cmlidXRpb25fYXBpX3R5cGU6IFhGQV9BVFRSSUJVVElPTl9BUElfVFlQRV9XRUIKZWNob19zZXJ2ZXJfYWN0aW9uOiBFQ0hPX1NFUlZFUl9BQ1RJT05fVVNFX0JFU1RfQVZBSUxBQkxFX0FSQQpldmVudF9yZXBvcnRpbmdfd2luZG93cyB7CiAgZW5kX3RpbWVzX3NlY29uZHM6IDg2NDAwCiAgZW5kX3RpbWVzX3NlY29uZHM6IDM0NTYwMAp9Cm1heF9ldmVudF9sZXZlbF9yZXBvcnRzOiAyCmZsb29kbGlnaHRfYXJhX2NvbmZpZ3MgewogIGFyY2hldHlwZXNfY29uZmlnIHsKICAgIGFnZ3JlZ2F0ZV9rZXlfYXJjaGV0eXBlcyB7CiAgICAgIGFyY2hldHlwZV9pZDogMjc4NzkwOTYKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDEyCiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIGNvbnZfbWV0cmljX3R5cGU6IE1FVFJJQ19UWVBFX0NPVU5UCiAgICAgIGFnZ3JlZ2F0ZV9rZXlfbGV2ZWw6IDEKICAgICAgY29udHJpYnV0aW9uX3BlcmNlbnRhZ2U6IDAuMDEKICAgIH0KICAgIGFnZ3JlZ2F0ZV9rZXlfYXJjaGV0eXBlcyB7CiAgICAgIGFyY2hldHlwZV9pZDogMjc4NzkwOTcKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDEzCiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIGNvbnZfbWV0cmljX3R5cGU6IE1FVFJJQ19UWVBFX0NPVU5UCiAgICAgIGFnZ3JlZ2F0ZV9rZXlfbGV2ZWw6IDIKICAgICAgY29udHJpYnV0aW9uX3BlcmNlbnRhZ2U6IDAuMDEKICAgIH0KICAgIGFnZ3JlZ2F0ZV9rZXlfYXJjaGV0eXBlcyB7CiAgICAgIGFyY2hldHlwZV9pZDogMjc4NzkwOTgKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDE0CiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIGNvbnZfbWV0cmljX3R5cGU6IE1FVFJJQ19UWVBFX0NPVU5UCiAgICAgIGFnZ3JlZ2F0ZV9rZXlfbGV2ZWw6IDMKICAgICAgY29udHJpYnV0aW9uX3BlcmNlbnRhZ2U6IDAuMDEKICAgIH0KICAgIGFnZ3JlZ2F0ZV9rZXlfYXJjaGV0eXBlcyB7CiAgICAgIGFyY2hldHlwZV9pZDogMjc4NzkwOTkKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDE1CiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIGNvbnZfbWV0cmljX3R5cGU6IE1FVFJJQ19UWVBFX0NPVU5UCiAgICAgIGFnZ3JlZ2F0ZV9rZXlfbGV2ZWw6IDQKICAgICAgY29udHJpYnV0aW9uX3BlcmNlbnRhZ2U6IDAuOTcKICAgIH0KICAgIGltcHJlc3Npb25fYXJjaGV0eXBlcyB7CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxMgogICAgICBbYWRzLnJlZ2lzdHJhdGlvbl9saWIuQ29tbW9uSW1wcmVzc2lvbkFyY2hldHlwZS5pbXByZXNzaW9uX2FyY2hldHlwZV0gewogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgICAgIH0KICAgIH0KICAgIGltcHJlc3Npb25fYXJjaGV0eXBlcyB7CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxMwogICAgICBbYWRzLnJlZ2lzdHJhdGlvbl9saWIuQ29tbW9uSW1wcmVzc2lvbkFyY2hldHlwZS5pbXByZXNzaW9uX2FyY2hldHlwZV0gewogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fTU9CSUxFX0JST1dTRVJfQ0xBU1MKICAgICAgfQogICAgfQogICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVzIHsKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDE0CiAgICAgIFthZHMucmVnaXN0cmF0aW9uX2xpYi5Db21tb25JbXByZXNzaW9uQXJjaGV0eXBlLmltcHJlc3Npb25fYXJjaGV0eXBlXSB7CiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9NT0JJTEVfQlJPV1NFUl9DTEFTUwogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogICAgICB9CiAgICB9CiAgICBpbXByZXNzaW9uX2FyY2hldHlwZXMgewogICAgICBpbXByZXNzaW9uX2FyY2hldHlwZV9pZDogMTUKICAgICAgW2Fkcy5yZWdpc3RyYXRpb25fbGliLkNvbW1vbkltcHJlc3Npb25BcmNoZXR5cGUuaW1wcmVzc2lvbl9hcmNoZXR5cGVdIHsKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX01PQklMRV9CUk9XU0VSX0NMQVNTCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICAgICAgfQogICAgfQogICAgY29udmVyc2lvbl9hcmNoZXR5cGVzIHsKICAgICAgY29udmVyc2lvbl9hcmNoZXR5cGVfaWQ6IDIKICAgICAgW2Fkcy5yZWdpc3RyYXRpb25fbGliLkNvbW1vbkNvbnZlcnNpb25BcmNoZXR5cGUuY29udmVyc2lvbl9hcmNoZXR5cGVdIHsKICAgICAgICBjb252ZXJzaW9uX2F0dHJpYnV0ZXM6IENPTlZFUlNJT05fRElNRU5TSU9OX0NPTlZFUlNJT05fREFURQogICAgICAgIGNvbnZlcnNpb25fYXR0cmlidXRlczogQ09OVkVSU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9BQ1RJVklUWV9JRAogICAgICAgIGNvbnZlcnNpb25fYXR0cmlidXRlczogQ09OVkVSU0lPTl9ESU1FTlNJT05fSVNfQklEREFCTEUKICAgICAgICBjb252ZXJzaW9uX2F0dHJpYnV0ZXM6IENPTlZFUlNJT05fRElNRU5TSU9OX0lTX0dDTElEX0pPSU5BQkxFCiAgICAgIH0KICAgIH0KICAgIG1heF9hdHRyaWJ1dGlvbnNfcGVyX2ltcHJlc3Npb246IDE3CiAgfQogIHN0YXJ0X2RhdGU6IDIwMjQxMTEzCiAgY29uZmlnX3N0YXR1czogU1RBVFVTX09LCn0K
Request Chain 244
  • https://securepubads.g.doubleclick.net/pagead/adview?ai=C7pWJL7xPZ5TMNO_E0_wP5anBqAbOuc_ee-Wb1oyfE4PJhPaRRRABIOSEnzxgycapi8Ck2A-gAZjg_usCyAEGqAMBqgSwAk_QkKo3XSAjnH77eX8OIb0w7DqKL_kHabTnQkGiMRbg1fWj-YsOXTKOW0DHk3QOByBlMOssL2cMXqPwT5bmorWUqX81Sd-TK1CPcFp5ARpjvHO8JqvG54T7dQiRvKNQ5nR1S-e-dUFokbFmh0BbQNCT6otWd5rELqfvQnMpJYEYjz8p1lNzRkhSne32_Jo0-xCjHWIT69JGAX6Sv6qG48JGCArDLb--XIR8i462WtshY1zQpKcGD-HD4yfCB1y_aZRmPGoTp1LX4kO3l3Fhvu8m6_-5mcUA47VogMS43jYoVkfCDhURLiMqTRbYH0Q6K8Mb72kUDMpm27IDwsVG98HxogjyCHwzD623QFgw50i-8z3qCLiQhaFEsJ1H9KVS3HrCs8BDMfXzl-UUOHYcDCLABICG7c6SBeAEA4gFnPef5FGSBQYIAxADGAOSBQQIGxgGkgUJCCIYBkjO-p8BkgUGCB0QBBgBkgUGCB0QARgBkgUGCB4QARgBkAYBoAY3gAfQn4GUAagH1ckbqAfZtrECqAemvhuoB47OG6gHk9gbqAfw4BuoB-6WsQKoB_6esQKoB6--sQKoB_fCsQLYBwHyBwoQov4eGLSW5KMC0ggmCIBhEAEYHTICigI6C4BAgMCAgICgqIACSL39wTpYzoSDyoaNigOaCYcCaHR0cHM6Ly93d3cudW5pY2VmdXNhLm9yZy8_Zm9ybT0yNC1naXZpbmctd2Vlay01eCZ1dG1fc291cmNlPXByb2dyYW1tYXRpYyZ1dG1fbWVkaXVtPWNwbSZ1dG1fY2FtcGFpZ249X2RlcC1yZV92ZW5kb3ItdXVzYV9hb21hLWFvX21jYXBtLTIwMjQxMkdUNXgmaW5pdGlhbG1zPV9zb3VyY2UtcHJvZ3JhbW1hdGljX21lZGl1bS1jcG1fY2FtcGFpZ24tX2RlcC1yZV92ZW5kb3ItdXVzYV9hb21hLWFvX21jYXBtLTIwMjQxMkdUNXhfeWVhcmRhdGUtZnkyNV9hdWQtbWGACgPICwHaDBAKChCw-fz_qqPE_h8SAgED4g0TCL3Dg8qGjYoDFW_ilAkd5VQQZeoNEwiKxoTKho2KAxVv4pQJHeVUEGWwE-WorhrIE_Dh9-UD2BMK2BQB0BUBmBYBgBcBshcgChwIABIUcHViLTYwMzE3NjY2MDc1MjcyODEYxLUeGALoFwSyGAUYNyIBAA&sigh=lCq8a8pU1ig&uach_m=%5BUACH%5D&ase=2&nis=ATTRIBUTION_REPORTING_STATUS&cid=CAQSOwCa7L7devSTTb2_C3gJfszWIJezXDga1eylxyFh9qZDAbg42yY-99z4ABfMNqnAXntaxPuWXc6goZ4xGAE&template_id=509&vt=10 HTTP 302
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x6d219e1d898d6fe50000000000000000%22,%222%22:%220xec60c70fff3d1f6b0000000000000000%22,%223%22:%220x1361d719e96e22d50000000000000000%22,%224%22:%220x4b0f8fa667b5dcfc0000000000000000%22,%225%22:%220x3f3b1b59e1cd33da0000000000000000%22},%22debug_key%22:%224443430997211749726%22,%22debug_reporting%22:true,%22destination%22:%22https://unicefusa.org%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22763342872%22],%2222%22:[%22true%22],%224%22:[%2212-04%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210268838874624102097%22}&andc=true
Request Chain 258
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Request Chain 259
  • https://www.google.com/pagead/drt/ui HTTP 302
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

281 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
winteriscoming.net/
Redirect Chain
  • http://winteriscoming.net/
  • https://winteriscoming.net/
539 KB
76 KB
Document
General
Full URL
https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:27c2:7200:a:3342:cb00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
26b81689fbcf8d76ff8c45c323de62a7085f5b6d2514d412ad3ceb8cedb818a3

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
max-age=60, stale-if-error=2592000, stale-while-revalidate=600
content-encoding
gzip
content-type
text/html
date
Wed, 04 Dec 2024 02:19:25 GMT
etag
W/887b258064e9fcc4c65adb7ef141d421b8e680d7b5cc1f75743a7151e41a8b87|125b20900e5df23724a565de49524302a45690028c9f0cf4b1d2578acf2715e4
last-modified
Wed, 04 Dec 2024 02:19:25 GMT
referrer-policy
no-referrer-when-downgrade
server
CloudFront
vary
Accept-Encoding
via
1.1 d0c7523233c2ce4a1a420cfda612235a.cloudfront.net (CloudFront)
x-amz-cf-id
PPO0hy4OyEdPTokfQoXRTtZQJJQ9vo3ucS91Fgz9s15kcl4CAzJa1Q==
x-amz-cf-pop
IAD61-P4
x-cache
Miss from cloudfront
x-from-mm
true

Redirect headers

Cross-Origin-Resource-Policy
Cross-Origin
Location
https://winteriscoming.net/
Non-Authoritative-Reason
HSTS
css
fonts.googleapis.com/
4 KB
688 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Montserrat:600,700&display=swap
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6498fee08a44deeeeab37324eeee5a376bcf493f210b0a9e3486adc12b4886e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 02:19:25 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:25 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 04 Dec 2024 00:42:33 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
css
fonts.googleapis.com/
5 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,600,700&display=swap
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c3e3d7e0bce6022ae66381d04eb4742252d577ba15c5f9cceb49cb14c9eb90b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 02:19:25 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:25 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 04 Dec 2024 02:04:13 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
mz-delivery.js
cdn.mmctsvc.com/
289 KB
93 KB
Script
General
Full URL
https://cdn.mmctsvc.com/mz-delivery.js
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:6200:19:4ac0:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
327fe6d02a0093957548a317de262d85eba34567d4d806a1e5af45b73eb6e116

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-amz-cf-pop
JFK52-P3
cache-control
max-age: 31536000
content-encoding
br
etag
W/"00520f94883d1b64b76a97fe8ad1c64d"
age
32439
via
1.1 b15f339834cfb5119481b1c1eb890372.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
-Xd65SR_xlJfiMxJnJh8_WafcIl3gkNq6Le-EYDypEAgaIrq71l3fA==
date
Tue, 03 Dec 2024 17:18:47 GMT
content-type
text/javascript
vary
accept-encoding, Origin
server
CloudFront
last-modified
Tue, 03 Dec 2024 17:18:44 GMT
x-amz-server-side-encryption
AES256
grumi-ip.js
rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/
16 KB
7 KB
Script
General
Full URL
https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:a400:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5d7be6f59fe99ff493b48c1ff9bb7cad6d8d13b5abf62a009e8f08fb07ad45d2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

vary
accept-encoding
cache-control
public, max-age=14400, stale-while-revalidate=14400, immutable
content-encoding
br
x-amz-version-id
vvY3b.FpV4jBKyxM4bycF9dCk08iJJQF
etag
W/"f0532961cd7857f31499843a77d47ecb"
age
3217
via
1.1 a0be26685e47d6d6220ccd40bc5f0a4e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
Q1Jxlr4onGOuFP4FXgxlVDZO8S0H0FUqy7UvQsLEY6BZlI2-7g-NnQ==
date
Wed, 04 Dec 2024 01:25:49 GMT
content-type
application/javascript
last-modified
Wed, 06 Nov 2024 14:17:34 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
HomePagePhoenix.bundle.GZF5F32V.js
assets.minutemediacdn.com/js/
513 KB
146 KB
Script
General
Full URL
https://assets.minutemediacdn.com/js/HomePagePhoenix.bundle.GZF5F32V.js
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2840:d400:18:ed96:9000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
827cf01c445ea3f29a98f5f75ef293ce692312df3647f7b9971ee92330051aa4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-amz-cf-pop
JFK52-P7
cache-control
max-age: 31536000
content-encoding
br
etag
W/"f7cabb2b6bd02a1f24271f9ffe78e7a4"
age
122629
via
1.1 499aa0ba0d9d68569b8db778d01f84c0.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
9le3EC8lDkYaRLfYNi8ngAw6D3ZJ1wJzlz8Kj1cwHnmj2PA0LR6PWA==
date
Mon, 02 Dec 2024 16:15:37 GMT
content-type
application/javascript
vary
accept-encoding, Origin
server
CloudFront
last-modified
Mon, 02 Dec 2024 16:13:53 GMT
x-amz-server-side-encryption
AES256
images%2FImageExchange%2Fmmsport%2F385%2F01je72d6f6rwkj36ywye.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_7952,h_4473,x_0,y_240/c_fill,w_720,ar_16:9,f_auto,q_auto,g_auto/
27 KB
28 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_7952,h_4473,x_0,y_240/c_fill,w_720,ar_16:9,f_auto,q_auto,g_auto/images%2FImageExchange%2Fmmsport%2F385%2F01je72d6f6rwkj36ywye.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
07306dda8e45a8eead3947db6289b60757bc3a0eff9173dd6ff239893a046bb8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
b2fb18e8bf81a4c35dce4ec36bd273b1
etag
"3a84614dbde9db4b0a3c35d44e065129"
surrogate-reporting
width=720,height=405,bytes=27788,owidth=7952,oheight=5304,obytes=32140543,ef=(1,14,17,23)
age
20425
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
QXL2ujYq_-7xvZ9WWwjQ1_wDeM6Ptzr6l3X_bfUNPbN231HzG1KMUg==
date
Tue, 03 Dec 2024 20:39:00 GMT
content-type
image/webp
content-disposition
inline; filename="01je72d6f6rwkj36ywye.webp"
x-served-by
cache-iad-kiad7000138-IAD
last-modified
Tue, 03 Dec 2024 20:39:01 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733258336.600594,VS0,VE5009
via
1.1 46a0017ecef439253017ac2cc1624646.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
27788
x-amz-cf-pop
JFK50-P2
server
CloudFront
loader.js
sdk.privacy-center.org/3810dd55-0181-4ddc-952e-59a8c9a36fe4/
207 KB
35 KB
Script
General
Full URL
https://sdk.privacy-center.org/3810dd55-0181-4ddc-952e-59a8c9a36fe4/loader.js?target_type=notice&target=WHiEUdYM
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2510:6e00:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
9506ee856da00232d3c2626a817c26ed279e2eb6ea111d7041dd7d4ae9a86ca1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
etag
W/"7e0e99fbf2780267a7a2130adf8ff840"
age
5307
x-amzn-requestid
99b2edb0-be1d-4ce3-8efd-ed5d32d86bed
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
iebNXR4piwv5s9_QnQBe5jmZxLEdzzNzHlJb6j3xTfHjULMXOfpNcg==
date
Wed, 04 Dec 2024 00:50:58 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
max-age=7200, public
x-didomi-remote-config-metadata
multiReg:true;legacyGlobalGdpr:false
x-amzn-trace-id
Root=1-674f8b4f-1303fc0f29fe8eb145278541;Parent=4af01e1930ffd6ed;Sampled=0;Lineage=1:eaae1266:0
via
1.1 48fa2d8b9525abe889eff7ccc8591f7e.cloudfront.net (CloudFront)
x-didomi-configs-version
113
x-amz-cf-pop
JFK50-P5
gtm.js
www.googletagmanager.com/
401 KB
124 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-TCW5HW
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
625188c026613819f042c50a3e82cb4a4d2843fd15ebe4cd88380f13d5663c3e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Wed, 04 Dec 2024 02:19:25 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:25 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 04 Dec 2024 00:35:44 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
126021
x-xss-protection
0
server
Google Tag Manager
truncated
/
10 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ae66a6bfeda36f14aee99589a98078c3d8ffa82a4ce443e11229864de21b68f8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
10 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
465fcc22a8d03db25f15da540b733de0c636465839c7ef99c6dcb233a50af04c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/
8 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
82e16ee1bcf32a940c622c4a318be5da2e337c1278e6226131ca1c6f73001ae1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v29/
37 KB
37 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v29/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:600,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fdc9964050bfa24c27a3c76c6791b3674292a5f352cbc83d7a4dc49595bc3fb1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://winteriscoming.net
Referer
https://fonts.googleapis.com/

Response headers

age
245446
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Mon, 01 Dec 2025 06:08:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 01 Dec 2024 06:08:39 GMT
last-modified
Wed, 06 Nov 2024 17:30:37 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
37828
x-xss-protection
0
server
sffe
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,600,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://winteriscoming.net
Referer
https://fonts.googleapis.com/

Response headers

age
306092
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sun, 30 Nov 2025 13:17:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 30 Nov 2024 13:17:53 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe
sdk.3b69564b3356eb785088abf31b23f0df8a689d7a.js
sdk.privacy-center.org/sdk/3b69564b3356eb785088abf31b23f0df8a689d7a/modern/
364 KB
95 KB
Script
General
Full URL
https://sdk.privacy-center.org/sdk/3b69564b3356eb785088abf31b23f0df8a689d7a/modern/sdk.3b69564b3356eb785088abf31b23f0df8a689d7a.js
Requested by
Host: sdk.privacy-center.org
URL: https://sdk.privacy-center.org/3810dd55-0181-4ddc-952e-59a8c9a36fe4/loader.js?target_type=notice&target=WHiEUdYM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2510:6e00:5:b7cc:d3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
272abc391df3e15605d3908694596670700cda708f3fd38e27637ac394d2e89f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

vary
Accept-Encoding
cache-control
public, max-age=31536000
content-encoding
br
etag
W/"08f74ea7c082ac0c2f61b1f7b1115e36-1"
age
122578
via
1.1 48fa2d8b9525abe889eff7ccc8591f7e.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
s5D81aY6Xcg6XXr90sRm5k4RebmKOiQWKLUn2mW-Do7bhfN8Ktbh8g==
date
Mon, 02 Dec 2024 16:16:28 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 02 Dec 2024 16:16:20 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P5
x-amz-server-side-encryption
AES256
grumi.js
rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/ Frame F4D7
485 KB
170 KB
Script
General
Full URL
https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:a400:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b5ce626628e8825b9361c84c9e94a389d2c00e4a72fc51a77f95bb22b792843b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

vary
Accept-Encoding
cache-control
public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
timing-allow-origin
*
content-encoding
br
etag
W/"13e6ff0e0a9e471400419871059d5b30"
age
3217
via
1.1 a0be26685e47d6d6220ccd40bc5f0a4e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
s3ClLhX4MsOXYrc62ZGji6gJPi84GSwBh5GSZTJs1xmK8eH5xHamhQ==
date
Wed, 04 Dec 2024 01:25:49 GMT
content-type
text/javascript
last-modified
Wed, 04 Dec 2024 01:03:57 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
01jdqvs86f7xn3jy7men.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_96/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
226 B
958 B
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_96/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jdqvs86f7xn3jy7men.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
8e4d4acd6adce81bca1874285e1d2b4925c1cda903b460095f1c553366181f27

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
4aabe4cf0f0255f88b0253566c331349
etag
"68f498862288a36350e4589f881270fa"
surrogate-reporting
width=16,height=9,bytes=226,owidth=1920,oheight=1280,obytes=1659933,ef=(1,14,17,23)
age
206977
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
OZM59q3gnPJ7WmmradGciRro4Ntq_B2rkyObPuvoDleZ3kQAYShXQQ==
date
Sun, 01 Dec 2024 16:49:49 GMT
content-type
image/webp
content-disposition
inline; filename="01jdqvs86f7xn3jy7men.webp"
x-served-by
cache-lga21988-LGA
last-modified
Sun, 01 Dec 2024 16:49:50 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733071789.177199,VS0,VE371
via
1.1 25c8a58d4773aeef98fa0f0f950689bc.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
226
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jd053488ps5cetfdwd.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
344 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jd053488ps5cetfdwd.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
99241624a2bd584ea0ee05d52efa3970c59e99f88a2e8c63d6ec7d277dba3f4d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
70c90d71ddaa6b27b103db832b436b7e
etag
"1e19f675c69b6ec3f5815f629e5d2fee"
surrogate-reporting
width=16,height=9,bytes=344,owidth=1920,oheight=1283,obytes=2634195,ef=(1,14,17,23)
age
130697
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
jPGoAVD0kgraaNTVqn1aOdahUZ3avXS3oJAU487hKCTBAgZ6q2nCFg==
date
Mon, 02 Dec 2024 14:01:09 GMT
content-type
image/webp
content-disposition
inline; filename="01jd053488ps5cetfdwd.webp"
x-served-by
cache-iad-kjyo7100068-IAD
last-modified
Mon, 02 Dec 2024 14:01:10 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733148068.415866,VS0,VE703
via
1.1 8d260504510dc66e11b489b69c10cb8e.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
344
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jdqvwg3dtfmgfbq0tf.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_2821,h_1586,x_0,y_155/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
446 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_2821,h_1586,x_0,y_155/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jdqvwg3dtfmgfbq0tf.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
120d87bc371bbb3ae2ac861ecfc92a6188f87cc20c94a31f232b4c4bbdc1f740

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
e24755c4b3ff8a0f1c2b84b6c1093a0f
etag
"d71c8cef4ff812fae1d0beb0d324533c"
surrogate-reporting
width=16,height=9,bytes=446,owidth=2821,oheight=1881,obytes=3887282,ef=(1,14,17,23)
age
389959
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
DML7gxf4-u0EdtlcPurDAjY08wj90o8SquV4CM3ED3ZCC0QMz9E-TQ==
date
Fri, 29 Nov 2024 14:00:07 GMT
content-type
image/webp
content-disposition
inline; filename="01jdqvwg3dtfmgfbq0tf.webp"
x-served-by
cache-iad-kjyo7100128-IAD
last-modified
Fri, 29 Nov 2024 14:00:08 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1732888807.786169,VS0,VE863
via
1.1 0e9d65763124ffd5921e616a7b0081ce.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
446
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jdpzh9azk7tzd3r47v.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_77/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
224 B
954 B
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_77/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jdpzh9azk7tzd3r47v.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
9426749b997d18aa173a47d37b76c529f37fadc1fa5bc27b666dbe57c75d96f8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
f64d312be8c53318eb79d4d48bb2e7cf
etag
"bed52c6ffa26aa306200e6a02d039fe3"
surrogate-reporting
width=16,height=9,bytes=224,owidth=1920,oheight=1280,obytes=1659933,ef=(1,14,17,23)
age
529987
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
Wncn1Xmkj1-GssSnrLiucZT7UhqJo0a474szTKXpxgCFg257HCa7DA==
date
Wed, 27 Nov 2024 23:06:19 GMT
content-type
image/webp
content-disposition
inline; filename="01jdpzh9azk7tzd3r47v.webp"
x-served-by
cache-lga21949-LGA
last-modified
Wed, 27 Nov 2024 23:06:20 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1732748779.301688,VS0,VE405
via
1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
224
x-amz-cf-pop
JFK50-P2
server
CloudFront
01je6ndta71hjm7mfvyd.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1957,h_1100,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/GettyImages/mmsport/385/
430 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1957,h_1100,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/GettyImages/mmsport/385/01je6ndta71hjm7mfvyd.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
07c27bf8e80697a7ebef5120e97dc6c09db1255b72b6c21c6c3307e2d04c602c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
a96870e24c30ddc5f0c567a537a100b5
etag
"1436e0a64e431a68816cccb0afab5aa2"
surrogate-reporting
width=16,height=9,bytes=430,owidth=1957,oheight=1312,obytes=498550,ef=(1,14,17,23)
age
20430
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
DVu51c8acwNxr3VGBPDHVxa9vEkdGRfFlqm0pnpSHPvxwJDm3q5J4g==
date
Tue, 03 Dec 2024 20:38:56 GMT
content-type
image/webp
content-disposition
inline; filename="01je6ndta71hjm7mfvyd.webp"
x-served-by
cache-lga21975-LGA
last-modified
Tue, 03 Dec 2024 20:38:57 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733258336.878768,VS0,VE501
via
1.1 b6d3c8159ae3de02f9219eb71093bbe2.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
430
x-amz-cf-pop
JFK50-P2
server
CloudFront
01je6kx3dzxrs6xbsxgq.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_3000,h_1687,x_0,y_69/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
324 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_3000,h_1687,x_0,y_69/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01je6kx3dzxrs6xbsxgq.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
9e9343d46452bcc5d558c9739578f0c254981d9566ef58984224c700bd611f3c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
cd1e2231a81d56f72f36b21a1ae5e174
etag
"7d547a2f58b056b65a7075dc1c34f9b9"
surrogate-reporting
width=16,height=9,bytes=324,owidth=3000,oheight=2231,obytes=956730,ef=(1,14,17,23)
age
35756
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
UCFhKCGk6ypgpIASb_s7lQUhDZvev_dQQFHYd4zFAUyrL_ZK2CxLiQ==
date
Tue, 03 Dec 2024 16:23:30 GMT
content-type
image/webp
content-disposition
inline; filename="01je6kx3dzxrs6xbsxgq.webp"
x-served-by
cache-iad-kiad7000087-IAD
last-modified
Tue, 03 Dec 2024 16:23:31 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733243010.721664,VS0,VE692
via
1.1 3055c6bccfd52f4c0ae40793124cb388.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
324
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jdm0fnch6dppt59yk4.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_5037,h_2833,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/GettyImages/mmsport/385/
356 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_5037,h_2833,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/GettyImages/mmsport/385/01jdm0fnch6dppt59yk4.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
8751b595bf81b2e1d86d7fe4ef6be9ba5db857242f746bff9e6db626c66836af

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
f740bb67de24ae794c563ca1901f8f47
etag
"5bbd1fb8a0ca931fafb2abe1069651d6"
surrogate-reporting
width=16,height=9,bytes=356,owidth=5037,oheight=3342,obytes=5568076,ef=(1,14,17,23)
age
28396
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
cLhb7HkmJpSnxLC9kwTgT8MG5vri1l8vk50bAzeYmzhzVWYM9f3iEA==
date
Tue, 03 Dec 2024 18:26:10 GMT
content-type
image/webp
content-disposition
inline; filename="01jdm0fnch6dppt59yk4.webp"
x-served-by
cache-iad-kjyo7100050-IAD
last-modified
Tue, 03 Dec 2024 18:26:11 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733250369.701497,VS0,VE1343
via
1.1 65ed266dda094f56ecb91fc422768658.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
356
x-amz-cf-pop
JFK50-P2
server
CloudFront
01je48zy6qt05q0cwzm0.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
438 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01je48zy6qt05q0cwzm0.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
09f2553e8022e5f2510d3509f0c17b67086ca4342492bd311b45cd46b0283398

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
3932a779d1a34f44f7e663519c26eb2d
etag
"e0c4aebaca3b87128d27d8d47e43f4f6"
surrogate-reporting
width=16,height=9,bytes=438,owidth=1920,oheight=1080,obytes=1313462,ef=(1,14,17,23)
age
98272
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
ZKfGddqo2pWtvOntdi0Q6UoVvXI3BRXBA7efNuDQbFAutVGQqZ6xFA==
date
Mon, 02 Dec 2024 23:01:34 GMT
content-type
image/webp
content-disposition
inline; filename="01je48zy6qt05q0cwzm0.webp"
x-served-by
cache-lga21960-LGA
last-modified
Mon, 02 Dec 2024 23:01:35 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733180494.866921,VS0,VE694
via
1.1 d877346b368e974486e739220882b59e.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
438
x-amz-cf-pop
JFK50-P2
server
CloudFront
01je4awnkb1ed1082szw.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1453,h_817,x_78,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
434 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1453,h_817,x_78,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01je4awnkb1ed1082szw.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
7d3f4464a0640a3bdc7e965975f3fcedb3df644c814f4dae4e36006738ca0601

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
b1168f1fd4b92c267ca03c87f59a471a
etag
"9a3ebc4a72c4e8d582949d4f155ce01d"
surrogate-reporting
width=16,height=9,bytes=434,owidth=1920,oheight=818,obytes=1369997,ef=(1,14,17,23)
age
33844
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
CwEUvtt7Ea3mEQFBunsnWtUten0Zlpw8dtoSSc7jFUW13nyZ5OJ4lg==
date
Tue, 03 Dec 2024 16:55:22 GMT
content-type
image/webp
content-disposition
inline; filename="01je4awnkb1ed1082szw.webp"
x-served-by
cache-iad-kiad7000102-IAD
last-modified
Tue, 03 Dec 2024 16:55:23 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733244922.668312,VS0,VE400
via
1.1 46a0017ecef439253017ac2cc1624646.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
434
x-amz-cf-pop
JFK50-P2
server
CloudFront
01je3nwkq0d9f6fd8ntp.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1080,h_607,x_0,y_566/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
484 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1080,h_607,x_0,y_566/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01je3nwkq0d9f6fd8ntp.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
233e204992af29c72ecd6b8a5efa64449aba6f4d74d8ae39d3080f6e5cf5a259

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
6861a5128ca5ccc67acccabea745c71f
etag
"bd55ee20242cdeff09a8064f819d189e"
surrogate-reporting
width=16,height=9,bytes=484,owidth=1080,oheight=1350,obytes=23512378,ef=(1,14,17,23)
age
101872
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
F1HsT4Ub8B8GPhPAY1VgLBtRYYp0RN7-6lFp8UfUShpDHDhdrWjd5g==
date
Mon, 02 Dec 2024 22:01:34 GMT
content-type
image/webp
content-disposition
inline; filename="01je3nwkq0d9f6fd8ntp.webp"
x-served-by
cache-iad-kiad7000085-IAD
last-modified
Mon, 02 Dec 2024 22:01:00 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
1
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733176895.742630,VS0,VE1
via
1.1 c7484e6276fff55040d279c262fe5f5a.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
484
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jdj8saw63gqby4jr1x.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_6000,h_3375,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
312 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_6000,h_3375,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jdj8saw63gqby4jr1x.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
5d1374a728eb83232fb3eafde75f2ec8c0c47e32483b891071e60c602c2cbe30

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
65814269171e73ad0eaed97971c71f4f
etag
"39b5ae4e8450e710b754bdf10d8f0f96"
surrogate-reporting
width=16,height=9,bytes=312,owidth=6000,oheight=4000,obytes=12335986,ef=(1,14,17,23)
age
115003
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
oDhFyjAkD65LQcP29LfNQ2JzM0ZxbBb0bqYez_DNQsHkgy6LrElnIQ==
date
Mon, 02 Dec 2024 18:22:43 GMT
content-type
image/webp
content-disposition
inline; filename="01jdj8saw63gqby4jr1x.webp"
x-served-by
cache-iad-kiad7000066-IAD
last-modified
Mon, 02 Dec 2024 18:22:44 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733163762.159727,VS0,VE1635
via
1.1 65ed266dda094f56ecb91fc422768658.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
312
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jdr19tve1b2zvhrncn.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_93/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
238 B
972 B
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_93/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jdr19tve1b2zvhrncn.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
b6a61fbfc079dd7d0c9f3a9fafc811cfe4f7050831c1124bd4b3e49df8c97708

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
8aae56836f75e4e7d94b3777fa54e1c3
etag
"56a4494b62613dfd78a1f61d29407726"
surrogate-reporting
width=16,height=9,bytes=238,owidth=1920,oheight=1280,obytes=1214952,ef=(1,14,17,23)
age
119954
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
eaVlkV5KNIHC1NcPOYgs5Cg7lhWjAhVx32p1AjabopQWI2IowKG2SA==
date
Mon, 02 Dec 2024 17:00:12 GMT
content-type
image/webp
content-disposition
inline; filename="01jdr19tve1b2zvhrncn.webp"
x-served-by
cache-iad-kjyo7100034-IAD
last-modified
Mon, 02 Dec 2024 17:00:13 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733158812.032125,VS0,VE817
via
1.1 42aed972fa621ce88b3040a924849922.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
238
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jcr3xv4h8fm4zqhgv2.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_996,h_560,x_0,y_721/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
480 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_996,h_560,x_0,y_721/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jcr3xv4h8fm4zqhgv2.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
1e98b26df745f76b1dbf8757ecb7abadbafa34d3b97b02dd4b24d21720d200e2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
939a36cb29858414684b33daf9768170
etag
"c119bce84e8b2caf0e7470d59dcc1eef"
surrogate-reporting
width=16,height=9,bytes=480,owidth=996,oheight=1500,obytes=191284,ef=(1,14,17,23)
age
127118
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
Yyz6-ILgZGusUyQ9OqQl8CCgBYQsw4RE9bvAIujBaawW4TiiXhpaBQ==
date
Mon, 02 Dec 2024 15:00:48 GMT
content-type
image/webp
content-disposition
inline; filename="01jcr3xv4h8fm4zqhgv2.webp"
x-served-by
cache-iad-kiad7000092-IAD
last-modified
Mon, 02 Dec 2024 15:00:49 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733151648.256894,VS0,VE372
via
1.1 ef315c477bb47c8fcfecf9e0377b18b0.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
480
x-amz-cf-pop
JFK50-P2
server
CloudFront
01je43m40n011agqansd.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1200,h_675,x_0,y_66/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
354 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1200,h_675,x_0,y_66/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01je43m40n011agqansd.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
fc2f7d9d9a3f6ec9f5815983d125d1e1c79ac4afaf95a042b0b56d8f7939e1d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
f9b7c0c6d150c8167440f968acb288d6
etag
"cc15fe3bb185c8da82015d3083aea681"
surrogate-reporting
width=16,height=9,bytes=354,owidth=1200,oheight=800,obytes=143378,ef=(1,14,17,23)
age
22876
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
tobYWtG8ayS1I9y0_U8trrrpDDe3_x7x1_5R4Y4ZkxBDVHzav6Sedg==
date
Tue, 03 Dec 2024 19:58:10 GMT
content-type
image/webp
content-disposition
inline; filename="01je43m40n011agqansd.webp"
x-served-by
cache-iad-kjyo7100091-IAD
last-modified
Tue, 03 Dec 2024 19:58:11 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733255889.362743,VS0,VE734
via
1.1 18f4d2895273eb518f03b4c831d8c396.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
354
x-amz-cf-pop
JFK50-P2
server
CloudFront
01je4e8qdj21xz0nnveb.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_107/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
228 B
964 B
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_107/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01je4e8qdj21xz0nnveb.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
891a85bedcc8593cdbd4783b5b08f04341ef66aa08c08c47bb9246be12ebe0c5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
adc4e52151a56aef290e508ef966d553
etag
"8a5896e0a3797664a74c247011d0f68f"
surrogate-reporting
width=16,height=9,bytes=228,owidth=1920,oheight=1280,obytes=1363805,ef=(1,14,17,23)
age
40750
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
PP33rNaTliuAHCWEGnSjxu7JdvkgYG_SmJV0-pbNLqEw5FqiRxE2pA==
date
Tue, 03 Dec 2024 15:00:16 GMT
content-type
image/webp
content-disposition
inline; filename="01je4e8qdj21xz0nnveb.webp"
x-served-by
cache-iad-kiad7000063-IAD
last-modified
Tue, 03 Dec 2024 15:00:17 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733238016.512131,VS0,VE714
via
1.1 58ff8bffb8202620fab96966a8d77160.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
228
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jdmtrah9rp03qjxm20.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_3508,h_1973,x_0,y_151/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/GettyImages/mmsport/385/
436 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_3508,h_1973,x_0,y_151/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/GettyImages/mmsport/385/01jdmtrah9rp03qjxm20.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
d0159f4a51df0b211e11ff1446f7b94ca6e3e81b2c041477da80670d8fda263a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
5c642ef6a7335825f7d7cb21cc2be031
etag
"65f9ba9941eafbd88134693b4e55604b"
surrogate-reporting
width=16,height=9,bytes=436,owidth=3508,oheight=5263,obytes=4764474,ef=(1,14,17,23)
age
108650
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
dKzPnVwAX8QMiMaDHDJwpke1pU-ud1S0DKUAeQZvq0pGNLu1sbRO1w==
date
Mon, 02 Dec 2024 20:08:36 GMT
content-type
image/webp
content-disposition
inline; filename="01jdmtrah9rp03qjxm20.webp"
x-served-by
cache-iad-kiad7000036-IAD
last-modified
Mon, 02 Dec 2024 20:08:37 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733170116.706296,VS0,VE1001
via
1.1 c00b9a9d46446e53268f343cad13e4d8.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
436
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jbj7mqvsn0bckkf5aa.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_5011,h_2818,x_0,y_175/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/GettyImages/mmsport/385/
370 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_5011,h_2818,x_0,y_175/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/GettyImages/mmsport/385/01jbj7mqvsn0bckkf5aa.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
00385bb02050e6039dcebb4f3a49b3cb4d94ba0ccbcffc184996ef9343a7c0a4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
4be50eadcb8f2b668e47d418263182ec
etag
"9e1771a64f496fe91339857500f8c9de"
surrogate-reporting
width=16,height=9,bytes=370,owidth=5011,oheight=3237,obytes=4525424,ef=(1,14,17,23)
age
215336
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
WSskZYKU83aR8WhORtmsaAywx4KW2GrUrpjQc1fjI32K1Ai-iz8Nnw==
date
Sun, 01 Dec 2024 14:30:30 GMT
content-type
image/webp
content-disposition
inline; filename="01jbj7mqvsn0bckkf5aa.webp"
x-served-by
cache-iad-kiad7000156-IAD
last-modified
Sun, 01 Dec 2024 14:30:23 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
1
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733063430.127086,VS0,VE2
via
1.1 58ff8bffb8202620fab96966a8d77160.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
370
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jdt6s6j3bzjaa8f6c2.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_7952,h_4473,x_0,y_234/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
394 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_7952,h_4473,x_0,y_234/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jdt6s6j3bzjaa8f6c2.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
8c73f9a6f0b8297c118aa6cf1db4fd00b23119b9edfd8fbb9f67ba6d269fb061

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
d9eb4ba931b02d9b4d7e93b5ee8f6a99
etag
"5bc248264834659cd11ee435fb681bec"
surrogate-reporting
width=16,height=9,bytes=394,owidth=7952,oheight=5304,obytes=44635776,ef=(1,14,17,23)
age
32330
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
axmfqEdHbkg6D34aZ2BBLfT2qOBtUlSaahlZ3dAseGtAv6q5m2imbg==
date
Tue, 03 Dec 2024 17:20:36 GMT
content-type
image/webp
content-disposition
inline; filename="01jdt6s6j3bzjaa8f6c2.webp"
x-served-by
cache-iad-kiad7000093-IAD
last-modified
Tue, 03 Dec 2024 17:20:37 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733246434.391005,VS0,VE2563
via
1.1 762d730dc67e76a23b806d2aba1a1cae.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
394
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jdqyh54ynbk642v8yg.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_200/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
212 B
945 B
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_200/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jdqyh54ynbk642v8yg.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e84f49c9ac99bd81566f8d125de14d0db38ef0adf139a869f299de474d22916e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
b61e13abf2fcc6d1e67243d7e64b30b2
etag
"34ff681a2d4944a2533dc7bd1554a7bd"
surrogate-reporting
width=16,height=9,bytes=212,owidth=1920,oheight=1280,obytes=1578524,ef=(1,14,17,23)
age
121774
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
r9pc8-vayVPIGe5zV4zgMZOVAN4pwMdOzeivkOX4gFKFUXkuySl-bw==
date
Mon, 02 Dec 2024 16:29:52 GMT
content-type
image/webp
content-disposition
inline; filename="01jdqyh54ynbk642v8yg.webp"
x-served-by
cache-lga21947-LGA
last-modified
Mon, 02 Dec 2024 16:29:53 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733156992.621094,VS0,VE825
via
1.1 e5f49cd65618fc548cd417b060a75e76.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
212
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jdqsw8frfd18px2dk1.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_983,h_552,x_0,y_430/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
426 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_983,h_552,x_0,y_430/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jdqsw8frfd18px2dk1.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
4409ae2f9f75179a1020c2060f308697a5599149b0aa4f29c088ce97a442b2bf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
f4b57c231526c48599568855a9261a8d
etag
"78512b114068ed7ca26c4819ff9c591c"
surrogate-reporting
width=16,height=9,bytes=426,owidth=983,oheight=1500,obytes=481550,ef=(1,14,17,23)
age
168445
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
xX_s8G7SXk1bTBkuwWwklT8xHI5wUo6LdUR8v1wxZYZJN7XL64JRJQ==
date
Mon, 02 Dec 2024 03:32:01 GMT
content-type
image/webp
content-disposition
inline; filename="01jdqsw8frfd18px2dk1.webp"
x-served-by
cache-lga21929-LGA
last-modified
Mon, 02 Dec 2024 03:32:02 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733110321.177207,VS0,VE657
via
1.1 c7947fe0c635bc68b2cbc2a30738872c.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
426
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jd5qnx53gr0w04twy3.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1847,h_1038,x_0,y_1205/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
472 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1847,h_1038,x_0,y_1205/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jd5qnx53gr0w04twy3.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
00305e463d41613d61feaf6571cdf4569bfbbbdc3df066e1664269c18a57441f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
69708687ec1db9341580803e245874d6
etag
"6b153d566a8e806fa7375b8c1664c0d3"
surrogate-reporting
width=16,height=9,bytes=472,owidth=1847,oheight=2850,obytes=4482184,ef=(1,14,17,23)
age
215336
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
6nL471-nzHaOGJBssSfrkgBEAeGKDUywYc9eezrL6bZ3bRnE5vQg2w==
date
Sun, 01 Dec 2024 14:30:30 GMT
content-type
image/webp
content-disposition
inline; filename="01jd5qnx53gr0w04twy3.webp"
x-served-by
cache-iad-kjyo7100103-IAD
last-modified
Sun, 01 Dec 2024 14:30:31 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733063430.215927,VS0,VE552
via
1.1 46a0017ecef439253017ac2cc1624646.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
472
x-amz-cf-pop
JFK50-P2
server
CloudFront
harry_potter_trading_card_game___dead_tcgs-a50bb2f2e9e852c5e3b8dd64a055d4aa.jpg
images2.minutemediacdn.com/image/upload/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/shape/cover/sport/
474 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/shape/cover/sport/harry_potter_trading_card_game___dead_tcgs-a50bb2f2e9e852c5e3b8dd64a055d4aa.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
5b6fd3c9cb3cf13684e3ed164443b6e59d34491623f142d100b0546a556668da

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
c2cfb4c63a6e8b91d09de3ba56e37271
etag
"4456b7b9dcdc0a60c33e81d99d5630a5"
surrogate-reporting
width=16,height=9,bytes=474,owidth=480,oheight=360,obytes=47331,ef=(1,14,17,23)
age
299909
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
Dbu86mD27rOspdIRjCYnibOqO6QqHy0ssrcSuVbYXBMo9Z7ar-KvXw==
date
Sat, 30 Nov 2024 15:00:57 GMT
content-type
image/webp
content-disposition
inline; filename="harry_potter_trading_card_game___dead_tcgs-a50bb2f2e9e852c5e3b8dd64a055d4aa.webp"
x-served-by
cache-iad-kjyo7100149-IAD
last-modified
Sat, 30 Nov 2024 15:00:58 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1732978857.481120,VS0,VE416
via
1.1 8d260504510dc66e11b489b69c10cb8e.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
474
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jd8sn6cx9zv3t8av6d.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1534,h_862,x_138,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
328 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1534,h_862,x_138,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jd8sn6cx9zv3t8av6d.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
898dd2300bfbc72171ca3ae4b59c3958c7e58a598fe4e6ff5fec72f49817d737

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
d08012c92b711376b5157c54620d8915
etag
"ca79d93e02c899bc5f596d1c5aaba941"
surrogate-reporting
width=16,height=9,bytes=328,owidth=1920,oheight=1080,obytes=891866,ef=(1,14,17,23)
age
303515
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
IZYI5fr-FwV6TuihcEcRY_W-FZbN2SXYb1B1V57BmWmI2b6YEvQ3eQ==
date
Sat, 30 Nov 2024 14:00:50 GMT
content-type
image/webp
content-disposition
inline; filename="01jd8sn6cx9zv3t8av6d.webp"
x-served-by
cache-iad-kiad7000049-IAD
last-modified
Sat, 30 Nov 2024 14:00:51 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1732975249.225558,VS0,VE1749
via
1.1 f8513f043bb0905bbc74a0542f2b9082.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
328
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jbyfxv1m50b6z4sk7k.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
232 B
970 B
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jbyfxv1m50b6z4sk7k.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
f0744731aa95b807bfb554db0d69f387225e90ab21f2c7bd2d42dbcaad05e4d1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
1b2fd33b634c4d413065ab29bf9aa83e
etag
"bd4093c135bc96137b72a0772bc34e7d"
surrogate-reporting
width=16,height=9,bytes=232,owidth=1920,oheight=1278,obytes=1734853,ef=(1,14,17,23)
age
386280
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
B5TC6bsKGM5FfPmE5xnwVYfXRdjFSZIZQ2YtCEctmBU18W3swh-Gfg==
date
Fri, 29 Nov 2024 15:01:26 GMT
content-type
image/webp
content-disposition
inline; filename="01jbyfxv1m50b6z4sk7k.webp"
x-served-by
cache-iad-kiad7000022-IAD
last-modified
Fri, 29 Nov 2024 15:01:27 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1732892485.457297,VS0,VE670
via
1.1 18f4d2895273eb518f03b4c831d8c396.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
232
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jdjw46gw01ry4xmqcg.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_3900,h_2193,x_0,y_119/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
416 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_3900,h_2193,x_0,y_119/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jdjw46gw01ry4xmqcg.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
01757695b3e7944d6d92a0b39cb835a81031fc4ce69c0807c7869b9d20a26ed2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
99268d326ec1a19e2e902d1eddcaefee
etag
"8cc47c4dc197129116465ed71fbab7f9"
surrogate-reporting
width=16,height=9,bytes=416,owidth=3900,oheight=2786,obytes=5686729,ef=(1,14,17,23)
age
544742
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
OURddY0Q_H4xZpo3-2g_0WcNhGOKESRAG7BmDkx1kT8A3nGxJAKi9w==
date
Wed, 27 Nov 2024 19:00:24 GMT
content-type
image/webp
content-disposition
inline; filename="01jdjw46gw01ry4xmqcg.webp"
x-served-by
cache-lga21971-LGA
last-modified
Wed, 27 Nov 2024 19:00:25 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1732734023.041191,VS0,VE1322
via
1.1 79455aeea26d3c071fd96c3c1432669a.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
416
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jdjvt2m3tn2jyy4avp.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_8192,h_4608,x_0,y_460/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
188 B
927 B
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_8192,h_4608,x_0,y_460/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jdjvt2m3tn2jyy4avp.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
23b228313ac1b0816c4ee8994b9fc9e1e25d3e679908320125f60770579ec9ac

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
97d4797812032fb81faba6df8e07b655
etag
"ce76340b8f2040697e79e976389cf377"
surrogate-reporting
width=16,height=9,bytes=188,owidth=8192,oheight=5464,obytes=8741725,ef=(1,14,17,23)
age
541095
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
uVKOBPPIcPk1FMa9Wiw1XcCEmFHB1ZRhyPjRwBSUlV2nfvCEOOXa5A==
date
Wed, 27 Nov 2024 20:01:10 GMT
content-type
image/webp
content-disposition
inline; filename="01jdjvt2m3tn2jyy4avp.webp"
x-served-by
cache-iad-kjyo7100095-IAD
last-modified
Wed, 27 Nov 2024 20:01:11 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1732737669.639902,VS0,VE2324
via
1.1 7b41e543f9f9b11a9ae2c737ed76f904.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
188
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jd0pv0007cr3s08y8j.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_3000,h_1687,x_0,y_224/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
320 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_3000,h_1687,x_0,y_224/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jd0pv0007cr3s08y8j.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
0b35fd96d2ef26af1b3539f8a19c534931abf8e43007fecc7fd52f477c31d3f9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
d7b9757860293ef2c31459b51a55248e
etag
"dd8ea77a7963f1d655050f60de811c4c"
surrogate-reporting
width=16,height=9,bytes=320,owidth=3000,oheight=2000,obytes=4988033,ef=(1,14,17,23)
age
548290
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
o5y7TQ7RMnoiByzKnpSn8Ca9wCVqmxZoT0mHZFwVo1nFkmMBCUi2rw==
date
Wed, 27 Nov 2024 18:01:15 GMT
content-type
image/webp
content-disposition
inline; filename="01jd0pv0007cr3s08y8j.webp"
x-served-by
cache-iad-kjyo7100031-IAD
last-modified
Wed, 27 Nov 2024 18:01:16 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1732730475.034724,VS0,VE956
via
1.1 5971542f35ba4811dd9dacd87e487444.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
320
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jdkk6zgd8kxa2w7w89.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_5513,h_3101,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
338 B
1 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_5513,h_3101,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jdkk6zgd8kxa2w7w89.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
09aaf85ec2dd4c170f2c44462e9cd2fe39bb4e893a604979f47b6628d8dc271c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
38e35461b922910bae9b07430aa317fb
etag
"a085e7a95bfe3f137910aa58cb78d611"
surrogate-reporting
width=16,height=9,bytes=338,owidth=5513,oheight=3446,obytes=16503829,ef=(1,14,17,23)
age
551924
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
ypiukhUbY_Kt_4bSfDrlFVotyz2K_QcKGqHF1oWQAP4vE-hfBkUITw==
date
Wed, 27 Nov 2024 17:00:42 GMT
content-type
image/webp
content-disposition
inline; filename="01jdkk6zgd8kxa2w7w89.webp"
x-served-by
cache-iad-kiad7000178-IAD
last-modified
Wed, 27 Nov 2024 17:00:43 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1732726841.102187,VS0,VE1116
via
1.1 0e9d65763124ffd5921e616a7b0081ce.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
338
x-amz-cf-pop
JFK50-P2
server
CloudFront
01jddbghsx19teahkzeg.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/
252 B
984 B
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_0/c_fill,w_16,ar_16:9,f_auto,q_auto,g_auto/images/ImageExchange/mmsport/385/01jddbghsx19teahkzeg.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
77e3943528baacf0d54e633423b08aeb036d475447ad5e80da7a35c558bf43ce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
2fd231450edb845832a17bf235835685
etag
"17b99590cb6985f1d494f87b0f601fcd"
surrogate-reporting
width=16,height=9,bytes=252,owidth=1920,oheight=1277,obytes=2112332,ef=(1,14,17,23)
age
632941
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
hjNrC17WiFTJekHLSp4O0vApq_xgvNKGmlC9aviDNjzP2BvJShsKFw==
date
Tue, 26 Nov 2024 18:30:25 GMT
content-type
image/webp
content-disposition
inline; filename="01jddbghsx19teahkzeg.webp"
x-served-by
cache-lga21928-LGA
last-modified
Tue, 26 Nov 2024 18:30:26 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1732645825.632905,VS0,VE743
via
1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
252
x-amz-cf-pop
JFK50-P2
server
CloudFront
images%2FImageExchange%2Fmmsport%2F385%2F01jdqvwg3dtfmgfbq0tf.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_2821,h_1586,x_0,y_155/c_fill,w_360,ar_16:9,f_auto,q_auto,g_auto/
17 KB
18 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_2821,h_1586,x_0,y_155/c_fill,w_360,ar_16:9,f_auto,q_auto,g_auto/images%2FImageExchange%2Fmmsport%2F385%2F01jdqvwg3dtfmgfbq0tf.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
24ec8befbd1189baebbcfb2af4b1b1ca1e2fe715c7125863941ed7d0fa9ec909

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-request-id
210f3781a6fd92bc11932da49f3616f7
etag
"7ec1c0fc5f5ab3fd03c421a9a67f9975"
surrogate-reporting
width=360,height=203,bytes=17336,owidth=2821,oheight=1881,obytes=3887282,ef=(1,14,17,23)
age
529710
status
200 OK
x-cache
Hit from cloudfront
x-amz-cf-id
NADDEnq6LunpLtnkimMxQQuc1WqpmbLKtY83dPNCD3lAd4Z4tHmHqg==
date
Wed, 27 Nov 2024 23:10:56 GMT
content-type
image/webp
content-disposition
inline; filename="01jdqvwg3dtfmgfbq0tf.webp"
x-served-by
cache-iad-kjyo7100034-IAD
last-modified
Wed, 27 Nov 2024 23:10:57 GMT
access-control-allow-headers
X-Requested-With
x-cache-hits
0
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1732749055.991464,VS0,VE1144
via
1.1 e1fcfcab7d719cee2446e5bb755eb260.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
17336
x-amz-cf-pop
JFK50-P2
server
CloudFront
images%2FImageExchange%2Fmmsport%2F385%2F01jd053488ps5cetfdwd.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_0/c_fill,w_360,ar_16:9,f_auto,q_auto,g_auto/
24 KB
25 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_0/c_fill,w_360,ar_16:9,f_auto,q_auto,g_auto/images%2FImageExchange%2Fmmsport%2F385%2F01jd053488ps5cetfdwd.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
1a670621887fc5a477e0fc893b488eba232eb5be781230e1cff733780f95d139

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

etag
"f89eb3c822e1d77d739724d56678463c"
surrogate-reporting
width=360,height=203,bytes=25006,owidth=1920,oheight=1283,obytes=2634195,ef=(1,14,17,23)
age
299954
x-cache
Hit from cloudfront
x-amz-cf-id
8YEnrTEWZxQt6KnAG6nSsRF4WzHd7jE0q-MHbdFnV6GgzU89I7bihA==
date
Sat, 30 Nov 2024 15:00:12 GMT
content-type
image/webp
x-served-by
cache-lga21930-LGA
x-cache-hits
0
content-disposition
inline; filename="01jd053488ps5cetfdwd.webp"
access-control-allow-headers
X-Requested-With
last-modified
Mon, 18 Nov 2024 20:34:45 GMT
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1732978812.281578,VS0,VE97
x-orig-request-id
17fe3eb0f04e774a244c10cc4433f900
via
1.1 77c1752e5c6dfb050c6304b9d473a1e2.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
25006
x-amz-cf-pop
JFK50-P2
server
CloudFront
images%2FImageExchange%2Fmmsport%2F385%2F01jdqvs86f7xn3jy7men.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_96/c_fill,w_360,ar_16:9,f_auto,q_auto,g_auto/
8 KB
9 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_96/c_fill,w_360,ar_16:9,f_auto,q_auto,g_auto/images%2FImageExchange%2Fmmsport%2F385%2F01jdqvs86f7xn3jy7men.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
7b07a0a85a4be46b00cf82b2775eaec996c6a444d3987bd5a0cad66012f42e76

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

etag
"dfd91294d0491c5e88c7b395d7ba0255"
surrogate-reporting
width=360,height=203,bytes=8104,owidth=1920,oheight=1280,obytes=1659933,ef=(1,14,17,23)
age
206596
x-cache
Hit from cloudfront
x-amz-cf-id
PmZHkvD9FxRVMeJYPs62sKIvCY1eopr7AcgmGbbHtvicJLYKsXSsTQ==
date
Sun, 01 Dec 2024 16:56:10 GMT
content-type
image/webp
x-served-by
cache-iad-kjyo7100130-IAD
x-cache-hits
0
content-disposition
inline; filename="01jdqvs86f7xn3jy7men.webp"
access-control-allow-headers
X-Requested-With
last-modified
Sun, 01 Dec 2024 16:54:38 GMT
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1733072170.275939,VS0,VE88
x-orig-request-id
65be299280004eaeff768fd5518603a9
via
1.1 bc75f10f1201e895c01d2435d88b6274.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
8104
x-amz-cf-pop
JFK50-P2
server
CloudFront
images%2FImageExchange%2Fmmsport%2F385%2F01jdpzh9azk7tzd3r47v.jpg
images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_77/c_fill,w_360,ar_16:9,f_auto,q_auto,g_auto/
8 KB
9 KB
Image
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_crop,w_1920,h_1080,x_0,y_77/c_fill,w_360,ar_16:9,f_auto,q_auto,g_auto/images%2FImageExchange%2Fmmsport%2F385%2F01jdpzh9azk7tzd3r47v.jpg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
c81ad05c2dcb288d09c829951a1ab76101454b3afb86bbc67807922b3155cebd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

etag
"2453be0ec997e9175f9c190d4fb6649b"
surrogate-reporting
width=360,height=203,bytes=8156,owidth=1920,oheight=1280,obytes=1659933,ef=(1,14,17,23)
age
544817
x-cache
Hit from cloudfront
x-amz-cf-id
z9FJ1TQKqOgCwpfNXOcTyQgSZlkgr6VLmQ1MVKZjKHn2Tuz3FpsH2A==
date
Wed, 27 Nov 2024 18:59:08 GMT
content-type
image/webp
x-served-by
cache-iad-kjyo7100155-IAD
x-cache-hits
0
content-disposition
inline; filename="01jdpzh9azk7tzd3r47v.webp"
access-control-allow-headers
X-Requested-With
last-modified
Wed, 27 Nov 2024 18:12:57 GMT
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1732733949.852652,VS0,VE110
x-orig-request-id
778285d0f3aafe5117112c4255f62e70
via
1.1 7b41e543f9f9b11a9ae2c737ed76f904.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
8156
x-amz-cf-pop
JFK50-P2
server
CloudFront
/
stats.bqstreamer.com/
2 B
661 B
Ping
General
Full URL
https://stats.bqstreamer.com/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/mz-delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4728 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x8YRN5PzJRaSMN6wAyfiqif96hycqNP5UAAYRx9O0JJ5GRXB84SOzSCpE9B8IzEi40N%2FmbaeIMvGPIuvxd3p2cu6wdRx515QPBbK97TFk8R%2BO8ITZfAZGoHVHCqSzvAsIt%2BuILCMBcqu2HItL9p8BVe%2F"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, OPTIONS
cf-ray
8ec84fc12dbb18f2-EWR
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=16042&min_rtt=15497&rtt_var=3098&sent=8&recv=12&lost=0&retrans=0&sent_bytes=4013&recv_bytes=3290&delivery_rate=234947&cwnd=253&unsent_bytes=0&cid=5123d079dbb7b049&ts=144&x=0"
content-length
2
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
text/plain;charset=UTF-8
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
*
prebid8.52.1.js
cdn.mmctsvc.com/commercial-api/
522 KB
165 KB
Script
General
Full URL
https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:261f:6200:19:4ac0:c3c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
88cd0f27791bda7470ed0523b1b7b061703fcb7d635c2b79aeefdbcdb98c0cc8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-amz-cf-pop
JFK52-P3
cache-control
max-age: 31536000
content-encoding
gzip
etag
W/"8d6ad838e4e7cfe017cbd42bcfdc0826"
age
433083
via
1.1 b15f339834cfb5119481b1c1eb890372.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
qs_bgvkWjP5u4wP5duhm0zr0EmEUm2_Zmg4BII-SMv4X79nvfG_-0g==
date
Fri, 29 Nov 2024 02:01:24 GMT
content-type
text/javascript
vary
accept-encoding, Origin
server
CloudFront
last-modified
Tue, 29 Oct 2024 10:02:54 GMT
x-amz-server-side-encryption
AES256
gpt.js
securepubads.g.doubleclick.net/tag/js/
105 KB
33 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1f::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
089b27e5184c1fec4ca2dcbd89641be0d7c69694d19662ff0234cea6bc5485e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
etag
228 / 20061 / 31089182 / config-hash: 9711647823751720821
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 02:19:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
33822
x-xss-protection
0
server
cafe
apstag.js
c.aps.amazon-adsystem.com/
362 KB
78 KB
Script
General
Full URL
https://c.aps.amazon-adsystem.com/apstag.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-40.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1fd9028d5fb8bd54347982d9ec184b5a0a03b24b3ab9fec3bfee897cf0863e52
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
x-amz-version-id
acRdUS1r5cj9tTlQgeSIrajAULQa2p0y
etag
W/"7dc670b8e7e3e32cecb9f0f33e93f3c5"
age
571
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
fI1wdUoMey3YB0ADi96yUhU9w9fxyTGT1cXEfs7Z3DOExko-aidUIQ==
date
Wed, 04 Dec 2024 02:09:56 GMT
content-type
application/javascript
vary
Accept-Encoding, Origin
last-modified
Fri, 29 Nov 2024 04:00:03 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
cache-control
public, max-age=3600
referrer-policy
strict-origin-when-cross-origin
via
1.1 e3b3138ab681fdbb8fab7bde9e330642.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
JFK52-P5
server
AmazonS3
x-amz-server-side-encryption
AES256
/
config.bqstreamer.com/
82 KB
17 KB
Fetch
General
Full URL
https://config.bqstreamer.com/?currentPage=https%3A%2F%2Fwinteriscoming.net%2F&variationId=&isOnSI=false
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/mz-delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:367 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46880f99d2aaec85185eee36fe017a2081e1bfad96ed1fdea9e161a174ce6406

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
br
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B8BXS3wrhBdwFhdvJi8aUHx%2BfXx2NCMlGOP5%2BLXTz08Oa%2Bbw5wD70HIjxmG8rKBUnRPk%2FkNzRL1XLCpbg1BzdxOrt7tAJIg%2FEc8fcCVxTIs5DlWIoEUCRizG%2BFsyUdKcjwrH5w0BdGtIXtY%2BDAyBiDtggA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET,OPTIONS
cf-ray
8ec84fc13f1042c4-EWR
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=15522&min_rtt=14429&rtt_var=3526&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3995&recv_bytes=2327&delivery_rate=273965&cwnd=253&unsent_bytes=0&cid=d649b9701c95504e&ts=125&x=0"
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
widget.js
cdn.userway.org/
2 KB
2 KB
Script
General
Full URL
https://cdn.userway.org/widget.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
c32d3b479112dca3211b0400d00d391e89d014c688bc90b13fcccd7e5e86597c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"2e0c91f589a62061a79a0801e9d185f4"
age
236
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
nd208sALcDHeU5nv-I6WEXB5T9hRPB1oHqe5PtepdyV4RQtUipt9EA==
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/javascript
last-modified
Mon, 02 Dec 2024 09:51:26 GMT
x-77-nzt-ray
ce37a61972d1eb352ebc4f67375cc818
vary
Accept-Encoding
x-77-nzt
EgwBWbuxGAH3CAUAAAwBnJI74gG3GgAAAA
cache-control
max-age=3600, public
via
1.1 d0abe8e02f00bbb3378a9a4149801740.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
1288
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
js
www.googletagmanager.com/gtag/
267 KB
94 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-X878ZPFT48&l=dataLayer&cx=c&gtm=45He4bk0v72382166za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCW5HW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
463a38e12ab498dda9a61b4a32dd73d26cf2649617bdab82fcc728c8ce8895cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 04 Dec 2024 02:19:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
96265
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/
284 KB
98 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-NB8RD6J3M6&l=dataLayer&cx=c&gtm=45He4bk0v72382166za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TCW5HW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7f996a0e7b6b60388701960c53efcfe93969f7aedfdf8411930e95ffdd4ff6d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 04 Dec 2024 02:19:26 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
100183
x-xss-protection
0
server
Google Tag Manager
fbevents.js
connect.facebook.net/en_US/
239 KB
61 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d6350cefb90d29241d3e02629bb4cf96e2458fa3d1dd1bf0ff1a5870a4eb8f2f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-bGdMcYEM' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-bGdMcYEM' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=16, rtx=0, c=23, mss=1232, tbw=4450, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
RUGFKFRkaVBcdHhH5m/chWbtbf1Rwunuy589RiDuQPBGqKwCfgn6Bnmi3CUqE6d1c5Gr8d5FpktNqkDgaCnmOg==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62128
x-xss-protection
0
origin-agent-cluster
?1
voltaxFlyoutInjector.js
app.fansided.com/scripts/
3 KB
2 KB
Script
General
Full URL
https://app.fansided.com/scripts/voltaxFlyoutInjector.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211c:1a00:1b:3a6c:1300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d7988bfa1e7bdefad6eee21d30705d6d27bf9aeff0076cc4a374f901a041a270

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-amz-cf-pop
JFK52-P4
content-encoding
gzip
etag
W/"a2f67de0591e15cae8cf6fd11cd7207d"
age
1158
via
1.1 acbc16f609c0c9804b8a2c3d38d3023e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
X0zP1I77d-44cnIi2JKQj61X4t_6v7c7u4tF-7RBoshhSRHOQUmF9w==
date
Wed, 04 Dec 2024 02:00:09 GMT
content-type
text/javascript
vary
accept-encoding
server
AmazonS3
last-modified
Tue, 19 Nov 2024 21:07:21 GMT
x-amz-server-side-encryption
AES256
beacon.js
sb.scorecardresearch.com/internal-cs/default/
Redirect Chain
  • https://sb.scorecardresearch.com/cs/18120612/beacon.js
  • https://sb.scorecardresearch.com/internal-cs/default/beacon.js
15 KB
5 KB
Script
General
Full URL
https://sb.scorecardresearch.com/internal-cs/default/beacon.js
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Server
18.173.219.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-219-84.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6d26f7668d31aaeb9a8a01ca082bfbc2d4c4ab37eeb46bc54f14bd7d7e085985

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

vary
accept-encoding
cache-control
max-age=86400
content-encoding
gzip
etag
W/"af0f9e543b8925f25674625eeef07cd5"
age
50796
via
1.1 9072caf3ec2d91f3dd159b88ae86e822.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
pGiAD9TD54cQLSr2OhTZH2kqKOIgiPuKYiK5RZU7wef8N-CRuosb0w==
date
Tue, 03 Dec 2024 12:12:51 GMT
content-type
text/javascript
last-modified
Tue, 26 Nov 2024 12:10:06 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P1
x-amz-server-side-encryption
AES256

Redirect headers

location
/internal-cs/default/beacon.js
accept-ch
UA, Platform, Arch, Model, Mobile
via
1.1 9072caf3ec2d91f3dd159b88ae86e822.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
LpeE1jaXIPuzAKmEHQG0e_SGgYyfcTv92KU14CKzonLl4mLnNObKUQ==
date
Wed, 04 Dec 2024 02:19:26 GMT
x-amz-cf-pop
JFK52-P1
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.aps.amazon-adsystem.com
URL: https://c.aps.amazon-adsystem.com/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.112.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-112-90.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
content-encoding
gzip
x-amz-version-id
r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE
etag
W/"a4d296427fc806b21335359e398c025c"
age
9580
access-control-allow-methods
GET
x-cache
Hit from cloudfront
x-amz-cf-id
Pwh-QrsupLpy4d5i2T4qnxigAHEmbqPE3qlJY-b-gSjKijq-MroAKg==
date
Tue, 03 Dec 2024 23:39:47 GMT
content-type
application/javascript
vary
Origin,accept-encoding
last-modified
Thu, 29 Feb 2024 02:13:08 GMT
cache-control
public, max-age=86400
via
1.1 0667564db9d2ec4ceec667e46b842a9c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
JFK50-P3
server
AmazonS3
x-amz-server-side-encryption
AES256
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412030101/
497 KB
153 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412030101/pubads_impl.js?cb=31089182
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1f::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f6ada997873a7e073fc506b93f86b6d2be7de4cc6ae085557bc322cc6df331
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
etag
6831530709922679929
age
56841
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 10:32:05 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Tue, 03 Dec 2024 10:32:05 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
157012
x-xss-protection
0
server
cafe
json
gum.criteo.com/sid/ Frame
0
0
Preflight
General
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwinteriscoming.net%2F&domain=winteriscoming.net&cw=1&lsw=1&us_privacy=1---&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://winteriscoming.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://winteriscoming.net
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Wed, 04 Dec 2024 02:19:26 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
190977
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
/
stats.bqstreamer.com/
2 B
441 B
Ping
General
Full URL
https://stats.bqstreamer.com/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/mz-delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4728 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7tqgfns8mYiEcAkbEPqUpXa10pxgw8hk6Bg0hCLXzFOfSSS8qQACbtVygEZ%2BhyzJfHpnKfHZ9a5qJkvX9kXulo5fUeoBEcqo%2FX41jnB94qTwXXGeShGjgz%2BfX%2Fw6CknHq6v5bQMtFqTPB3ZaZGIJs4xs"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, OPTIONS
cf-ray
8ec84fc28f1a18f2-EWR
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=21582&min_rtt=15497&rtt_var=12769&sent=15&recv=20&lost=0&retrans=0&sent_bytes=4740&recv_bytes=6232&delivery_rate=234947&cwnd=256&unsent_bytes=0&cid=5123d079dbb7b049&ts=345&x=0"
content-length
2
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
text/plain;charset=UTF-8
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
*
/
stats.bqstreamer.com/
2 B
432 B
Ping
General
Full URL
https://stats.bqstreamer.com/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/mz-delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4728 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dwMLPh9gt5jQid4JlvLcGA6PukRLyaksvRywUtf34vmp94pyngXcqBazthn6AdhwcE3EexGp%2BWxYbfG7cEfCQis9hWumLru5A2sEYodCenw4hflBevHFKDWvY9PZOjKVv78i0yvFAFUP1IBoU1z5eVZy"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, OPTIONS
cf-ray
8ec84fc28f1b18f2-EWR
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=17211&min_rtt=8211&rtt_var=11873&sent=18&recv=23&lost=0&retrans=0&sent_bytes=5247&recv_bytes=6232&delivery_rate=471981&cwnd=257&unsent_bytes=0&cid=5123d079dbb7b049&ts=364&x=0"
content-length
2
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
text/plain;charset=UTF-8
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
*
sid
mug.criteo.com/
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fwinteriscoming.net%2F&domain=winteriscoming.net&cw=1&lsw=1&us_privacy=1---&gdpr=0
  • https://mug.criteo.com/sid?cpp=o-OLV3w3UloyL2hvcEFJYzZHaFRxbE1nTmdYMU5iUjc2VEo4L0VEWk5vSjNhdyt2VUpjNWlzYnpjaGlEN0d4enBpYkFRd1dlQ2RmcStXTnJxdUpOZC9wRTlpV1U3U1JJcFN4VEphNUp5NlJIUGxma0JpZXdZUVI0Q1A2bD...
365 B
954 B
Fetch
General
Full URL
https://mug.criteo.com/sid?cpp=o-OLV3w3UloyL2hvcEFJYzZHaFRxbE1nTmdYMU5iUjc2VEo4L0VEWk5vSjNhdyt2VUpjNWlzYnpjaGlEN0d4enBpYkFRd1dlQ2RmcStXTnJxdUpOZC9wRTlpV1U3U1JJcFN4VEphNUp5NlJIUGxma0JpZXdZUVI0Q1A2bDhEKzJSYmdHMlB6aVhqbEpPakUrRG9SY2o3dFg1R2pqbTVMRjZsNDBzYmI2N3U5NVRQeHJ5K25uaDdHNWpGaE9XTjJsZXdYYlpQb1JTZW5aYlliMHR4VzU4OHBYQncveXBqdksvWTNZNnpINTJ5UU1QYXgwOGUxT0ZQK29xclBNc3JyazVBa00wdFZmWDIrdWVmTWNLMjI4TUxpOW85dz09fA&cppv=2
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Server
74.119.117.17 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
1415fe00c4470b064a96d45f32b6b82d02bbfc4f827a378737a2d71ea96a216c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
557732
expires
0
access-control-allow-origin
null
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
Kestrel

Redirect headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-cache, no-store, must-revalidate
location
https://mug.criteo.com/sid?cpp=o-OLV3w3UloyL2hvcEFJYzZHaFRxbE1nTmdYMU5iUjc2VEo4L0VEWk5vSjNhdyt2VUpjNWlzYnpjaGlEN0d4enBpYkFRd1dlQ2RmcStXTnJxdUpOZC9wRTlpV1U3U1JJcFN4VEphNUp5NlJIUGxma0JpZXdZUVI0Q1A2bDhEKzJSYmdHMlB6aVhqbEpPakUrRG9SY2o3dFg1R2pqbTVMRjZsNDBzYmI2N3U5NVRQeHJ5K25uaDdHNWpGaE9XTjJsZXdYYlpQb1JTZW5aYlliMHR4VzU4OHBYQncveXBqdksvWTNZNnpINTJ5UU1QYXgwOGUxT0ZQK29xclBNc3JyazVBa00wdFZmWDIrdWVmTWNLMjI4TUxpOW85dz09fA&cppv=2
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
281427
expires
0
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:25 GMT
server
Kestrel
prebid
id5-sync.com/api/config/
195 B
668 B
Fetch
General
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns31533569.ip-162-19-138.eu
Software
/
Resource Hash
3520ab6871aac9ce5c67a2f3f8e9b5a312f76a79130e52c387a10c5c56b0cbbb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-origin
https://winteriscoming.net
p3p
CP="CAO PSA OUR"
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/json;charset=UTF-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials
true
3777
config.aps.amazon-adsystem.com/configs/
531 B
796 B
Script
General
Full URL
https://config.aps.amazon-adsystem.com/configs/3777
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.106.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-106-59.jfk50.r.cloudfront.net
Software
CloudFront /
Resource Hash
6598525fb7f424f533cc1e037c324825db29436400b47e15b4272a58857eec33

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
max-age=3600
age
24
via
1.1 bce50d2cc476ede482a8048a0c124908.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
content-length
531
x-amz-cf-id
7NhLEjLT7EXoDe6Mnp28-r5RgjBvWxlUEAa0oKwyxv_H-V37GeSqEQ==
date
Wed, 04 Dec 2024 02:19:02 GMT
content-type
application/javascript
x-amz-cf-pop
JFK50-P3
server
CloudFront
config
c.amazon-adsystem.com/cdn/prod/
3 KB
4 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/cdn/prod/config?src=3777&u=https%3A%2F%2Fwinteriscoming.net
Requested by
Host: c.aps.amazon-adsystem.com
URL: https://c.aps.amazon-adsystem.com/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.112.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-112-90.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
bb30806a921a35e06a5446d679b0c669ddcad0dd480bd7d80b9f37791cb0e435

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
max-age=21550, s-maxage=21600
age
12096
access-control-allow-credentials
true
via
1.1 472c04481f2812a974e09db484cbbc3a.cloudfront.net (CloudFront)
access-control-allow-origin
https://winteriscoming.net
x-cache
Hit from cloudfront
content-length
3335
x-amz-cf-id
tJbJ3l_SABej6AcZW9CSGYx06KgcADF_aYcAHsLxIUes20b9Rj8LtQ==
date
Tue, 03 Dec 2024 22:57:50 GMT
content-type
application/json;charset=UTF-8
x-amz-cf-pop
JFK50-P3
server
Server
bid
aax.amazon-adsystem.com/e/dtb/
165 B
501 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=3777&u=https%3A%2F%2Fwinteriscoming.net%2F&pid=OxF9a7KEQzX8c&cb=0&ws=1600x1200&v=24.1107.1713&t=2500&slots=%5B%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Fsidebar1____no-slot____27_p1_1_a9%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Fsidebar1%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Fsidebar1____no-slot____28_p1_1_a9%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Fsidebar1%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Fsidebar2____no-slot____29_p1_1_a9%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Fsidebar2%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Fsidebar2____no-slot____30_p1_1_a9%22%2C%22s%22%3A%5B%22300x250%22%2C%22300x600%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Fsidebar2%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Ftop_d____no-slot____31_p1_1_a9%22%2C%22s%22%3A%5B%22970x250%22%2C%22728x90%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Ftop_d%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Ftop_d____no-slot____32_p1_1_a9%22%2C%22s%22%3A%5B%22970x250%22%2C%22728x90%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Ftop_d%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Finfeed2_d____no-slot____33_p1_1_a9%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Finfeed2_d%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Finfeed2_d____no-slot____34_p1_1_a9%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Finfeed2_d%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Finfeed1_d____no-slot____35_p1_1_a9%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Finfeed1_d%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Finfeed1_d____no-slot____36_p1_1_a9%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Finfeed1_d%22%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22mobile%22%3A0%2C%22source%22%3A1%2C%22platform%22%3A%7B%22brand%22%3A%22%22%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&sm=44a188c2-29f4-498d-b8bf-717cb611f76d&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D
Requested by
Host: c.aps.amazon-adsystem.com
URL: https://c.aps.amazon-adsystem.com/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.108.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-108-113.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
a32148b2db558a216f6f640052e43fd1fa5abf618fbd295eba718b0d5a352c98

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
access-control-allow-credentials
true
via
1.1 00266a01055b9f1e1ad959f077c1d96a.cloudfront.net (CloudFront)
access-control-allow-origin
https://winteriscoming.net
x-cache
Miss from cloudfront
content-length
166
x-amz-cf-id
oASDG5JVfTuxtToE3H0PKL5gKLdicoJ8TjNx8k19NwM5Z2_SU5S46A==
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
text/javascript;charset=UTF-8
x-amz-cf-pop
JFK50-P6
server
Server
widget_app_base_1733132850231.js
cdn.userway.org/widgetapp/2024-12-02-09-47-30/
130 KB
41 KB
Script
General
Full URL
https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
e1e6f277c33ff995e4e988743eec16116b137ef1b2ae0e177730e2b2e66a6e6e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://winteriscoming.net
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"91d34a44d03d2a5bd84cdf20e46095b6"
age
237
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
t0yRAJOmJyylUijG4p2zrgYAuTQCqA3n33gwTC83Gy2YbKSRpuhL-Q==
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/javascript
last-modified
Mon, 02 Dec 2024 09:51:11 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a619a3077c382ebc4f67b3e52920
x-77-nzt
EgwBWbuxGAH3lTcCAAwBnJI76AG3GAAAAA
cache-control
max-age=25920000, public
via
1.1 7c1248297a08764c17a9223ad5c211f8.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
145301
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
collect
www.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-X878ZPFT48&gtm=45je4bk0v894323542z872382166za200zb72382166&_p=1733278765649&gcd=13l3l3l3l1l1&npa=0&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485&cid=574771359.1733278767&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&dl=https%3A%2F%2Fwinteriscoming.net%2F&dt=Game%20of%20Thrones%20and%20sci-fi%2Ffantasy%20news%2C%20TV%2C%20and%20movies&dr=&sid=1733278766&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&ep.sample_rate=100&ep.page_language=en&ep.page_type=HomePage&ep.distribution_channels=none%2C&ep.anonimized=false&ep.traffic_source_to_dfp=Direct&ep.traffic_id_to_dfp=&ep.affiliate_id_hit=&ep.is_article_infinite_scroll_page=false&epn.number_of_article_on_page=1&ep.player_ownership=O%26O&ep.experiment_version_hit=&ep.maxmind_geo_detected_hit=US&epn.unique_event_id_hit=165&ep.post_fs_site_id=385&ep.post_vertical=ENTERTAINMENT&ep.anonymizeIp=true&ep.cookieFlags=samesite%3Dnone%3Bsecure&ep.platform=desktop&ep.article_template=none&ep.is_slideshow=false&ep.finite_scroll_data_exists=false&ep.mm_user_identifier=eQ1hdwl55vvIHDZZ&ep.userid_hit=eQ1hdwl55vvIHDZZ&ep.GTM_event_trigger=GTM%20data%20ready%20to%20GA&ep.property=385&ep.mmSessionID=yc40kWH0Eoj5HMOK&ep.mmUserID=eQ1hdwl55vvIHDZZ&ep.custom_timestamp=2024-12-04T02%3A19%3A26.401Z&ep.state=NY&ep.GTM_container_name=Minute%20Media&up.affiliate_id_user=&up.experiment_version_user=&up.property=Winter%20is%20Coming&up.mmUserID=eQ1hdwl55vvIHDZZ&up.geo_detected_user=US&tfd=1812
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-X878ZPFT48&l=dataLayer&cx=c&gtm=45He4bk0v72382166za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://winteriscoming.net
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
text/plain
server
Golfe2
739763452834773
connect.facebook.net/signals/config/
68 KB
13 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/739763452834773?v=2.9.176&r=stable&domain=winteriscoming.net&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7480ad4844eadbd418e8e91b136bbd5fab3120cc8122a68cc5ed838f3ab5cc60
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src 'nonce-CkIEVGIv' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: *;script-src 'nonce-CkIEVGIv' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=14, rtx=0, c=73, mss=1232, tbw=70923, tp=67, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
0aAvvsd+kcxEa5ODvzt97r3n+QxYFBXnLFSB3c3ooaHv3KnBkptAmAoN8QZTc+6FteBBo0tIuvcC7u0EvBI8yQ==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
13515
x-xss-protection
0
origin-agent-cluster
?1
launchpad-liveramp.js
launchpad-wrapper.privacymanager.io/39474863-a748-40f1-9018-27d1ee3c474c/
12 KB
3 KB
Script
General
Full URL
https://launchpad-wrapper.privacymanager.io/39474863-a748-40f1-9018-27d1ee3c474c/launchpad-liveramp.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.35.93.44 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-93-44.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1864c515cb8d27edeeb06d1c47b0eac409d3611d6d979efb9e38c66c2484e01a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
x-amz-version-id
6IIMIgDAOpo3GDT6YNylrbTHNZvzX7pI
etag
W/"8889243b46347876dc5fb4ad3d75e93b"
age
80273
x-cache
Hit from cloudfront
x-amz-cf-id
bqU_hv-DJ-XfzumnxY1mIDE2-blX5NC618D8lUXcMX9gOyV43R2u4Q==
date
Tue, 03 Dec 2024 04:01:34 GMT
content-type
text/javascript
vary
accept-encoding
last-modified
Mon, 01 Jul 2024 14:04:14 GMT
content-disposition
attachment; filename="launchpad-liveramp.js"
x-amz-replication-status
COMPLETED
via
1.1 2da1a465458d2c4bd692e693d75f0780.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
sync.min.js
tags.crwdcntrl.net/lt/c/16576/
43 KB
13 KB
Script
General
Full URL
https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-28.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5fd7fc4b8be9c2eeb3efb728f0483d444e4a8db80f0597e4ef7950105638bb08

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

vary
Accept-Encoding
cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"ad78eaf46246cac6849005eb8b50ae6f"
age
60116
via
1.1 1631ac35bac9cbaaa7c65e1bf3666d7a.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
45d5sLn7INETS-6vSyNPWIz_hE1nAcl-r91_VWkPwyHyI2sKOE6tkA==
date
Tue, 03 Dec 2024 09:37:31 GMT
content-type
text/javascript
last-modified
Tue, 20 Aug 2024 18:47:23 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
x-amz-server-side-encryption
AES256
hadron.js
cdn.hadronid.net/
56 KB
12 KB
Script
General
Full URL
https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwinteriscoming.net%2F&ref=&_it=amazon&partner_id=454
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:246e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41740cbf4cb374a9359f301ed2232273b4330cd23edca6b84a587e2a9159d340

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
public, max-age=432000
content-encoding
br
cf-cache-status
HIT
etag
W/"8b2afbfa7604b3dd460e976b0a33235a"
age
12
x-amz-request-id
KJJDGXHSR67Q7515
expires
Mon, 09 Dec 2024 02:19:26 GMT
cf-ray
8ec84fc36f8f4237-EWR
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
text/javascript
last-modified
Tue, 03 Dec 2024 16:29:52 GMT
vary
Accept-Encoding
server
cloudflare
x-amz-id-2
YehN7/25bNsYc98Yp16niWgTf4+IZNONxlC2bET4i1Evu33/HsmigsE3km1f7GcNR+sxlWIz558=
launcher-stub.min.js
secure.cdn.fastclick.net/js/cnvr-launcher/latest/
14 KB
5 KB
Script
General
Full URL
https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher-stub.min.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.203.179.38 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-179-38.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d3c286558922ca8c2c69167698cd61a8280cb03b81bb41d9bd633f80f18c274f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
max-age=900
content-encoding
gzip
etag
"38c0-5e92054540ea5-gzip"
expires
Wed, 04 Dec 2024 02:34:26 GMT
accept-ranges
bytes
content-length
5252
date
Wed, 04 Dec 2024 02:19:26 GMT
last-modified
Tue, 20 Sep 2022 18:52:26 GMT
content-type
application/javascript
server
Apache
vary
Accept-Encoding
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-NB8RD6J3M6&gtm=45je4bk0v881192982z872382166za200zb72382166&_p=1733278765649&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485&cid=574771359.1733278767&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&dl=https%3A%2F%2Fwinteriscoming.net%2F&dt=Game%20of%20Thrones%20and%20sci-fi%2Ffantasy%20news%2C%20TV%2C%20and%20movies&dr=&sid=1733278766&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.sample_rate=100&ep.page_language=en&ep.page_type=HomePage&ep.distribution_channels=none%2C&ep.anonimized=false&ep.traffic_source_to_dfp=Direct&ep.traffic_id_to_dfp=&ep.affiliate_id_hit=&ep.is_article_infinite_scroll_page=false&epn.number_of_article_on_page=1&ep.player_ownership=O%26O&ep.experiment_version_hit=&ep.maxmind_geo_detected_hit=US&epn.unique_event_id_hit=165&ep.post_fs_site_id=385&ep.post_vertical=ENTERTAINMENT&ep.anonymizeIp=true&ep.cookieFlags=samesite%3Dnone%3Bsecure&ep.platform=desktop&ep.userid_hit=eQ1hdwl55vvIHDZZ&ep.userid_user=eQ1hdwl55vvIHDZZ&ep.GTM_event_trigger=GTM%20data%20ready%20to%20GA&ep.property=385&ep.is_slideshow=false&ep.finite_scroll_data_exists=false&ep.article_template=none&ep.mmSessionID=yc40kWH0Eoj5HMOK&ep.mmUserID=429533749165000124788887639746.&ep.custom_timestamp=2024-12-04T02%3A19%3A26.404Z&ep.state=NY&ep.GTM_container_name=Minute%20Media&ep.mm_user_identifier=eQ1hdwl55vvIHDZZ&up.affiliate_id_user=&up.experiment_version_user=&up.property=Winter%20is%20Coming&up.geo_detected_user=US&up.mm_user_identifier=eQ1hdwl55vvIHDZZ&tfd=1876
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NB8RD6J3M6&l=dataLayer&cx=c&gtm=45He4bk0v72382166za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://winteriscoming.net
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/
0
556 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-NB8RD6J3M6&cid=574771359.1733278767&gtm=45je4bk0v881192982z872382166za200zb72382166&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NB8RD6J3M6&l=dataLayer&cx=c&gtm=45He4bk0v72382166za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://winteriscoming.net
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame 41A6
0
0
Document
General
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-NB8RD6J3M6&gacid=574771359.1733278767&gtm=45je4bk0v881192982z872382166za200zb72382166&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485&z=86697198
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NB8RD6J3M6&l=dataLayer&cx=c&gtm=45He4bk0v72382166za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 04 Dec 2024 02:19:26 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
hb-mm-multi
hb.minutemedia-prebid.com/
82 B
473 B
Fetch
General
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.211.109.241 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-109-241.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
5c731ca5a62b74f49ea1116bccd8a03596895c82e5dfb4aa5515583139231661

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
x-envoy-upstream-service-time
1
access-control-allow-credentials
true
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://winteriscoming.net
content-length
107
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/json
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
sid
mug.criteo.com/ Frame
0
0
Preflight
General
Full URL
https://mug.criteo.com/sid?cpp=o-OLV3w3UloyL2hvcEFJYzZHaFRxbE1nTmdYMU5iUjc2VEo4L0VEWk5vSjNhdyt2VUpjNWlzYnpjaGlEN0d4enBpYkFRd1dlQ2RmcStXTnJxdUpOZC9wRTlpV1U3U1JJcFN4VEphNUp5NlJIUGxma0JpZXdZUVI0Q1A2bDhEKzJSYmdHMlB6aVhqbEpPakUrRG9SY2o3dFg1R2pqbTVMRjZsNDBzYmI2N3U5NVRQeHJ5K25uaDdHNWpGaE9XTjJsZXdYYlpQb1JTZW5aYlliMHR4VzU4OHBYQncveXBqdksvWTNZNnpINTJ5UU1QYXgwOGUxT0ZQK29xclBNc3JyazVBa00wdFZmWDIrdWVmTWNLMjI4TUxpOW85dz09fA&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.117.17 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Wed, 04 Dec 2024 02:19:26 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
243103
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
b2
sb.scorecardresearch.com/
Redirect Chain
  • https://sb.scorecardresearch.com/b?c1=2&c2=18120612&cs_it=b9&cv=4.10.0%2B2411181312&ns__t=1733278766730&ns_c=UTF-8&cs_cfg=100111&c7=https%3A%2F%2Fwinteriscoming.net%2F&c8=Game%20of%20Thrones%20and%...
  • https://sb.scorecardresearch.com/b2?c1=2&c2=18120612&cs_it=b9&cv=4.10.0%2B2411181312&ns__t=1733278766730&ns_c=UTF-8&cs_cfg=100111&c7=https%3A%2F%2Fwinteriscoming.net%2F&c8=Game%20of%20Thrones%20and...
0
226 B
Image
General
Full URL
https://sb.scorecardresearch.com/b2?c1=2&c2=18120612&cs_it=b9&cv=4.10.0%2B2411181312&ns__t=1733278766730&ns_c=UTF-8&cs_cfg=100111&c7=https%3A%2F%2Fwinteriscoming.net%2F&c8=Game%20of%20Thrones%20and%20sci-fi%2Ffantasy%20news%2C%20TV%2C%20and%20movies&c9=
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Server
18.173.219.84 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-219-84.jfk52.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

via
1.1 9072caf3ec2d91f3dd159b88ae86e822.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
imOwWfTxH2BLU0NU5xYtz9wBPULXa33-V3EV_6Vuj-cjjlR1dOfyCQ==
date
Wed, 04 Dec 2024 02:19:26 GMT
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
JFK52-P1

Redirect headers

location
/b2?c1=2&c2=18120612&cs_it=b9&cv=4.10.0%2B2411181312&ns__t=1733278766730&ns_c=UTF-8&cs_cfg=100111&c7=https%3A%2F%2Fwinteriscoming.net%2F&c8=Game%20of%20Thrones%20and%20sci-fi%2Ffantasy%20news%2C%20TV%2C%20and%20movies&c9=
accept-ch
UA, Platform, Arch, Model, Mobile
via
1.1 9072caf3ec2d91f3dd159b88ae86e822.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
BGh_Lmu_khubsznciCFGHB80ig5bqReL7_YugUTG7JgdzVhQemUcSA==
date
Wed, 04 Dec 2024 02:19:26 GMT
x-amz-cf-pop
JFK52-P1
p0xG3SZhEr
api.userway.org/api/tunings/
2 KB
2 KB
XHR
General
Full URL
https://api.userway.org/api/tunings/p0xG3SZhEr
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f14:5db:eb11:dea0:25ab:db84:d7cf Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
c486e9e82b20b5506be37c1712d0feeafd506a3519e35bad95272ecf55632dde

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
cache-control
no-cache, no-store, must-revalidate
x-service-request-id
usr42b93f18b56341c
etag
W/"6d8-EOw3AYyrMu+hCCdrFN1/mwzG+AM"
access-control-allow-methods
GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-origin
*
content-length
1752
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/json; charset=utf-8
x-service-version
uw-pr
access-control-allow-headers
*
/
www.facebook.com/tr/
0
16 B
Image
General
Full URL
https://www.facebook.com/tr/?id=739763452834773&ev=PageView&dl=https%3A%2F%2Fwinteriscoming.net%2F&rl=&if=false&ts=1733278766758&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1733278766756.568228333404325055&ler=empty&cdl=API_unavailable&it=1733278766572&coo=false&rqm=GET
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=5, rtx=0, c=23, mss=1232, tbw=4498, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
195 B
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=739763452834773&ev=PageView&dl=https%3A%2F%2Fwinteriscoming.net%2F&rl=&if=false&ts=1733278766758&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=4126&fbp=fb.1.1733278766756.568228333404325055&ler=empty&cdl=API_unavailable&it=1733278766572&coo=false&rqm=FGET
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7444375616892685852"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
M0Shm8iPvDuhuboWCfwsRXpJ0z6LXfgbIQk9/23O9T7p/1j1/ubX8gQflKfNtU51CUHnCt6VRRyLoKml04gi6w==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7444375616892685852", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=8, rtx=0, c=23, mss=1232, tbw=4955, tp=15, tpl=0, uplat=77, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
launchpad.bundle.js
launchpad.privacymanager.io/latest/
156 KB
35 KB
Script
General
Full URL
https://launchpad.privacymanager.io/latest/launchpad.bundle.js
Requested by
Host: launchpad-wrapper.privacymanager.io
URL: https://launchpad-wrapper.privacymanager.io/39474863-a748-40f1-9018-27d1ee3c474c/launchpad-liveramp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-85.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b2ac0a80c3037e36cc04e4ac63a9fd246542c3c2370504f571ebaeada10be9cc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

vary
accept-encoding
cache-control
must-revalidate,public,max-age=3600
content-encoding
gzip
x-amz-version-id
y2XbJrWpid16.q8WCP8QY9COtPaM7Zae
etag
W/"21442f2b8d4d10d9b3feb114c12ad42a"
age
1248
via
1.1 1d45cc40d1dd29d2b3aaefb9f85bceee.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
JTigSNYvfmo6hr2K16Y_yob1WJdN_3npnvy1QMAVShyqdRvN-M96Aw==
date
Wed, 04 Dec 2024 01:58:39 GMT
content-type
application/x-javascript
last-modified
Thu, 07 Nov 2024 16:41:14 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
iu3
s.amazon-adsystem.com/ Frame 9433
Redirect Chain
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-adman-v2_n-acuityads
  • https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-adman-v2_n-acuityads&dcc=t
0
0
Document
General
Full URL
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-adman-v2_n-acuityads&dcc=t
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
98.82.158.241 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-98-82-158-241.compute-1.amazonaws.com
Software
Server /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
294
Content-Type
text/html;charset=ISO-8859-1
Date
Wed, 04 Dec 2024 02:19:26 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
DGRB2N854KAPQ7MK0TKV

Redirect headers

Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Date
Wed, 04 Dec 2024 02:19:26 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&csif=t&gdpr=0&dl=n-adman-v2_n-acuityads&dcc=t
Pragma
no-cache
Server
Server
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
x-amz-rid
Z1D794KMT6MKPJ8ME6FX
launcher.min.js
secure.cdn.fastclick.net/js/cnvr-launcher/latest/
49 KB
17 KB
Script
General
Full URL
https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js
Requested by
Host: secure.cdn.fastclick.net
URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher-stub.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.203.179.38 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-179-38.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
938c64115ce60b98ee8151d7eb28208567753f3d4ebbe0aa0f56618c555a18fb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
max-age=900
content-encoding
gzip
etag
"c4b6-5e920545406d3-gzip"
expires
Wed, 04 Dec 2024 02:34:26 GMT
accept-ranges
bytes
content-length
17042
date
Wed, 04 Dec 2024 02:19:26 GMT
last-modified
Tue, 20 Sep 2022 18:52:26 GMT
content-type
application/javascript
server
Apache
vary
Accept-Encoding
hadron.json
id.hadron.ad.gt/v1/
128 B
288 B
XHR
General
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=454&sync=0&domain=winteriscoming.net&url=https://winteriscoming.net/&v=06
Requested by
Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fwinteriscoming.net%2F&ref=&_it=amazon&partner_id=454
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
554d86be733cf3f534ef0ed6c0613381a45229b4f6ae1a64b03806b22a2dfb2f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
debug
NON-OPTIONS
access-control-allow-methods
HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-credentials
true
cf-ray
8ec84fc4e9580f77-EWR
access-control-allow-origin
*
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/json
server
cloudflare
access-control-allow-headers
authorization,content-type
hadron.json
id.hadron.ad.gt/v1/ Frame
0
0
Preflight
General
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=454&sync=0&domain=winteriscoming.net&url=https://winteriscoming.net/&v=06
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://winteriscoming.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST, OPTIONS, GET
cache-control
max-age=31536000 public, no-transform
cf-cache-status
DYNAMIC
cf-ray
8ec84fc4b8fc0f77-EWR
content-length
0
content-type
application/json
date
Wed, 04 Dec 2024 02:19:26 GMT
debug
OPTIONS block
expires
Thu, 04 Dec 2025 02:19:26 GMT
server
cloudflare
map
bcp.crwdcntrl.net/6/
156 B
618 B
XHR
General
Full URL
https://bcp.crwdcntrl.net/6/map
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.45.239.128 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-239-128.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
fa739992a86252b23ad49f8bf2309674f484719778774f2aaecfff4bf779eca1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache
pragma
no-cache
access-control-allow-credentials
true
expires
0
access-control-allow-origin
https://winteriscoming.net
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
156
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/json;charset=utf-8
x-server
10.40.11.242
server
Jetty(9.4.38.v20210224)
v1
lb.eu-1-id5-sync.com/lb/
45 B
290 B
Fetch
General
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns31533568.ip-162-19-138.eu
Software
/
Resource Hash
b773f5ca97e1f719c7f3a18c0fee1e27bf29da29554ac1ce92f31e331968f119
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-origin
https://winteriscoming.net
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/json;charset=UTF-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202412030101/
64 KB
23 KB
Other
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/dict/m202412030101/gpt
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1f::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e33cff2da607ed34049c949ac59d671b34ce321369629f45ed5462131f6b0a83
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
br
etag
7798723742105243693
age
37096
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 16:01:10 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Tue, 03 Dec 2024 16:01:10 GMT
content-type
text/plain; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=86400, stale-while-revalidate=7200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
23021
x-xss-protection
0
server
cafe
use-as-dictionary
match="/gampad/ads", id="m202412030101"
launcher
proc.ad.cpe.dotomi.com/cvx/client/direct/
190 B
465 B
XHR
General
Full URL
https://proc.ad.cpe.dotomi.com/cvx/client/direct/launcher?version=1.1.1&lid=681
Requested by
Host: secure.cdn.fastclick.net
URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:ae80:1451:20::1780 , United States, ASN26762 (CNVR-US-EAST, US),
Reverse DNS
Software
nginx /
Resource Hash
71f0c958e33905cb028dfd76ff7fcffa9d57a260845594e84d116530e3f80a36

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
max-age=1800
accept-ch
Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Bitness
access-control-allow-credentials
true
expires
Wed, 04 Dec 2024 02:49:26 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
190
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
application/json
vary
Origin
server
nginx
/
geo.privacymanager.io/
30 B
627 B
Fetch
General
Full URL
https://geo.privacymanager.io/
Requested by
Host: launchpad.privacymanager.io
URL: https://launchpad.privacymanager.io/latest/launchpad.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-52.ewr53.r.cloudfront.net
Software
/
Resource Hash
8f8ba42d03a7c5a04626835a48b8212f61a3440e51d66b4b866a8d20acf32f57

Request headers

Referer
https://winteriscoming.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept
application/json
Content-Type
application/json

Response headers

x-amz-apigw-id
CNeVJEiajoEEt-A=
age
56949
x-amzn-trace-id
Root=1-674eddba-771d338b44bc29e35ce19652;Parent=2f47a76cb199eb6a;Sampled=0;Lineage=1:06620786:0
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
x-amzn-requestid
d1ae6537-c701-4714-bab7-03e960aaa4e7
via
1.1 7eec4b899788ee4df5c41267e91dcf8a.cloudfront.net (CloudFront), 1.1 99b519fb7ca87e7fd6040aacb1160452.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
content-length
30
x-amz-cf-id
LTZljQwDcTThkxvoMqivWi6605EDKgRA29VE2hK56aPpI4iAEy-h8A==
date
Tue, 03 Dec 2024 10:30:18 GMT
content-type
application/json
x-amz-cf-pop
IAD61-P2, EWR53-P1
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
/
geo.privacymanager.io/ Frame
0
0
Preflight
General
Full URL
https://geo.privacymanager.io/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-52.ewr53.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://winteriscoming.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-origin
*
content-length
0
content-type
application/json
date
Wed, 04 Dec 2024 02:19:27 GMT
via
1.1 1d45cc40d1dd29d2b3aaefb9f85bceee.cloudfront.net (CloudFront), 1.1 99b519fb7ca87e7fd6040aacb1160452.cloudfront.net (CloudFront)
x-amz-apigw-id
CPpXaHpTjoEEByg=
x-amz-cf-id
T54IXGfkvjIO18SJeb01_j8aNZrcJVpaArObm_cIECuL_R4xA65qMQ==
x-amz-cf-pop
JFK50-P6 EWR53-P1
x-amzn-requestid
8c1a5569-eb06-4cee-86e3-1106b4aa6135
x-cache
Miss from cloudfront
fastlane.json
fastlane.rubiconproject.com/a/api/
426 B
785 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=15&alt_size_ids=10&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Fsidebar1____no-slot____39_p2_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=13934733775e747&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.9309585012919517
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
8d3971b06114a9fdf129dab4c23283ecd28cc12679b77a27f3c7f3483f6be924

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
426
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
426 B
786 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=15&alt_size_ids=10&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Fsidebar1____no-slot____40_p2_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=148c0dc47fc9aa8&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.23655697769288397
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
93be48412621779ed719ab713ca1116de5eae63bac3827e29729ab64f0504f40

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
426
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
426 B
786 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=15&alt_size_ids=10&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Fsidebar2____no-slot____43_p2_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=157c844cc79d689&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.45269151089867754
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
906331eeaa33476c5672cfba89c381dda6b9de0df6d59f5e7f3686aad545fa41

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
426
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
426 B
786 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=15&alt_size_ids=10&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Fsidebar2____no-slot____44_p2_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=16b8d4e090ba20e&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.001182712208545933
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
f4570c74047a26ecb942ca537b0d7a9872197d376f61b99cccc3730924595350

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
426
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
422 B
780 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=2&alt_size_ids=57&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Ftop_d____no-slot____47_p2_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=17d66be2247658e&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.9855819418466258
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
d66fc81b8da5c230e4a4ea784bcf0caf2935127c02e35924f902330542915a4a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
422
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
422 B
779 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=2&alt_size_ids=57&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Ftop_d____no-slot____49_p2_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=187909c22f6defe&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.2439700078506648
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
edfd0c717ee2cfef6b0634e359f1aec87f9f1d9a819d611ac615a8225bb6fdbc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
422
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
406 B
765 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=2&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed2_d____no-slot____53_p2_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=1911b67d7da815b&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.6475000865634204
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
b7465d4c561fe75b44aaa7872e52958313c2aa22025e0f964565fcfcb255a01d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
406
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
406 B
767 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=2&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed2_d____no-slot____55_p2_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=20825a3bd5cb61b&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.3444326834773024
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
bd1577e5e293092a1212a7c88fa6bcff12be3420305e5caae8e78369eeeb7ddd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
406
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
406 B
942 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=2&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed1_d____no-slot____59_p2_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=214d376dbdb6c58&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.94419324973016
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
2b6ed5e2f6d8ddf22a93d6ee453bd711b17c55bbd6317f4c8300ed5b5aa279fe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
406
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
406 B
764 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=2&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed1_d____no-slot____61_p2_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=2248803d0fda198&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.8793948035350636
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
926f54fd1c5f039da33b7b320c2e89876ae4709d02697e9f7bdcb45a11013c47

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
406
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
cdb
bidder.criteo.com/
0
517 B
Fetch
General
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.52.1&cb=34611383454&lsavail=0
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=31536000; preload;
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
observe-browsing-topics
?1
access-control-allow-origin
https://winteriscoming.net
date
Wed, 04 Dec 2024 02:19:27 GMT
vary
Origin
server
Kestrel
prebidjs
rtb.openx.net/openrtbb/
53 B
296 B
Fetch
General
Full URL
https://rtb.openx.net/openrtbb/prebidjs
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
/
Resource Hash
3a3d3651d984ab6608e5395ebe540d0fe29750f33ac4457e19adc777582da987

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
x-forwarded-for
5.181.234.132
access-control-allow-credentials
true
observe-browsing-topics
?1
via
1.1 google
access-control-allow-origin
https://winteriscoming.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77
date
Wed, 04 Dec 2024 02:19:26 GMT
content-type
text/plain
vary
Origin
hbjson
grid.bidswitch.net/
24 B
319 B
Fetch
General
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
fb55f581555cc64d7993e85799a131a9b55509c4bd2ccdb21458c3a228619334
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-store, must-revalidate, no-cache
content-encoding
br
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Accept-Encoding, Origin
server
Kestrel
auction
tlx.3lift.com/header/
19 B
1 KB
Fetch
General
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.52.1&referrer=https%3A%2F%2Fwinteriscoming.net%2F&tmax=2500&gdpr=false&us_privacy=1---
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.233.183.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-233-183-24.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
accept-ch
sec-ch-ua-mobile,sec-ch-rtt,sec-ch-ua-arch,sec-ch-ua-full-version,sec-ch-ua,sec-ch-ua-bitness,sec-ch-device-memory,sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ect,sec-ch-save-data,sec-ch-viewport-height,sec-ch-width,user-agent,sec-ch-dpr,sec-ch-ua-platform,sec-ch-prefers-color-scheme,sec-ch-ua-full-version-list,sec-ch-downlink,sec-ch-viewport-width
access-control-allow-credentials
true
observe-browsing-topics
?1
expires
Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin
https://winteriscoming.net
x-auction-status
12, 12, 12, 12, 12, 12, 12, 12, 12, 12
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
x-xss-protection
0
content-type
application/json; charset=utf-8
vary
Accept-Encoding
v1
hb-api.omnitagjs.com/hb-api/prebid/
2 KB
1004 B
Fetch
General
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwinteriscoming.net%2F&PageUrl=https%3A%2F%2Fwinteriscoming.net%2F&PageReferrer=https%3A%2F%2Fwinteriscoming.net%2F&CanonicalUrl=https%3A%2F%2Fwinteriscoming.net%2F
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.245.40.102 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
102.40.245.35.bc.googleusercontent.com
Software
/
Resource Hash
904c7102bebafffeace528bae48e0739d4b997e1ef6e83efbf4c148ccfb028a5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3600
content-encoding
gzip
access-control-allow-methods
OPTIONS, POST
x-content-type-options
nosniff
expires
0
x-kong-proxy-latency
0
p3p
CP="CAO PSA OUR"
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
cache-control
no-cache, no-store, must-revalidate
x-kong-request-id
5df0fa3c3aa16617c35f0679966f1a20
pragma
no-cache
access-control-allow-credentials
true
via
kong/3.6.1
x-kong-upstream-latency
29
access-control-allow-origin
https://winteriscoming.net
content-length
422
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
176 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
translator
hbopenbid.pubmatic.com/
0
115 B
Fetch
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
207.65.37.179 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
https://winteriscoming.net
date
Wed, 04 Dec 2024 02:19:27 GMT
access-control-allow-credentials
true
prebid-request
onetag-sys.com/
15 B
415 B
Fetch
General
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.239.230 , Canada, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ip230.ip-51-222-239.net
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
content-length
41
content-type
application/json
access-control-allow-headers
content-type, origin, referer, user-agent
bid-request
a.teads.tv/hb/
16 B
519 B
Fetch
General
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.52 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-52.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
pragma
no-cache
access-control-allow-credentials
true
observe-browsing-topics
?1
expires
Wed, 04 Dec 2024 02:19:27 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
42
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Accept-Encoding
prebid
ib.adnxs.com/ut/v3/
1 KB
1 KB
Fetch
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.184 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
c3294e44895e8e8f91cbdc14526f315f5986ac7d5d504020674c5af774bf8bf9
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
5.181.234.132; 5.181.234.132; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
https://winteriscoming.net
an-x-request-uuid
13ea7528-4b6a-4dee-af43-0fbbced5128c
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 04 Dec 2024 02:19:26 GMT
x-xss-protection
0
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
nginx/1.23.4
prebid
ads.yieldmo.com/exchange/
0
372 B
Fetch
General
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=8.52.1&p=%5B%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Fsidebar1____no-slot____39_p2_2%22%2C%22callback_id%22%3A%22130fe7a60dc83203%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Fsidebar1____no-slot____39_p2_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Fsidebar1____no-slot____40_p2_2%22%2C%22callback_id%22%3A%22131a01f3a82627c5%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Fsidebar1____no-slot____40_p2_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Fsidebar2____no-slot____43_p2_2%22%2C%22callback_id%22%3A%22132c71c2d32f2b0e%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Fsidebar2____no-slot____43_p2_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Fsidebar2____no-slot____44_p2_2%22%2C%22callback_id%22%3A%22133804607ce8a479%22%2C%22sizes%22%3A%5B%5B300%2C250%5D%2C%5B300%2C600%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Fsidebar2____no-slot____44_p2_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Ftop_d____no-slot____47_p2_2%22%2C%22callback_id%22%3A%2213472cd2e6b2e4e3%22%2C%22sizes%22%3A%5B%5B970%2C250%5D%2C%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Ftop_d____no-slot____47_p2_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Ftop_d____no-slot____49_p2_2%22%2C%22callback_id%22%3A%2213597878eca19bc6%22%2C%22sizes%22%3A%5B%5B970%2C250%5D%2C%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Ftop_d____no-slot____49_p2_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed2_d____no-slot____53_p2_2%22%2C%22callback_id%22%3A%22136b8a652bbd9013%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed2_d____no-slot____53_p2_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed2_d____no-slot____55_p2_2%22%2C%22callback_id%22%3A%2213754e3acf784ce7%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed2_d____no-slot____55_p2_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed1_d____no-slot____59_p2_2%22%2C%22callback_id%22%3A%22138bbb944aff999a%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed1_d____no-slot____59_p2_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed1_d____no-slot____61_p2_2%22%2C%22callback_id%22%3A%22139c5be6a55c9eb1%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed1_d____no-slot____61_p2_2%22%7D%5D&page_url=https%3A%2F%2Fwinteriscoming.net%2F&bust=1733278766938&dnt=false&description=Winter%20is%20Coming%20%E2%80%93%20A%20Game%20of%20Thrones%2C%20Sci-Fi%2C%20and%20Fantasy%20Site&tmax=2500&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%2C%22gpp%22%3A%22%22%2C%22gpp_sid%22%3A%5B%5D%7D&us_privacy=1---&pr=&scrd=1&title=Game%20of%20Thrones%20and%20sci-fi%2Ffantasy%20news%2C%20TV%2C%20and%20movies&w=1600&h=1200&cri_prebid=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q&eids=%5B%7B%22source%22%3A%22criteo.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%22%2C%22atype%22%3A1%7D%5D%7D%5D
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.40.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-40-212.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-origin
https://winteriscoming.net
date
Wed, 04 Dec 2024 02:19:27 GMT
access-control-request-headers
Cache-Control, Pragma
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS
pbjs
htlb.casalemedia.com/openrtb/
38 B
697 B
Fetch
General
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=1117399
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
154f27a9f918937c0856a53b7ff7c32d6b130d67792573779ca37d17156f33d9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7EsDk28tdKM%2FANerimW3ZA5l%2FFOp9Qcv35t47GNv0uLvXzi1FP0OwCURpaa5v2lwPvyYZT%2FakSvaJ4BDF%2BTPeady2Lh1LeQY4eGnZ29PnYDEqbV9yR51SsVbywpZAL3p0NeJzF56"}],"group":"cf-nel","max_age":604800}
observe-browsing-topics
?1
expires
0
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Accept-Encoding
priority
u=1,i
cache-control
no-cache
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8ec84fc59cd143a1-EWR
access-control-allow-origin
https://winteriscoming.net
content-length
38
server
cloudflare
454
a.ad.gt/api/v1/u/matches/
8 KB
4 KB
Script
General
Full URL
https://a.ad.gt/api/v1/u/matches/454?_it=amazon
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6fb1649fc7635aa1c0dffc0a11126cc94a672fe9b1ac8afe9d0e6538b94f06b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
HIT
age
6
cross-origin-resource-policy
cross-origin
cf-ray
8ec84fc5eef48c1e-EWR
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/javascript
vary
accept-encoding
server
cloudflare
last-modified
Wed, 04 Dec 2024 02:13:37 GMT
coreid.min.js
secure.cdn.fastclick.net/js/cnvr-coreid/latest/
229 KB
66 KB
Script
General
Full URL
https://secure.cdn.fastclick.net/js/cnvr-coreid/latest/coreid.min.js
Requested by
Host: secure.cdn.fastclick.net
URL: https://secure.cdn.fastclick.net/js/cnvr-launcher/latest/launcher.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.203.179.38 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-179-38.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
eb87c0447bd19366919bdb8913f775caca732ac31cbc5e5d42e4db5df39437ce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
max-age=900
content-encoding
gzip
etag
"394d0-60864a57eaadc-gzip"
expires
Wed, 04 Dec 2024 02:34:26 GMT
accept-ranges
bytes
content-length
67550
date
Wed, 04 Dec 2024 02:19:26 GMT
last-modified
Mon, 23 Oct 2023 16:23:46 GMT
content-type
application/javascript
server
Apache
vary
Accept-Encoding
en-US.json
cdn.userway.org/widgetapp/2024-12-02-09-47-30/locales/
607 B
941 B
XHR
General
Full URL
https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/locales/en-US.json
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
c46936850cfa993988f2c32b0b04a5c4b0f94c30d36aca502626befbd2b802de

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"971644f50e2020e1ff22e37edcad46f6"
age
231
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
kRpQViOyzgs09tM_OAK97Qi_-VnDpuRRadwtJmnbIQoBW2h8-o01vw==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
last-modified
Mon, 02 Dec 2024 09:51:10 GMT
x-77-nzt-ray
ce37a619a3077c382fbc4f6773a30e02
vary
Accept-Encoding
x-77-nzt
EgwBWbuxGAH3ljcCAAwBWbuxDAG3HQAAAA
cache-control
max-age=25920000, public
via
1.1 d07915e7a5c22513f7a2f462a7421cce.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
145302
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
454
p.ad.gt/api/v1/p/
53 KB
19 KB
Script
General
Full URL
https://p.ad.gt/api/v1/p/454
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ef99327c8d7a4017f81fcfee49b0c3841000fb5eb6727a574d336a6398cdf15

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
HIT
age
277
cf-ray
8ec84fc6bab643fa-EWR
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/javascript
vary
accept-encoding
server
cloudflare
last-modified
Wed, 04 Dec 2024 02:11:41 GMT
halo_match
ids.ad.gt/api/v1/
43 B
94 B
Image
General
Full URL
https://ids.ad.gt/api/v1/halo_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&halo_id=060ixe9ju6a65fki6dhja8hebk9cd86ea6juom6wi0e0yoyu0kswe4smgy6ik40me
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cf-ray
8ec84fc6cb9c03d5-EWR
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
image/gif
server
cloudflare
ip_match
ids4.ad.gt/api/v1/
0
192 B
Image
General
Full URL
https://ids4.ad.gt/api/v1/ip_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.162.65.214 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-162-65-214.us-west-2.compute.amazonaws.com
Software
timberwolf /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-length
0
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/html; charset=utf-8
server
timberwolf
match
ids.ad.gt/api/v1/
Redirect Chain
  • https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&adnxs_id=$UID&gdpr=0
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY%26adnxs_id%3D%24UID%26gdpr%3D0
  • https://ids.ad.gt/api/v1/match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&adnxs_id=8843601102025909604&gdpr=0
43 B
170 B
Image
General
Full URL
https://ids.ad.gt/api/v1/match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&adnxs_id=8843601102025909604&gdpr=0
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cf-ray
8ec84fc6cb9f03d5-EWR
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
image/gif
server
cloudflare

Redirect headers

cache-control
no-store, no-cache, private
location
https://ids.ad.gt/api/v1/match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&adnxs_id=8843601102025909604&gdpr=0
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
5.181.234.132; 5.181.234.132; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
d1009473-6de6-47c8-abb8-91368b86f75e
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 04 Dec 2024 02:19:27 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
openx
ids.ad.gt/api/v1/
Redirect Chain
  • https://u.openx.net/w/1.0/cm?id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY%26auid%3DAU...
  • https://u.openx.net/w/1.0/cm?cc=1&id=998eaf06-9905-4eae-9e26-9fac75960c53&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fopenx%3Fopenx_id%3D%7BOPENX_ID%7D%26id%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY%26auid...
  • https://ids.ad.gt/api/v1/openx?openx_id=7070f282-8576-4335-8184-d6e6179295cf&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&auid=AU1D-0100-001733278767-XOAZ8OUS-LOSY
43 B
95 B
Image
General
Full URL
https://ids.ad.gt/api/v1/openx?openx_id=7070f282-8576-4335-8184-d6e6179295cf&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&auid=AU1D-0100-001733278767-XOAZ8OUS-LOSY
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cf-ray
8ec84fc75c6503d5-EWR
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
image/gif
server
cloudflare

Redirect headers

location
https://ids.ad.gt/api/v1/openx?openx_id=7070f282-8576-4335-8184-d6e6179295cf&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&auid=AU1D-0100-001733278767-XOAZ8OUS-LOSY
content-encoding
gzip
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
p3p
CP="CUR ADM OUR NOR STA NID"
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
image/gif
vary
Accept, Accept-Encoding
server
OXGW/0.0.0
pbm_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY
  • https://ids.ad.gt/api/v1/pbm_match?pbm=7415F8D0-48B4-44DD-BE32-EE89B7ABBAD1&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
43 B
95 B
Image
General
Full URL
https://ids.ad.gt/api/v1/pbm_match?pbm=7415F8D0-48B4-44DD-BE32-EE89B7ABBAD1&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cf-ray
8ec84fc72c1203d5-EWR
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
image/gif
server
cloudflare

Redirect headers

cache-control
no-store, no-cache, private
location
https://ids.ad.gt/api/v1/pbm_match?pbm=7415F8D0-48B4-44DD-BE32-EE89B7ABBAD1&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date
Wed, 04 Dec 2024 02:19:25 GMT
server
nginx
rub_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://token.rubiconproject.com/token?pid=50242&puid=AU1D-0100-001733278767-XOAZ8OUS-LOSY&gdpr=0
  • https://ids.ad.gt/api/v1/rub_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&rub=M499FC1M-K-A26U&gdpr=0
43 B
95 B
Image
General
Full URL
https://ids.ad.gt/api/v1/rub_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&rub=M499FC1M-K-A26U&gdpr=0
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cf-ray
8ec84fc6fbd103d5-EWR
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
image/gif
server
cloudflare

Redirect headers

Expires
0
Cache-Control
no-cache,no-store,must-revalidate
Location
https://ids.ad.gt/api/v1/rub_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&rub=M499FC1M-K-A26U&gdpr=0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
a63e28342bd5b2027f26e8b97631d66b
Pragma
no-cache
content-length
0
t_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001733278767-XOAZ8OUS-LOSY&gdpr=0
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001733278767-XOAZ8OUS-LOSY&gdpr=0
  • https://ids.ad.gt/api/v1/t_match?tdid=abe3c0b0-f74c-469b-b5c7-d768bd26015e&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
43 B
95 B
Image
General
Full URL
https://ids.ad.gt/api/v1/t_match?tdid=abe3c0b0-f74c-469b-b5c7-d768bd26015e&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cf-ray
8ec84fc72c1603d5-EWR
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
image/gif
server
cloudflare

Redirect headers

location
https://ids.ad.gt/api/v1/t_match?tdid=abe3c0b0-f74c-469b-b5c7-d768bd26015e&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
content-length
259
date
Wed, 04 Dec 2024 02:19:27 GMT
server
Kestrel
tapad_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3185&partner_device_id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001733278767...
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3185&partner_device_id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001733...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=0a9d9cb7-c62d-434b-904f-e6fe9527f1a1%252Chttps%25253A%25252F%25252Fids.ad.gt%25252Fapi%25252Fv1%25252Ftapad_match%25253Fi...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=abe3c0b0-f74c-469b-b5c7-d768bd26015e&ttd_puid=0a9d9cb7-c62d-434b-904f-e6fe9527f1a1%2Chttps%253A%252F%252Fids.ad.gt%252Fap...
  • https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&tapad_id=0a9d9cb7-c62d-434b-904f-e6fe9527f1a1
43 B
95 B
Image
General
Full URL
https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&tapad_id=0a9d9cb7-c62d-434b-904f-e6fe9527f1a1
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cf-ray
8ec84fc7ccc403d5-EWR
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
image/gif
server
cloudflare

Redirect headers

strict-transport-security
max-age=31536000
location
https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&tapad_id=0a9d9cb7-c62d-434b-904f-e6fe9527f1a1
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
0
date
Wed, 04 Dec 2024 02:19:27 GMT
server
Jetty(11.0.13)
pixel
cm.g.doubleclick.net/
170 B
409 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.122.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f156.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Wed, 04 Dec 2024 02:19:27 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)
amo_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODI0MTY1OC90LzA/url/https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Famo_match%3Fturn_id%3D%24!%7BTURN_UUID%7D%26id%3DAU1D-0100-001733278767-XOAZ8OUS-LOSY
  • https://ids.ad.gt/api/v1/amo_match?turn_id=4459252098359499415&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
43 B
95 B
Image
General
Full URL
https://ids.ad.gt/api/v1/amo_match?turn_id=4459252098359499415&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cf-ray
8ec84fc7aca003d5-EWR
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
image/gif
server
cloudflare

Redirect headers

cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
location
https://ids.ad.gt/api/v1/amo_match?turn_id=4459252098359499415&id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
content-length
0
pragma
no-cache
date
Wed, 04 Dec 2024 02:19:30 GMT
son_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://sync.go.sonobi.com/us?https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&uid=[UID]&gdpr=0
  • https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&uid=d903c47d-2bb4-44fd-8a4e-a31e5828d564&gdpr=0
43 B
95 B
Image
General
Full URL
https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&uid=d903c47d-2bb4-44fd-8a4e-a31e5828d564&gdpr=0
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cf-ray
8ec84fc7bcbc03d5-EWR
cache-control
no-cache
content-length
43
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
image/gif
server
cloudflare

Redirect headers

cache-control
no-cache, no-store, private
location
https://ids.ad.gt/api/v1/son_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY&uid=d903c47d-2bb4-44fd-8a4e-a31e5828d564&gdpr=0
pragma
no-cache
expires
Sat, 26 Jul 1997 05:00:00 GMT
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date
Wed, 04 Dec 2024 02:19:27 GMT
tcn
Choice
content-type
text/plain; charset=utf8
vary
negotiate,Accept-Encoding
server
sonobi-go
x-go-server
go-iad-2-6-43
x-xss-protection
0
pixel
cm.g.doubleclick.net/
Redirect Chain
  • https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTczMzI3ODc2Ny1YT0FaOE9VUy1MT1NZ
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTczMzI3ODc2Ny1YT0FaOE9VUy1MT1NZ
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Server
172.253.122.156 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bh-in-f156.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Wed, 04 Dec 2024 02:19:27 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

cf-ray
8ec84fc72c0303d5-EWR
location
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTczMzI3ODc2Ny1YT0FaOE9VUy1MT1NZ
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/html; charset=utf-8
vary
accept-encoding
server
cloudflare
1127.json
id5-sync.com/g/v2/
631 B
1 KB
Fetch
General
Full URL
https://id5-sync.com/g/v2/1127.json
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns31533569.ip-162-19-138.eu
Software
/
Resource Hash
538d15501cc27005b834d8e10d6ac2dffa16fa19278495726e03de16fd40fa94
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
expires
Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin
https://winteriscoming.net
p3p
CP="CAO PSA OUR"
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Origin
js
www.googletagmanager.com/gtag/
270 KB
95 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-FVWZ0RM4DH&l=audDataLayer
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3fd7b86ab05e6ccfaaa26a79c1401fe067922ae8fe9867307327a837e8d956db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 04 Dec 2024 02:19:27 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
96916
x-xss-protection
0
server
Google Tag Manager
match
seg.ad.gt/api/v2/ Frame
0
0
Preflight
General
Full URL
https://seg.ad.gt/api/v2/match
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://winteriscoming.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
*
access-control-allow-origin
*
allow
POST
cf-cache-status
DYNAMIC
cf-ray
8ec84fc7896742b9-EWR
date
Wed, 04 Dec 2024 02:19:27 GMT
server
cloudflare
vary
origin, access-control-request-method, access-control-request-headers
collect
a.ad.gt/api/v1/
0
95 B
XHR
General
Full URL
https://a.ad.gt/api/v1/collect
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/454
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cf-ray
8ec84fc7084c8c1e-EWR
access-control-allow-origin
https://winteriscoming.net
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
vary
Origin
server
cloudflare
access-control-allow-credentials
true
getpixels
pixels.ad.gt/api/v1/
0
88 B
Script
General
Full URL
https://pixels.ad.gt/api/v1/getpixels?tagger_id=e317c447d74cc9d9512ae7af521d5fb1&url=https%3A%2F%2Fwinteriscoming.net%2F&code=%27none%27
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cf-ray
8ec84fc7d8848ca8-EWR
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
server
cloudflare
match
seg.ad.gt/api/v2/
4 KB
408 B
XHR
General
Full URL
https://seg.ad.gt/api/v2/match
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/454
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5a3d69c0f4c390615ab951405230ee0b517d2cca2eac239b965c82628b043cb5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://winteriscoming.net/

Response headers

access-control-expose-headers
*
content-encoding
br
cf-cache-status
DYNAMIC
cf-ray
8ec84fc85aa542b9-EWR
access-control-allow-origin
*
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers, accept-encoding
server
cloudflare
segments
seg.ad.gt/api/v1/
16 B
138 B
XHR
General
Full URL
https://seg.ad.gt/api/v1/segments?url=https%253A%252F%252Fwinteriscoming.net%252F&partner_id=454&tagger_id=e317c447d74cc9d9512ae7af521d5fb1&au_id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/454
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33c70c297b1a729f965a6aca60b7b3bb7a3b06bd13efe07698516fa98ac8b9f9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cf-cache-status
DYNAMIC
access-control-allow-credentials
true
cf-ray
8ec84fc7896242b9-EWR
access-control-allow-origin
https://winteriscoming.net
content-length
16
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
vary
Origin
server
cloudflare
favicon_2-7584840191d9f13dce826391650b7201.ico
images2.minutemediacdn.com/image/upload/c_fill,w_1440,ar_1:1,f_auto,q_auto,g_auto/shape/cover/sport/
10 KB
11 KB
Other
General
Full URL
https://images2.minutemediacdn.com/image/upload/c_fill,w_1440,ar_1:1,f_auto,q_auto,g_auto/shape/cover/sport/favicon_2-7584840191d9f13dce826391650b7201.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:23ca:6e00:14:3f07:afc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
b9208aee0398bda39abb57c76a1af722d0e7a03a49644ce2f531ca20913004ec

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

etag
"58c5978188a0efdf85364a6888a22140"
surrogate-reporting
width=1440,height=1440,owidth=256,oheight=256,obytes=100657
age
6664888
x-cache
Hit from cloudfront
x-amz-cf-id
S1gZLqdvveJdmmatsZwkPpbIyqVzV0MTlwf4w7b1ZvJ44ck1ct3WXg==
date
Tue, 17 Sep 2024 22:57:58 GMT
content-type
image/webp
x-served-by
cache-iad-kjyo7100138-IAD
x-cache-hits
0
content-disposition
inline; filename="favicon_2-7584840191d9f13dce826391650b7201.webp"
access-control-allow-headers
X-Requested-With
last-modified
Mon, 01 May 2023 17:55:58 GMT
cache-control
private, max-age=31560000
timing-allow-origin
*
x-timer
S1726613879.552478,VS0,VE96
via
1.1 ef315c477bb47c8fcfecf9e0377b18b0.cloudfront.net (CloudFront), 1.1 varnish, 1.1 fdc88b576635a6d1858343ad162c44fc.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
10140
x-amz-cf-pop
JFK50-P2
server
CloudFront
/
stats.bqstreamer.com/
2 B
465 B
Ping
General
Full URL
https://stats.bqstreamer.com/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/mz-delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4728 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rQehV4wUv%2B7LlbGeMNyBfLyrbs8lP3VXsEL0EugUF24rTebwnJnGyWg%2BrxP9W%2BXIBm%2Bfy01MRhipx0KX0fCHxJJz4URcMvBhdrNYWxcHbMtzEABAp2bZnjIiI%2BOGmo6%2FUTgntclt%2FjCCIs6zPIwo8Mmi"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, OPTIONS
cf-ray
8ec84fc8ed2618f2-EWR
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=16278&min_rtt=8211&rtt_var=6416&sent=32&recv=41&lost=0&retrans=0&sent_bytes=5745&recv_bytes=24090&delivery_rate=471981&cwnd=257&unsent_bytes=0&cid=5123d079dbb7b049&ts=1629&x=0"
content-length
2
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/plain;charset=UTF-8
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
*
join-ad-interest-groups.html
proton.ad.gt/ Frame 547E
0
0
Document
General
Full URL
https://proton.ad.gt/join-ad-interest-groups.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
ad-auction-allowed
true
age
2998
apigw-requestid
CPcX3gopvHcEJIg=
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
8ec84fc98adf19ae-EWR
content-encoding
br
content-type
text/html
date
Wed, 04 Dec 2024 02:19:27 GMT
last-modified
Wed, 04 Dec 2024 00:50:45 GMT
server
cloudflare
supports-loading-mode
fenced-frame
vary
Accept-Encoding
remediation_1733132850231.js
cdn.userway.org/widgetapp/2024-12-02-09-47-30/remediation/
79 KB
23 KB
Script
General
Full URL
https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/remediation/remediation_1733132850231.js
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
ab7dcfad27703bd3f510f2fb8eea5a8e4be2aa92c0086ad70a0ff4302d5923d1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://winteriscoming.net
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"fe133f78391e9b1bfdb86759ce2b312f"
age
234
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
AzL3uLWGYUhXVWNp1rhll1FPMdeU7ywyek6MuENOyrdVn8qbCtYCKQ==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/javascript
last-modified
Mon, 02 Dec 2024 09:51:11 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a619a3077c382fbc4f67cad34020
x-77-nzt
EgwBWbuxGAH3lDcCAAwBnJI76AG3GgAAAA
cache-control
max-age=25920000, public
via
1.1 4da3e729faec3d2f5eeca39813785c2c.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
145300
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
6xKxTM0LVUREaM9g.json
cdn.userway.org/remediations/consolidated/3505957/
1 MB
258 KB
XHR
General
Full URL
https://cdn.userway.org/remediations/consolidated/3505957/6xKxTM0LVUREaM9g.json
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
d744be23d9d42febe0cb4c44358f92d3a6ddfa5922a598ffca089a805c1a32b1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"9b7968934ee683dcb05c7a94c292feba"
age
14
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
0XUqy1mXHOVllr71npDst407YTdbfQH0jMonZXrcd4IMBaemrd3vuw==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
last-modified
Fri, 29 Nov 2024 11:00:16 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a619a3077c382fbc4f67a3153d20
x-77-nzt
EgwBWbuxGAH3iC8CAAwBuTvfFAG35wcAAA
cache-control
public, max-age=31536000
via
1.1 100ce1d37f67e6c59753cd4c9c473afc.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
143240
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
widget_base.css
cdn.userway.org/styles/2024-12-02-09-47-30/
30 KB
5 KB
Stylesheet
General
Full URL
https://cdn.userway.org/styles/2024-12-02-09-47-30/widget_base.css?v=1733132850231
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
f4a9f0660f5c68ff763c6f5eb2d89f977cc2a61ed5d3f2688a2257de0f65fef3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"35af998bd342763044abead4df839374"
age
237
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
3XWp53HXrTRLzFAL-SjED0Sppe4XvwUoNQg7Tvmizr0ZKgpIVj0b2w==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/css
last-modified
Mon, 02 Dec 2024 09:50:29 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a61972d1eb352fbc4f6728a71e21
x-77-nzt
EgwBWbuxGAH3lTcCAAwBnJI76AG3GAAAAA
cache-control
max-age=864000, public
via
1.1 441f91af2fc013470161b54d14d10a44.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
145301
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
widget_base.css
cdn.userway.org/styles/2024-12-02-09-47-30/ Frame 2028
30 KB
0
Stylesheet
General
Full URL
https://cdn.userway.org/styles/2024-12-02-09-47-30/widget_base.css?v=1733132850231
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
f4a9f0660f5c68ff763c6f5eb2d89f977cc2a61ed5d3f2688a2257de0f65fef3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"35af998bd342763044abead4df839374"
age
237
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
3XWp53HXrTRLzFAL-SjED0Sppe4XvwUoNQg7Tvmizr0ZKgpIVj0b2w==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/css
last-modified
Mon, 02 Dec 2024 09:50:29 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a61972d1eb352fbc4f6728a71e21
x-77-nzt
EgwBWbuxGAH3lTcCAAwBnJI76AG3GAAAAA
cache-control
max-age=864000, public
via
1.1 441f91af2fc013470161b54d14d10a44.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
145301
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
widget_base.css
cdn.userway.org/styles/2024-12-02-09-47-30/ Frame E8BD
30 KB
0
Stylesheet
General
Full URL
https://cdn.userway.org/styles/2024-12-02-09-47-30/widget_base.css?v=1733132850231
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
f4a9f0660f5c68ff763c6f5eb2d89f977cc2a61ed5d3f2688a2257de0f65fef3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"35af998bd342763044abead4df839374"
age
237
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
3XWp53HXrTRLzFAL-SjED0Sppe4XvwUoNQg7Tvmizr0ZKgpIVj0b2w==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/css
last-modified
Mon, 02 Dec 2024 09:50:29 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a61972d1eb352fbc4f6728a71e21
x-77-nzt
EgwBWbuxGAH3lTcCAAwBnJI76AG3GAAAAA
cache-control
max-age=864000, public
via
1.1 441f91af2fc013470161b54d14d10a44.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
145301
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
widget_base.css
cdn.userway.org/styles/2024-12-02-09-47-30/ Frame F4D7
30 KB
0
Stylesheet
General
Full URL
https://cdn.userway.org/styles/2024-12-02-09-47-30/widget_base.css?v=1733132850231
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
f4a9f0660f5c68ff763c6f5eb2d89f977cc2a61ed5d3f2688a2257de0f65fef3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"35af998bd342763044abead4df839374"
age
237
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
3XWp53HXrTRLzFAL-SjED0Sppe4XvwUoNQg7Tvmizr0ZKgpIVj0b2w==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/css
last-modified
Mon, 02 Dec 2024 09:50:29 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a61972d1eb352fbc4f6728a71e21
x-77-nzt
EgwBWbuxGAH3lTcCAAwBnJI76AG3GAAAAA
cache-control
max-age=864000, public
via
1.1 441f91af2fc013470161b54d14d10a44.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
145301
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
widget_base.css
cdn.userway.org/styles/2024-12-02-09-47-30/ Frame 88DC
30 KB
0
Stylesheet
General
Full URL
https://cdn.userway.org/styles/2024-12-02-09-47-30/widget_base.css?v=1733132850231
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
f4a9f0660f5c68ff763c6f5eb2d89f977cc2a61ed5d3f2688a2257de0f65fef3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"35af998bd342763044abead4df839374"
age
237
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
3XWp53HXrTRLzFAL-SjED0Sppe4XvwUoNQg7Tvmizr0ZKgpIVj0b2w==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/css
last-modified
Mon, 02 Dec 2024 09:50:29 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a61972d1eb352fbc4f6728a71e21
x-77-nzt
EgwBWbuxGAH3lTcCAAwBnJI76AG3GAAAAA
cache-control
max-age=864000, public
via
1.1 441f91af2fc013470161b54d14d10a44.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
145301
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
widget_base.css
cdn.userway.org/styles/2024-12-02-09-47-30/ Frame 547E
30 KB
0
Stylesheet
General
Full URL
https://cdn.userway.org/styles/2024-12-02-09-47-30/widget_base.css?v=1733132850231
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
f4a9f0660f5c68ff763c6f5eb2d89f977cc2a61ed5d3f2688a2257de0f65fef3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"35af998bd342763044abead4df839374"
age
237
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
3XWp53HXrTRLzFAL-SjED0Sppe4XvwUoNQg7Tvmizr0ZKgpIVj0b2w==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/css
last-modified
Mon, 02 Dec 2024 09:50:29 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a61972d1eb352fbc4f6728a71e21
x-77-nzt
EgwBWbuxGAH3lTcCAAwBnJI76AG3GAAAAA
cache-control
max-age=864000, public
via
1.1 441f91af2fc013470161b54d14d10a44.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
145301
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
body_wh.svg
cdn.userway.org/widgetapp/images/
4 KB
3 KB
Image
General
Full URL
https://cdn.userway.org/widgetapp/images/body_wh.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
21eb1e487c899c6192c31800445bfb81caa7ff1fca550ea3fdb3444834d85710

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"1d8b1582fe82bd329041cc1982ad42e4"
age
26
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
zKK3hSTZTG3nuTtkF7xlQ9x3PhgmfpIll_l-YiQ4ISCq_LyzIN4zfA==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
image/svg+xml
last-modified
Mon, 02 Dec 2024 09:51:12 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a61972d1eb352fbc4f674cb61924
x-77-nzt
EgwBWbuxGAH3ljcCAAwBnJI73wG3AQAAAA
cache-control
max-age=25920000, public
via
1.1 33b70e58e860e3444a806072eb0401a6.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
145302
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
spin_wh.svg
cdn.userway.org/widgetapp/images/
2 KB
1 KB
Image
General
Full URL
https://cdn.userway.org/widgetapp/images/spin_wh.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
c45f637f905e1ea01ba81aa39e8da62ee7e7f8703c3da4c3bba55f6192e5834c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"8e0a35946bf39d10f46a1f1653366a0a"
age
26
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
V4LuMQ3PP7OMbe-7uSPJ8fo7c6dZ11W9tUeZdao6RvomqlHvsWaNSA==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
image/svg+xml
last-modified
Mon, 02 Dec 2024 09:51:13 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a61972d1eb352fbc4f6710ba1d24
x-77-nzt
EgwBWbuxGAH3ljcCAAwBnJI73wG3AQAAAA
cache-control
max-age=25920000, public
via
1.1 80f517c5ec4d986c177bb1a50f8c9156.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
145302
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
remediation-tool.js
cdn.userway.org/remediation/2024-12-02-09-47-30/paid/
72 KB
26 KB
Script
General
Full URL
https://cdn.userway.org/remediation/2024-12-02-09-47-30/paid/remediation-tool.js?ts=1733132850231
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
57eac1082a24c4bfbd926594f0af4d36f98e3b3695973a96e238d953d7e79fbb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://winteriscoming.net
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"4bb944a47acbfa9989f5f364f5b48f93"
age
232
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
2JQdA-hFATGiVOQdQ_5Z9Mnf1JLNz6jrqxRINIcrHmrbqi2bcF_mNA==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/javascript
last-modified
Mon, 02 Dec 2024 09:51:23 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a619a3077c382fbc4f67ff4c0125
x-77-nzt
EgwBWbuxGAH3lDcCAAwBnJI74gG3HAAAAA
cache-control
max-age=25920000, public
via
1.1 80f517c5ec4d986c177bb1a50f8c9156.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
145300
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
event
p.ad.gt/api/v1/
0
34 B
XHR
General
Full URL
https://p.ad.gt/api/v1/event
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/454
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://winteriscoming.net/

Response headers

cf-ray
8ec84fcacd5cc481-EWR
access-control-allow-origin
https://winteriscoming.net
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
vary
Origin
server
cloudflare
access-control-allow-credentials
true
event
p.ad.gt/api/v1/
0
34 B
XHR
General
Full URL
https://p.ad.gt/api/v1/event
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/454
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://winteriscoming.net/

Response headers

cf-ray
8ec84fcadd75c481-EWR
access-control-allow-origin
https://winteriscoming.net
cf-cache-status
DYNAMIC
date
Wed, 04 Dec 2024 02:19:27 GMT
vary
Origin
server
cloudflare
access-control-allow-credentials
true
event
p.ad.gt/api/v1/ Frame
0
0
Preflight
General
Full URL
https://p.ad.gt/api/v1/event
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://winteriscoming.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin
https://winteriscoming.net
allow
OPTIONS, POST
cf-cache-status
DYNAMIC
cf-ray
8ec84fca1c31c481-EWR
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 04 Dec 2024 02:19:27 GMT
server
cloudflare
vary
Origin
event
p.ad.gt/api/v1/ Frame
0
0
Preflight
General
Full URL
https://p.ad.gt/api/v1/event
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://winteriscoming.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-allow-origin
https://winteriscoming.net
allow
POST, OPTIONS
cf-cache-status
DYNAMIC
cf-ray
8ec84fca1c33c481-EWR
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 04 Dec 2024 02:19:27 GMT
server
cloudflare
vary
Origin
6xKxTM0LVUREaM9g.json
cdn.userway.org/remediations/consolidated/3505957/
1 MB
0
Fetch
General
Full URL
https://cdn.userway.org/remediations/consolidated/3505957/6xKxTM0LVUREaM9g.json
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/remediation/2024-12-02-09-47-30/paid/remediation-tool.js?ts=1733132850231
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
d744be23d9d42febe0cb4c44358f92d3a6ddfa5922a598ffca089a805c1a32b1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"9b7968934ee683dcb05c7a94c292feba"
age
14
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
0XUqy1mXHOVllr71npDst407YTdbfQH0jMonZXrcd4IMBaemrd3vuw==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json
last-modified
Fri, 29 Nov 2024 11:00:16 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a619a3077c382fbc4f67a3153d20
x-77-nzt
EgwBWbuxGAH3iC8CAAwBuTvfFAG35wcAAA
cache-control
public, max-age=31536000
via
1.1 100ce1d37f67e6c59753cd4c9c473afc.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
143240
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame A9D0
0
0
Document
General
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1f::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1438
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
28994
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 04 Dec 2024 01:55:29 GMT
expires
Wed, 04 Dec 2024 02:45:29 GMT
last-modified
Mon, 18 Nov 2024 20:43:40 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar
ep1.adtrafficquality.google/getconfig/
17 KB
13 KB
XHR
General
Full URL
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gpt&tv=m202412030101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412030101/pubads_impl.js?cb=31089182
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1f::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c8c28caf97c281ccc1cf355847535b7461beca728c1e10d04ea0b65eca520abc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
13267
date
Wed, 04 Dec 2024 02:19:27 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
pubcid.min.js
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/
732 B
897 B
Script
General
Full URL
https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
age
37788
x-content-type-options
nosniff
x-jsd-version-type
branch
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-eddf8230042-FRA, cache-lga21920-LGA
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=604800, s-maxage=43200
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
439
x-jsd-version
master
publishertag.ids.js
static.criteo.net/js/ld/
42 KB
13 KB
Script
General
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
1635d2075d3343c86490d2229c1fb868ad59d92958ef65e04cb65767c703e9f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"670e3454-a69c"
cross-origin-resource-policy
cross-origin
expires
Thu, 05 Dec 2024 02:19:27 GMT
access-control-allow-origin
*
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/javascript
last-modified
Tue, 15 Oct 2024 09:22:28 GMT
server
nginx
esp.js
oa.openxcdn.net/
24 KB
8 KB
Script
General
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-goog-metageneration
1
content-encoding
gzip
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag
"df5542b88bc0e368c6999754a5b9e2ba"
age
1031870
x-goog-stored-content-encoding
gzip
expires
Sat, 22 Nov 2025 03:41:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
7927
date
Fri, 22 Nov 2024 03:41:37 GMT
last-modified
Thu, 27 May 2021 18:30:51 GMT
content-type
application/javascript
x-guploader-uploadid
AFiumC4t03ktWx4NJjs2smSWwZ4Y3v9_2gOcuA3FU1ZIDarcIrIr2oEvk2ZraAupjlaatJ0onfw
cache-control
no-transform
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
x-goog-generation
1622140251693895
content-length
7927
server
UploadServer
ob.js
cdn-ima.33across.com/
17 KB
7 KB
Script
General
Full URL
https://cdn-ima.33across.com/ob.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.28.101 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ffa45453324362cbc5cc78288e04513100c2d61baf3a969717ea5df3d0dbb39

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
public, max-age=259200
content-encoding
gzip
cf-cache-status
HIT
etag
W/"671a7174-43df"
age
497033
cf-ray
8ec84fcafc4b3314-EWR
expires
Sat, 07 Dec 2024 02:19:27 GMT
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/javascript
last-modified
Thu, 24 Oct 2024 16:10:28 GMT
vary
Accept-Encoding
server
cloudflare
esp.js
cdn.id5-sync.com/api/1.0/
101 KB
29 KB
Script
General
Full URL
https://cdn.id5-sync.com/api/1.0/esp.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59855ab21479dde905cf48ff3e82c9c15fcf97c96f99276952e263ede1f58916
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-amz-id-2
94QWLJAOIGitDPZM7RsiAUgJ5lfyeKuRzrwiUkk8V/ZcOupy4aWR46PLR/EvaJVV7rHlAojrbNo=
strict-transport-security
max-age=15552000; includeSubDomains; preload
cache-control
public, max-age=3600
content-encoding
br
cf-cache-status
HIT
etag
W/"a7da20199e9cb2cd9232f608481d0778"
age
3368
x-amz-request-id
Y066K2QKACGJ7R7M
cf-ray
8ec84fcaef8a42a9-EWR
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/javascript;charset=utf-8
last-modified
Wed, 13 Nov 2024 11:06:09 GMT
vary
Accept-Encoding
server
cloudflare
x-amz-server-side-encryption
AES256
sync.min.js
tags.crwdcntrl.net/lt/c/16589/
43 KB
13 KB
Script
General
Full URL
https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-28.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
30b32e97f2e3e06deb742bf2e19daeb4f4657a956e836c2a25a7df2bc72f7500

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

vary
Accept-Encoding
cache-control
public, max-age=86400
content-encoding
gzip
etag
W/"7db46e1255a018ecf02f47b2c19c26c4"
age
60902
via
1.1 1631ac35bac9cbaaa7c65e1bf3666d7a.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
lLqinOGW-etIxv8ithnFq8pPz62CcC9Qd1HTWMmmVuEwo1VsaQen_Q==
date
Tue, 03 Dec 2024 09:24:26 GMT
content-type
text/javascript
last-modified
Tue, 20 Aug 2024 18:47:40 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
x-amz-server-side-encryption
AES256
uid2SecureSignal.js
cdn.prod.uidapi.com/
3 KB
4 KB
Script
General
Full URL
https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:7000:a:e047:754:f4a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1764e898369c24be8d7d1cbcb82079c27f3898fbc1883f388a5c1008dd30c9e8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-amz-version-id
0u1R0tyw.MUCZY63NwBE.7D35dRY5mh8
ETag
"0537d8d06dd9dfbe911ad6bf6504f4bf"
Age
71676
Connection
keep-alive
Via
1.1 b33e91c066f49dc7c18162b9a344e266.cloudfront.net (CloudFront)
Accept-Ranges
bytes
X-Cache
Hit from cloudfront
Content-Length
3181
X-Amz-Cf-Id
bH30OIcl5bn7gS3JiPORrg19BeJLCulMbZzwSamcym2RMs1ZyZ0CIA==
Date
Tue, 03 Dec 2024 06:24:52 GMT
Content-Type
text/javascript
Last-Modified
Wed, 31 Jul 2024 16:30:07 GMT
Server
AmazonS3
X-Amz-Cf-Pop
JFK50-P6
x-amz-server-side-encryption
AES256
ads
securepubads.g.doubleclick.net/gampad/
143 KB
22 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3765811627837896&correlator=1365521640005976&eid=31088967%2C31089182%2C31086809%2C95340253%2C95340255&output=ldjh&gdfp_req=1&vrg=202412030101&ptt=17&impl=fifs&gdpr=0&us_privacy=1---&iu_parts=175840252%2Cfansided%2Cwinteriscoming.net%2Ctop_d%2Cinfeed1_d&enc_prev_ius=0%2F1%2F2%2F3%2C0%2F1%2F2%2F4&prev_iu_szs=970x250%7C728x90%2C728x90&ifi=1&didk=1828506920~240928339&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1733278767792&lmt=1733278765&adxs=315%2C436&adys=200%2C919&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0&ucis=1%7C2&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fwinteriscoming.net%2F&vis=1&psz=970x0%7C728x0&msz=970x0%7C728x0&fws=0%2C0&ohw=0%2C0&td=1&egid=61709&tan=048c9f62-aead-4d03-86dc-79c56a407d40%2C048c9f62-aead-4d03-86dc-79c56a407d41&tdf=2&topics=9&tps=9&htps=10&a3p=EhkKCnB1YmNpZC5vcmcYnrXc-7gySABSAghkEhwKDWNyd2RjbnRybC5uZXQYoLXc-7gySABSAghkEh0KDmVzcC5jcml0ZW8uY29tGJ-13Pu4MkgAUgIIZBIZCgp1aWRhcGkuY29tGKC13Pu4MkgAUgIIZBIbCgxpZDUtc3luYy5jb20YoLXc-7gySABSAghkEhQKBW9wZW54GJ-13Pu4MkgAUgIIZBIbCgwzM2Fjcm9zcy5jb20Yn7Xc-7gySABSAghk&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1733278765538&idt=1143&prev_scp=hb_bidder%3DnoBids%26mm_hb_pb%3D0.00%26amznbid%3D2%26amznp%3D2%26pb_bid%3D0.0%26mmdf%3D0%26mm_viewability%3D0.60%26slotid%3D175840252%252Ffansided%252Fwinteriscoming.net%252Ftop_d%26page_number%3D1%26ad_type%3Ddisplay%26commercial-version%3Dcommercial-wrapper%26slot_position%3D1-1%26page_url%3Dhttps%253A%252F%252Fwinteriscoming.net%252F%26isRefresh%3D0%26SkinEnable%3Dtrue%26pageType%3DHomePage%7Chb_bidder%3DnoBids%26mm_hb_pb%3D0.00%26amznbid%3D2%26amznp%3D2%26pb_bid%3D0.0%26mmdf%3D0%26mm_viewability%3D0.70%26slotid%3D175840252%252Ffansided%252Fwinteriscoming.net%252Finfeed1_d%26page_number%3D1%26ad_type%3Ddisplay%26commercial-version%3Dcommercial-wrapper%26slot_position%3D3-1%26page_url%3Dhttps%253A%252F%252Fwinteriscoming.net%252F%26isRefresh%3D0%26SkinEnable%3Dfalse%26pageType%3DHomePage&cust_params=AU_SEG%3D%26articleId%3D%26mmUserIdentifier%3D7%26contentTags%3D%26distributionChannels%3D%26commercialTags%3D%26sessionid%3Dyc40kWH0Eoj5HMOK%26experiment%3D&adks=4079459187%2C2120694648&frm=20&eoidce=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412030101/pubads_impl.js?cb=31089182
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1f::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7ca187c727a65c28a3943337cc665d3761ab96a3533c9cd415d6e30a70c9d15e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-expose-headers
x-google-amp-ad-validated-version
content-encoding
dcb
google-lineitem-id
-1,-1
observe-browsing-topics
?1
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
-1,-1
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
22105
x-xss-protection
0
server
cafe
container.html
e23890915835ff161149d5e994685475.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F3BD
0
0
Document
General
Full URL
https://e23890915835ff161149d5e994685475.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202412030101/pubads_impl.js?cb=31089182
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 04 Dec 2024 02:19:27 GMT
expires
Wed, 04 Dec 2024 02:19:27 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
ep2.adtrafficquality.google/sodar/
18 KB
7 KB
Script
General
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 02:19:27 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
increment
id5-sync.com/api/esp/
0
234 B
XHR
General
Full URL
https://id5-sync.com/api/esp/increment?counter=no-config
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.118 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ns31533569.ip-162-19-138.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-origin
https://winteriscoming.net
date
Wed, 04 Dec 2024 02:19:27 GMT
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials
true
syncframe
gum.criteo.com/ Frame E116
0
0
Document
General
Full URL
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=winteriscoming.net&gdpr=0&gdpr_consent=
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 04 Dec 2024 02:19:27 GMT
server
Kestrel
server-processing-duration-in-ticks
810903
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
x-robots-tag
noindex
esp
oajs.openx.net/
85 B
317 B
Fetch
General
Full URL
https://oajs.openx.net/esp?url=https%3A%2F%2Fwinteriscoming.net%2F&rid=esp
Requested by
Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
143.107.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
d9edb5922009e8fcdbdaff4d37ea6903bc9f7079e0c4d16e9ee97327af3a358b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

etag
W/"55-US16kjC4Gg/0HlggJEUlr09SmiU"
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://winteriscoming.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
application/json; charset=utf-8
x-powered-by
Express
vary
Origin
runner.html
ep2.adtrafficquality.google/sodar/sodar2/232/ Frame 8E7F
0
0
Document
General
Full URL
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
1314
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 04 Dec 2024 01:57:34 GMT
expires
Wed, 04 Dec 2024 02:47:34 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame EAAF
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1b::69 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-OSvfvIP5OCEgr0MQ7saGdA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-OSvfvIP5OCEgr0MQ7saGdA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Wed, 04 Dec 2024 02:19:28 GMT
expires
Wed, 04 Dec 2024 02:19:28 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
pd
google-bidout-d.openx.net/w/1.0/ Frame 78DF
0
0
Document
General
Full URL
https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
453
content-type
text/html
date
Wed, 04 Dec 2024 02:19:27 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
translator
hbopenbid.pubmatic.com/
0
59 B
Fetch
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
207.65.37.179 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
https://winteriscoming.net
date
Wed, 04 Dec 2024 02:19:28 GMT
access-control-allow-credentials
true
prebid
ads.yieldmo.com/exchange/
0
371 B
Fetch
General
Full URL
https://ads.yieldmo.com/exchange/prebid?pbav=8.52.1&p=%5B%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Ftop_d____top_d_1_1_slot0____65_2%22%2C%22callback_id%22%3A%221592694198a21ad3%22%2C%22sizes%22%3A%5B%5B970%2C250%5D%2C%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Ftop_d____top_d_1_1_slot0____65_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Ftop_d____top_d_1_1_slot0____67_2%22%2C%22callback_id%22%3A%221602c0b69628cb51%22%2C%22sizes%22%3A%5B%5B970%2C250%5D%2C%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Ftop_d____top_d_1_1_slot0____67_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed2_d____infeed2_d_1_2_slot0____71_2%22%2C%22callback_id%22%3A%22161c0577f9590147%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed2_d____infeed2_d_1_2_slot0____71_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed2_d____infeed2_d_1_2_slot0____73_2%22%2C%22callback_id%22%3A%221621f42a5e63d8a1%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed2_d____infeed2_d_1_2_slot0____73_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed1_d____infeed1_d_1_3_slot0____77_2%22%2C%22callback_id%22%3A%22163319c51dd13c84%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed1_d____infeed1_d_1_3_slot0____77_2%22%7D%2C%7B%22placement_id%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed1_d____infeed1_d_1_3_slot0____79_2%22%2C%22callback_id%22%3A%221640e549e4114fa3%22%2C%22sizes%22%3A%5B%5B728%2C90%5D%5D%2C%22ym_placement_id%22%3A%223563318359569146577%22%2C%22gpid%22%3A%22175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed1_d____infeed1_d_1_3_slot0____79_2%22%7D%5D&page_url=https%3A%2F%2Fwinteriscoming.net%2F&bust=1733278768061&dnt=false&description=Winter%20is%20Coming%20%E2%80%93%20A%20Game%20of%20Thrones%2C%20Sci-Fi%2C%20and%20Fantasy%20Site&tmax=2500&userConsent=%7B%22gdprApplies%22%3A%22%22%2C%22cmp%22%3A%22%22%2C%22gpp%22%3A%22%22%2C%22gpp_sid%22%3A%5B%5D%7D&us_privacy=1---&pr=&scrd=1&title=Game%20of%20Thrones%20and%20sci-fi%2Ffantasy%20news%2C%20TV%2C%20and%20movies&w=1600&h=1200&cri_prebid=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q&eids=%5B%7B%22source%22%3A%22criteo.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22id5-sync.com%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22ID5*RxHVGZkqftKrF1OwAuIruW_qyaB3mGWF_bemWzlt4KffUU_yGRnc9DtBoX1qsMZQ%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22linkType%22%3A2%2C%22pba%22%3A%222NvU5ljvHMS2XNrFpIQCsQApSEEnH5XsTFj%2FNY%2BBW5g%3D%22%7D%7D%5D%7D%5D
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.220.40.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-220-40-212.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

x-robots-tag
none,NOINDEX,NOFOLLOW
access-control-allow-origin
https://winteriscoming.net
date
Wed, 04 Dec 2024 02:19:28 GMT
access-control-request-headers
Cache-Control, Pragma
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
POST, GET, OPTIONS
cdb
bidder.criteo.com/
0
559 B
Fetch
General
Full URL
https://bidder.criteo.com/cdb?profileId=207&av=36&wv=8.52.1&cb=20690601356&lsavail=0
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=31536000; preload;
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
observe-browsing-topics
?1
access-control-allow-origin
https://winteriscoming.net
date
Wed, 04 Dec 2024 02:19:28 GMT
vary
Origin
server
Kestrel
hb-mm-multi
hb.minutemedia-prebid.com/
84 B
474 B
Fetch
General
Full URL
https://hb.minutemedia-prebid.com/hb-mm-multi
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
18.211.109.241 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-211-109-241.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
90517d55ed5bdd2dd0680f450b94d016545bed326153aafb45b474a777e20cce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
x-envoy-upstream-service-time
2
access-control-allow-credentials
true
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://winteriscoming.net
content-length
109
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json
server
istio-envoy
x-reason
maxmind hosting provider
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF, X-Requested-With
prebid-request
onetag-sys.com/
15 B
414 B
Fetch
General
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.239.230 , Canada, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ip230.ip-51-222-239.net
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
content-length
41
content-type
application/json
access-control-allow-headers
content-type, origin, referer, user-agent
hbjson
grid.bidswitch.net/
25 B
319 B
Fetch
General
Full URL
https://grid.bidswitch.net/hbjson
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::30 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
7580e2154f7f46ece9b99534a24e43726f514d668cdd6d7a33c92879ca8e7822
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-store, must-revalidate, no-cache
content-encoding
br
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json
vary
Accept-Encoding, Origin
server
Kestrel
prebidjs
rtb.openx.net/openrtbb/
53 B
131 B
Fetch
General
Full URL
https://rtb.openx.net/openrtbb/prebidjs
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.253.211 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
211.253.186.35.bc.googleusercontent.com
Software
/
Resource Hash
a12cd3a51ffd912f5000e1a5b3b197a6e314d3806be5095304a2a36095690c8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
x-forwarded-for
5.181.234.132
access-control-allow-credentials
true
observe-browsing-topics
?1
via
1.1 google
access-control-allow-origin
https://winteriscoming.net
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
77
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/plain
vary
Origin
v1
hb-api.omnitagjs.com/hb-api/prebid/
1 KB
862 B
Fetch
General
Full URL
https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwinteriscoming.net%2F&PageUrl=https%3A%2F%2Fwinteriscoming.net%2F&PageReferrer=https%3A%2F%2Fwinteriscoming.net%2F&CanonicalUrl=https%3A%2F%2Fwinteriscoming.net%2F
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.245.40.102 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
102.40.245.35.bc.googleusercontent.com
Software
/
Resource Hash
0d72088c7754c751e231fde66f09f715ca078574c361b9662e5569a400b06c2d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3600
content-encoding
br
access-control-allow-methods
OPTIONS, POST
x-content-type-options
nosniff
expires
0
x-kong-proxy-latency
0
p3p
CP="CAO PSA OUR"
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding, Accept-Encoding
access-control-allow-headers
Accept-Encoding, Content-Type
cache-control
no-cache, no-store, must-revalidate
x-kong-request-id
1c6f3b7cb7292157648630528ce37d5c
pragma
no-cache
access-control-allow-credentials
true
via
kong/3.6.1
x-kong-upstream-latency
44
access-control-allow-origin
https://winteriscoming.net
fastlane.json
fastlane.rubiconproject.com/a/api/
427 B
461 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=2&alt_size_ids=57&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&eid_id5-sync.com=ID5*RxHVGZkqftKrF1OwAuIruW_qyaB3mGWF_bemWzlt4KffUU_yGRnc9DtBoX1qsMZQ%5E1%5E2&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Ftop_d____top_d_1_1_slot0____65_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=2087664be0d2a02d&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.4782632345814193
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
f8f93c4c2609fb8ae9975a99d1e0851c51777b69e8388f5b0c97e2d2a4323a43

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
427
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
427 B
461 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=2&alt_size_ids=57&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&eid_id5-sync.com=ID5*RxHVGZkqftKrF1OwAuIruW_qyaB3mGWF_bemWzlt4KffUU_yGRnc9DtBoX1qsMZQ%5E1%5E2&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Ftop_d____top_d_1_1_slot0____67_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=2096f1907dfee0ca&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.9285896584052962
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
deedcc3109eac44732c4750a5bc8ed4d39c6c427f1007aa3dfb05b254b6d568b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
427
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
415 B
449 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=2&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&eid_id5-sync.com=ID5*RxHVGZkqftKrF1OwAuIruW_qyaB3mGWF_bemWzlt4KffUU_yGRnc9DtBoX1qsMZQ%5E1%5E2&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed2_d____infeed2_d_1_2_slot0____71_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=210b9434f407df46&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.28716872554799067
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
f9deaf68dfcd615d422dd020f1a117a85bec167e9ee1ef218ee83a9adb03a181

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
415
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
415 B
449 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=2&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&eid_id5-sync.com=ID5*RxHVGZkqftKrF1OwAuIruW_qyaB3mGWF_bemWzlt4KffUU_yGRnc9DtBoX1qsMZQ%5E1%5E2&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed2_d____infeed2_d_1_2_slot0____73_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=2114730d122d5e57&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.6252245922606006
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
985439e624e2d00a62f6ab6fcc6738cd7281f95acd61fd610586bd0669c8874c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
415
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
415 B
472 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=2&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&eid_id5-sync.com=ID5*RxHVGZkqftKrF1OwAuIruW_qyaB3mGWF_bemWzlt4KffUU_yGRnc9DtBoX1qsMZQ%5E1%5E2&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed1_d____infeed1_d_1_3_slot0____77_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=2125f55e1424c001&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.6833607291293178
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
a63464b261cbda77815af53f6587f68cfeb352447f2896c0dd9784b1062e7c09

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
415
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
fastlane.json
fastlane.rubiconproject.com/a/api/
415 B
449 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17598&site_id=545116&zone_id=3389672&size_id=2&gdpr=0&us_privacy=1---&eid_criteo.com=OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q%5E1&eid_id5-sync.com=ID5*RxHVGZkqftKrF1OwAuIruW_qyaB3mGWF_bemWzlt4KffUU_yGRnc9DtBoX1qsMZQ%5E1%5E2&rf=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.domain=winteriscoming.net&tg_i.page=https%3A%2F%2Fwinteriscoming.net%2F&tg_i.pbadslot=175840252%2Ffansided%2Fwinteriscoming(dot)net%2Finfeed1_d____infeed1_d_1_3_slot0____79_2&tk_flint=pbjs_lite_v8.52.1&l_pb_bid_id=213cf90a3afeb3fd&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.6179613549260448
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.27.2 /
Resource Hash
b406d3a8df3a5f266caeddfd71877956f730fb03d39ddb0b9ee016f17cef1eac

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
415
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.27.2
pbjs
htlb.casalemedia.com/openrtb/
38 B
660 B
Fetch
General
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=1117395
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.27.193 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
df0b1932128c05ccaaed0733bbabedb592943bd27d42b219f1f49538a966e16e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ue2GEvgV6Ye2OCCYtBlskS1gF2yHdD6l1cQoxCp0VZJJc%2BCQ%2BiG1x46M1sranGVI%2BAWlE%2FontoMCp8C5ToexUhEOOtc1Hv6mI2m6MR1dxiEOpXBboir6dieh%2BruYSA3MJLzkMAbV"}],"group":"cf-nel","max_age":604800}
observe-browsing-topics
?1
expires
0
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json
vary
Accept-Encoding
priority
u=1,i
cache-control
no-cache
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
access-control-allow-credentials
true
cf-ray
8ec84fcc8efc43a1-EWR
access-control-allow-origin
https://winteriscoming.net
content-length
38
server
cloudflare
auction
tlx.3lift.com/header/
19 B
1 KB
Fetch
General
Full URL
https://tlx.3lift.com/header/auction?lib=prebid&v=8.52.1&referrer=https%3A%2F%2Fwinteriscoming.net%2F&tmax=2500&gdpr=false&us_privacy=1---
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.233.183.24 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-233-183-24.compute-1.amazonaws.com
Software
/
Resource Hash
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
accept-ch
sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile,sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent
access-control-allow-credentials
true
observe-browsing-topics
?1
expires
Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin
https://winteriscoming.net
x-auction-status
12, 12, 12, 12, 12, 12
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
x-xss-protection
0
content-type
application/json; charset=utf-8
vary
Accept-Encoding
prebid
ib.adnxs.com/ut/v3/
19 B
1019 B
Fetch
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.184 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
5.181.234.132; 5.181.234.132; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
https://winteriscoming.net
an-x-request-uuid
d69abca1-911c-4d26-8650-e60d08b886e4
content-length
19
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Wed, 04 Dec 2024 02:19:28 GMT
x-xss-protection
0
content-type
application/json; charset=utf-8
server
nginx/1.23.4
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
/
shb.richaudience.com/hb/
0
175 B
Fetch
General
Full URL
https://shb.richaudience.com/hb/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
208.115.232.246 Los Angeles, United States, ASN46475 (LIMESTONENETWORKS, US),
Reverse DNS
246-232-115-208.static.reverse.lstn.net
Software
nginx/1.14.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
access-control-allow-credentials
true
access-control-allow-origin
https://winteriscoming.net
content-length
0
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json; charset=utf-8
vary
Origin
server
nginx/1.14.1
bid-request
a.teads.tv/hb/
16 B
404 B
Fetch
General
Full URL
https://a.teads.tv/hb/bid-request
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.41.169.52 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-41-169-52.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://winteriscoming.net/

Response headers

cache-control
max-age=0, no-cache, no-store
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-WoW64
pragma
no-cache
access-control-allow-credentials
true
observe-browsing-topics
?1
expires
Wed, 04 Dec 2024 02:19:28 GMT
access-control-allow-origin
https://winteriscoming.net
content-length
42
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/json
vary
Accept-Encoding
bid
aax.amazon-adsystem.com/e/dtb/
23 B
375 B
XHR
General
Full URL
https://aax.amazon-adsystem.com/e/dtb/bid?src=3777&u=https%3A%2F%2Fwinteriscoming.net%2F&pid=OxF9a7KEQzX8c&cb=1&ws=1600x1200&v=24.1107.1713&t=2500&slots=%5B%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Ftop_d____top_d_1_1_slot0____81_1_a9%22%2C%22s%22%3A%5B%22970x250%22%2C%22728x90%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Ftop_d%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Ftop_d____top_d_1_1_slot0____82_1_a9%22%2C%22s%22%3A%5B%22970x250%22%2C%22728x90%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Ftop_d%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Finfeed2_d____infeed2_d_1_2_slot0____83_1_a9%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Finfeed2_d%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Finfeed2_d____infeed2_d_1_2_slot0____84_1_a9%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Finfeed2_d%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Finfeed1_d____infeed1_d_1_3_slot0____85_1_a9%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Finfeed1_d%22%7D%2C%7B%22sd%22%3A%22175840252%2Ffansided%2Fwinteriscoming%28dot%29net%2Finfeed1_d____infeed1_d_1_3_slot0____86_1_a9%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22sn%22%3A%22175840252%2Ffansided%2Fwinteriscoming.net%2Finfeed1_d%22%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22source%22%3A2%2C%22platform%22%3A%7B%22brand%22%3A%22%22%2C%22version%22%3A%5B%22%22%5D%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&cfgv=1&sm=44a188c2-29f4-498d-b8bf-717cb611f76d&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D&vm=%7B%22ids%22%3A%7B%22audigent%22%3A%22060ixe9ju6a65fki6dhja8hebk9cd86ea6juom6wi0e0yoyu0kswe4smgy6ik40me%22%2C%22id5%22%3A%22ID5*RxHVGZkqftKrF1OwAuIruW_qyaB3mGWF_bemWzlt4KffUU_yGRnc9DtBoX1qsMZQ%22%7D%7D
Requested by
Host: c.aps.amazon-adsystem.com
URL: https://c.aps.amazon-adsystem.com/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.108.113 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-108-113.jfk50.r.cloudfront.net
Software
Server /
Resource Hash
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
access-control-allow-credentials
true
via
1.1 00266a01055b9f1e1ad959f077c1d96a.cloudfront.net (CloudFront)
access-control-allow-origin
https://winteriscoming.net
x-cache
Miss from cloudfront
content-length
43
x-amz-cf-id
_gn3xTNGUWk1oQk8pIV9h_475JTrVEVdhuWsc9n0lWLubvnxcjTc3g==
date
Wed, 04 Dec 2024 02:19:27 GMT
content-type
text/javascript;charset=UTF-8
x-amz-cf-pop
JFK50-P6
server
Server
ip_match
ids4.ad.gt/api/v1/
0
191 B
Image
General
Full URL
https://ids4.ad.gt/api/v1/ip_match?id=AU1D-0100-001733278767-XOAZ8OUS-LOSY
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.162.65.214 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-162-65-214.us-west-2.compute.amazonaws.com
Software
timberwolf /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-length
0
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
text/html; charset=utf-8
server
timberwolf
/
stats.bqstreamer.com/
0
0

grumi.js
rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/ Frame 79DE
485 KB
0
Script
General
Full URL
https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:a400:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b5ce626628e8825b9361c84c9e94a389d2c00e4a72fc51a77f95bb22b792843b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

vary
Accept-Encoding
cache-control
public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
timing-allow-origin
*
content-encoding
br
etag
W/"13e6ff0e0a9e471400419871059d5b30"
age
3217
via
1.1 a0be26685e47d6d6220ccd40bc5f0a4e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
s3ClLhX4MsOXYrc62ZGji6gJPi84GSwBh5GSZTJs1xmK8eH5xHamhQ==
date
Wed, 04 Dec 2024 01:25:49 GMT
content-type
text/javascript
last-modified
Wed, 04 Dec 2024 01:03:57 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
grumi.js
rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/ Frame 6F3C
485 KB
0
Script
General
Full URL
https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:a400:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b5ce626628e8825b9361c84c9e94a389d2c00e4a72fc51a77f95bb22b792843b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

vary
Accept-Encoding
cache-control
public,max-age=3600,stale-while-revalidate=3600,immutable,must-revalidate
timing-allow-origin
*
content-encoding
br
etag
W/"13e6ff0e0a9e471400419871059d5b30"
age
3217
via
1.1 a0be26685e47d6d6220ccd40bc5f0a4e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
s3ClLhX4MsOXYrc62ZGji6gJPi84GSwBh5GSZTJs1xmK8eH5xHamhQ==
date
Wed, 04 Dec 2024 01:25:49 GMT
content-type
text/javascript
last-modified
Wed, 04 Dec 2024 01:03:57 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
amp4ads-v0.mjs
cdn.ampproject.org/rtv/012406252034000/ Frame 79DE
196 KB
56 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012406252034000/amp4ads-v0.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
278685d4467e915e1a1ce58a24e15dcdefbd7719acf70a59655361c35f8e273d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
etag
"ab8c5e684db96b44"
age
16513
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 21:44:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 03 Dec 2024 21:44:15 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
56152
x-xss-protection
0
server
sffe
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012406252034000/v0/ Frame 79DE
15 KB
5 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012406252034000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa843245814c185e1139a54052cf819ea23a33ac393d90f3525958116681e8be
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
etag
"de79a6048671db85"
age
16513
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 21:44:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 03 Dec 2024 21:44:15 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
5219
x-xss-protection
0
server
sffe
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012406252034000/v0/ Frame 79DE
95 KB
28 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012406252034000/v0/amp-analytics-0.1.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7442d5ba404c482128280bb0416c3d62c8d06868594c1a23892b06df1ee2983a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
etag
"16a9579aec57c4a5"
age
16513
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 21:44:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 03 Dec 2024 21:44:15 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
29025
x-xss-protection
0
server
sffe
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012406252034000/v0/ Frame 79DE
5 KB
2 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012406252034000/v0/amp-fit-text-0.1.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4a66f520e5a1676afa712f63b38fec877047301b208e1d2df15fd94d16a2435
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
etag
"b7204740773aee25"
age
16513
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 21:44:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 03 Dec 2024 21:44:15 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
1907
x-xss-protection
0
server
sffe
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012406252034000/v0/ Frame 79DE
40 KB
13 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012406252034000/v0/amp-form-0.1.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0e284c175ea1cd1866d5d88171f3ca5fcad2b370093f0ae7891c152827a12dd0
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
etag
"c65b00eac3dcf073"
age
16513
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 21:44:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 03 Dec 2024 21:44:15 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
12949
x-xss-protection
0
server
sffe
css
fonts.googleapis.com/ Frame 79DE
4 KB
801 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d95ef68aba30eecf80756ae2645af00669c14c2def73eb5d528a5f767e3392d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 02:19:28 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 04 Dec 2024 00:57:45 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
css
fonts.googleapis.com/ Frame 79DE
4 KB
778 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500&text=
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d95ef68aba30eecf80756ae2645af00669c14c2def73eb5d528a5f767e3392d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 02:19:28 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 04 Dec 2024 01:13:35 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
truncated
/ Frame 79DE
210 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
89c240d7f6ec668f2abb06a3d3921b870b1d2b2801405ad19202596b0ec8af31

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 79DE
2 KB
3 KB
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
public, max-age=86400
timing-allow-origin
*
etag
14819457070020093239
age
49175
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 12:39:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
2502
x-xss-protection
0
date
Tue, 03 Dec 2024 12:39:53 GMT
content-type
image/png
vary
Accept-Encoding
server
cafe
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 79DE
295 B
663 B
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
public, max-age=86400
timing-allow-origin
*
etag
426692510519060060
age
5381
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Thu, 05 Dec 2024 00:49:47 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
295
x-xss-protection
0
date
Wed, 04 Dec 2024 00:49:47 GMT
content-type
image/png
vary
Accept-Encoding
server
cafe
12016947062776284500
s0.2mdn.net/simgad/ Frame 79DE
194 KB
194 KB
Image
General
Full URL
https://s0.2mdn.net/simgad/12016947062776284500
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::94 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7d554338eb87d26504ecaf220d55695296ded4a6933c916f528031937d872698
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

age
310770
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Sun, 30 Nov 2025 11:59:58 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons
true
date
Sat, 30 Nov 2024 11:59:58 GMT
last-modified
Mon, 09 Sep 2024 20:25:51 GMT
content-type
image/jpeg
cache-control
public, max-age=31536000
timing-allow-origin
*
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
198502
x-xss-protection
0
server
sffe
7285728792430406167
s0.2mdn.net/simgad/ Frame 79DE
13 KB
13 KB
Image
General
Full URL
https://s0.2mdn.net/simgad/7285728792430406167
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::94 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
111d54cba674c43f4607ffe44c574cce2bc419baf830fbbe3601ce00c6665bc3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

age
243609
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Mon, 01 Dec 2025 06:39:19 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons
true
date
Sun, 01 Dec 2024 06:39:19 GMT
last-modified
Mon, 09 Sep 2024 20:25:47 GMT
content-type
image/png
cache-control
public, max-age=31536000
timing-allow-origin
*
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
13064
x-xss-protection
0
server
sffe
attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDI1NDIxMTYKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL2dvb2dsZS5jb20iCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3Jp...
ad.doubleclick.net/ddm/activity/ Frame 79DE
Redirect Chain
  • https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ABA9p3UaLB3hAaSc7-gwyljtaKLxAJ5b4h3GtlybBA39wQbMmB_eqDrNgqrlv9VZ_IFMxs511tEO4FT1wZDsmxtGxRo-7blox3yLI-ltZyzjboEcFL43Mfi9XHf0sekQyIC8qBqIHvq4kw...
  • https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDI1NDIxMTYKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL2dvb2dsZS5jb20iCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlv...
0
22 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDI1NDIxMTYKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL2dvb2dsZS5jb20iCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMzAKZXZlbnRfaW1wcmVzc2lvbl9pZDogODA1NDk0NjU5MjMzODQ3MDAzNgpkZWJ1Z19rZXk6IDE0NTIzNDYyNzE4NTk3NDY3NTA3CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyNC0xMi0wNCIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDI1NDIxMTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX01PQklMRV9CUk9XU0VSX0NMQVNTCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDAyNjk0MDUxCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzE5MzUKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMjE4NTg5MTU3MzIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA1OTU5NDE2MDQKICB9Cn0KYXJjaGV0eXBlX2lkOiAyMjA5MzMwOAphcmNoZXR5cGVfaWQ6IDIyMDkzMzA5CmFyY2hldHlwZV9pZDogMjIwOTMzMTAKYXJjaGV0eXBlX2lkOiAyMjA5MzMxMQpmbG9vZGxpZ2h0X2FjdGl2aXRpZXNfZm9yX2JpZGRpbmc6IDQxOTQ2NTEKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2dvb2dsZS5jb20iCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly95b3V0dWJlLmNvbSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2dvb2dsZS5jbiIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDc4MDgxMTYzMjY0CmRtYV9wcm9kdWN0X2lkOiAxMjI3MTU4MzcKeGZhX2F0dHJpYnV0aW9uX2FwaV90eXBlOiBYRkFfQVRUUklCVVRJT05fQVBJX1RZUEVfV0VCCmVjaG9fc2VydmVyX2FjdGlvbjogRUNIT19TRVJWRVJfQUNUSU9OX1VTRV9CRVNUX0FWQUlMQUJMRV9BUkEKZXZlbnRfcmVwb3J0aW5nX3dpbmRvd3MgewogIGVuZF90aW1lc19zZWNvbmRzOiA4NjQwMAogIGVuZF90aW1lc19zZWNvbmRzOiAzNDU2MDAKfQptYXhfZXZlbnRfbGV2ZWxfcmVwb3J0czogMgpmbG9vZGxpZ2h0X2FyYV9jb25maWdzIHsKICBhcmNoZXR5cGVzX2NvbmZpZyB7CiAgICBhZ2dyZWdhdGVfa2V5X2FyY2hldHlwZXMgewogICAgICBhcmNoZXR5cGVfaWQ6IDIyMDkzMzA4CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxMgogICAgICBjb252ZXJzaW9uX2FyY2hldHlwZV9pZDogMgogICAgICBjb252X21ldHJpY190eXBlOiBNRVRSSUNfVFlQRV9DT1VOVAogICAgICBhZ2dyZWdhdGVfa2V5X2xldmVsOiAxCiAgICAgIGNvbnRyaWJ1dGlvbl9wZXJjZW50YWdlOiAwLjAxCiAgICB9CiAgICBhZ2dyZWdhdGVfa2V5X2FyY2hldHlwZXMgewogICAgICBhcmNoZXR5cGVfaWQ6IDIyMDkzMzA5CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxMwogICAgICBjb252ZXJzaW9uX2FyY2hldHlwZV9pZDogMgogICAgICBjb252X21ldHJpY190eXBlOiBNRVRSSUNfVFlQRV9DT1VOVAogICAgICBhZ2dyZWdhdGVfa2V5X2xldmVsOiAyCiAgICAgIGNvbnRyaWJ1dGlvbl9wZXJjZW50YWdlOiAwLjAxCiAgICB9CiAgICBhZ2dyZWdhdGVfa2V5X2FyY2hldHlwZXMgewogICAgICBhcmNoZXR5cGVfaWQ6IDIyMDkzMzEwCiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxNAogICAgICBjb252ZXJzaW9uX2FyY2hldHlwZV9pZDogMgogICAgICBjb252X21ldHJpY190eXBlOiBNRVRSSUNfVFlQRV9DT1VOVAogICAgICBhZ2dyZWdhdGVfa2V5X2xldmVsOiAzCiAgICAgIGNvbnRyaWJ1dGlvbl9wZXJjZW50YWdlOiAwLjAxCiAgICB9CiAgICBhZ2dyZWdhdGVfa2V5X2FyY2hldHlwZXMgewogICAgICBhcmNoZXR5cGVfaWQ6IDIyMDkzMzExCiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxNQogICAgICBjb252ZXJzaW9uX2FyY2hldHlwZV9pZDogMgogICAgICBjb252X21ldHJpY190eXBlOiBNRVRSSUNfVFlQRV9DT1VOVAogICAgICBhZ2dyZWdhdGVfa2V5X2xldmVsOiA0CiAgICAgIGNvbnRyaWJ1dGlvbl9wZXJjZW50YWdlOiAwLjk3CiAgICB9CiAgICBpbXByZXNzaW9uX2FyY2hldHlwZXMgewogICAgICBpbXByZXNzaW9uX2FyY2hldHlwZV9pZDogMTIKICAgICAgW2Fkcy5yZWdpc3RyYXRpb25fbGliLkNvbW1vbkltcHJlc3Npb25BcmNoZXR5cGUuaW1wcmVzc2lvbl9hcmNoZXR5cGVdIHsKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogICAgICB9CiAgICB9CiAgICBpbXByZXNzaW9uX2FyY2hldHlwZXMgewogICAgICBpbXByZXNzaW9uX2FyY2hldHlwZV9pZDogMTMKICAgICAgW2Fkcy5yZWdpc3RyYXRpb25fbGliLkNvbW1vbkltcHJlc3Npb25BcmNoZXR5cGUuaW1wcmVzc2lvbl9hcmNoZXR5cGVdIHsKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX01PQklMRV9CUk9XU0VSX0NMQVNTCiAgICAgIH0KICAgIH0KICAgIGltcHJlc3Npb25fYXJjaGV0eXBlcyB7CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxNAogICAgICBbYWRzLnJlZ2lzdHJhdGlvbl9saWIuQ29tbW9uSW1wcmVzc2lvbkFyY2hldHlwZS5pbXByZXNzaW9uX2FyY2hldHlwZV0gewogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fTU9CSUxFX0JST1dTRVJfQ0xBU1MKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICAgICAgfQogICAgfQogICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVzIHsKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDE1CiAgICAgIFthZHMucmVnaXN0cmF0aW9uX2xpYi5Db21tb25JbXByZXNzaW9uQXJjaGV0eXBlLmltcHJlc3Npb25fYXJjaGV0eXBlXSB7CiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9NT0JJTEVfQlJPV1NFUl9DTEFTUwogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgICAgIH0KICAgIH0KICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlcyB7CiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIFthZHMucmVnaXN0cmF0aW9uX2xpYi5Db21tb25Db252ZXJzaW9uQXJjaGV0eXBlLmNvbnZlcnNpb25fYXJjaGV0eXBlXSB7CiAgICAgICAgY29udmVyc2lvbl9hdHRyaWJ1dGVzOiBDT05WRVJTSU9OX0RJTUVOU0lPTl9DT05WRVJTSU9OX0RBVEUKICAgICAgICBjb252ZXJzaW9uX2F0dHJpYnV0ZXM6IENPTlZFUlNJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQUNUSVZJVFlfSUQKICAgICAgICBjb252ZXJzaW9uX2F0dHJpYnV0ZXM6IENPTlZFUlNJT05fRElNRU5TSU9OX0lTX0JJRERBQkxFCiAgICAgICAgY29udmVyc2lvbl9hdHRyaWJ1dGVzOiBDT05WRVJTSU9OX0RJTUVOU0lPTl9JU19HQ0xJRF9KT0lOQUJMRQogICAgICB9CiAgICB9CiAgICBtYXhfYXR0cmlidXRpb25zX3Blcl9pbXByZXNzaW9uOiAyMAogIH0KICBzdGFydF9kYXRlOiAyMDI0MDkxMQogIGNvbmZpZ19zdGF0dXM6IFNUQVRVU19PSwp9Cg
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H3
Server
64.233.180.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
on-in-f149.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 04 Dec 2024 02:19:28 GMT
x-xss-protection
0
attribution-reporting-register-source
{"aggregation_keys":{"22093308":"0x700f628040032df60000000000000000","22093309":"0xa846b44f550314080000000000000000","22093310":"0xd68b64fb8fcabf660000000000000000","22093311":"0x3e03c2b9b0ca42ce0000000000000000"},"debug_key":"14523462718597467507","debug_reporting":true,"destination":["https://google.com","https://youtube.com","https://google.cn"],"event_report_windows":{"end_times":[86400,345600]},"expiry":"2592000","filter_data":{"14":["4194651"],"21":[],"23":[],"24":[],"25":[],"26":[],"27":[],"28":[],"29":[],"8":["2542116"]},"max_event_level_reports":2,"priority":"0","source_event_id":"8054946592338470036"}
content-type
image/png
server
cafe

Redirect headers

x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
location
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDI1NDIxMTYKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL2dvb2dsZS5jb20iCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMzAKZXZlbnRfaW1wcmVzc2lvbl9pZDogODA1NDk0NjU5MjMzODQ3MDAzNgpkZWJ1Z19rZXk6IDE0NTIzNDYyNzE4NTk3NDY3NTA3CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiMjAyNC0xMi0wNCIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDI1NDIxMTYKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAwCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX01PQklMRV9CUk9XU0VSX0NMQVNTCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgc3RyaW5nX3ZhbHVlOiAiVVMiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX1BMQUNFTUVOVF9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogNDAyNjk0MDUxCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAzMzE5MzUKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMjE4NTg5MTU3MzIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA1OTU5NDE2MDQKICB9Cn0KYXJjaGV0eXBlX2lkOiAyMjA5MzMwOAphcmNoZXR5cGVfaWQ6IDIyMDkzMzA5CmFyY2hldHlwZV9pZDogMjIwOTMzMTAKYXJjaGV0eXBlX2lkOiAyMjA5MzMxMQpmbG9vZGxpZ2h0X2FjdGl2aXRpZXNfZm9yX2JpZGRpbmc6IDQxOTQ2NTEKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2dvb2dsZS5jb20iCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly95b3V0dWJlLmNvbSIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2dvb2dsZS5jbiIKaW1wcmVzc2lvbl9ldmVudF9yZXBvcnRpbmdfd2luZG93X2RheXM6IDQKYnJvd3Nlcl9hdHRyaWJ1dGlvbl9hcGlfcmVxdWVzdF9wcm9jZXNzaW5nX2JpdHM6IDc4MDgxMTYzMjY0CmRtYV9wcm9kdWN0X2lkOiAxMjI3MTU4MzcKeGZhX2F0dHJpYnV0aW9uX2FwaV90eXBlOiBYRkFfQVRUUklCVVRJT05fQVBJX1RZUEVfV0VCCmVjaG9fc2VydmVyX2FjdGlvbjogRUNIT19TRVJWRVJfQUNUSU9OX1VTRV9CRVNUX0FWQUlMQUJMRV9BUkEKZXZlbnRfcmVwb3J0aW5nX3dpbmRvd3MgewogIGVuZF90aW1lc19zZWNvbmRzOiA4NjQwMAogIGVuZF90aW1lc19zZWNvbmRzOiAzNDU2MDAKfQptYXhfZXZlbnRfbGV2ZWxfcmVwb3J0czogMgpmbG9vZGxpZ2h0X2FyYV9jb25maWdzIHsKICBhcmNoZXR5cGVzX2NvbmZpZyB7CiAgICBhZ2dyZWdhdGVfa2V5X2FyY2hldHlwZXMgewogICAgICBhcmNoZXR5cGVfaWQ6IDIyMDkzMzA4CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxMgogICAgICBjb252ZXJzaW9uX2FyY2hldHlwZV9pZDogMgogICAgICBjb252X21ldHJpY190eXBlOiBNRVRSSUNfVFlQRV9DT1VOVAogICAgICBhZ2dyZWdhdGVfa2V5X2xldmVsOiAxCiAgICAgIGNvbnRyaWJ1dGlvbl9wZXJjZW50YWdlOiAwLjAxCiAgICB9CiAgICBhZ2dyZWdhdGVfa2V5X2FyY2hldHlwZXMgewogICAgICBhcmNoZXR5cGVfaWQ6IDIyMDkzMzA5CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxMwogICAgICBjb252ZXJzaW9uX2FyY2hldHlwZV9pZDogMgogICAgICBjb252X21ldHJpY190eXBlOiBNRVRSSUNfVFlQRV9DT1VOVAogICAgICBhZ2dyZWdhdGVfa2V5X2xldmVsOiAyCiAgICAgIGNvbnRyaWJ1dGlvbl9wZXJjZW50YWdlOiAwLjAxCiAgICB9CiAgICBhZ2dyZWdhdGVfa2V5X2FyY2hldHlwZXMgewogICAgICBhcmNoZXR5cGVfaWQ6IDIyMDkzMzEwCiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxNAogICAgICBjb252ZXJzaW9uX2FyY2hldHlwZV9pZDogMgogICAgICBjb252X21ldHJpY190eXBlOiBNRVRSSUNfVFlQRV9DT1VOVAogICAgICBhZ2dyZWdhdGVfa2V5X2xldmVsOiAzCiAgICAgIGNvbnRyaWJ1dGlvbl9wZXJjZW50YWdlOiAwLjAxCiAgICB9CiAgICBhZ2dyZWdhdGVfa2V5X2FyY2hldHlwZXMgewogICAgICBhcmNoZXR5cGVfaWQ6IDIyMDkzMzExCiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxNQogICAgICBjb252ZXJzaW9uX2FyY2hldHlwZV9pZDogMgogICAgICBjb252X21ldHJpY190eXBlOiBNRVRSSUNfVFlQRV9DT1VOVAogICAgICBhZ2dyZWdhdGVfa2V5X2xldmVsOiA0CiAgICAgIGNvbnRyaWJ1dGlvbl9wZXJjZW50YWdlOiAwLjk3CiAgICB9CiAgICBpbXByZXNzaW9uX2FyY2hldHlwZXMgewogICAgICBpbXByZXNzaW9uX2FyY2hldHlwZV9pZDogMTIKICAgICAgW2Fkcy5yZWdpc3RyYXRpb25fbGliLkNvbW1vbkltcHJlc3Npb25BcmNoZXR5cGUuaW1wcmVzc2lvbl9hcmNoZXR5cGVdIHsKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogICAgICB9CiAgICB9CiAgICBpbXByZXNzaW9uX2FyY2hldHlwZXMgewogICAgICBpbXByZXNzaW9uX2FyY2hldHlwZV9pZDogMTMKICAgICAgW2Fkcy5yZWdpc3RyYXRpb25fbGliLkNvbW1vbkltcHJlc3Npb25BcmNoZXR5cGUuaW1wcmVzc2lvbl9hcmNoZXR5cGVdIHsKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX01PQklMRV9CUk9XU0VSX0NMQVNTCiAgICAgIH0KICAgIH0KICAgIGltcHJlc3Npb25fYXJjaGV0eXBlcyB7CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxNAogICAgICBbYWRzLnJlZ2lzdHJhdGlvbl9saWIuQ29tbW9uSW1wcmVzc2lvbkFyY2hldHlwZS5pbXByZXNzaW9uX2FyY2hldHlwZV0gewogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fTU9CSUxFX0JST1dTRVJfQ0xBU1MKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19MSU5FX0lURU1fSUQKICAgICAgfQogICAgfQogICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVzIHsKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDE1CiAgICAgIFthZHMucmVnaXN0cmF0aW9uX2xpYi5Db21tb25JbXByZXNzaW9uQXJjaGV0eXBlLmltcHJlc3Npb25fYXJjaGV0eXBlXSB7CiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9NT0JJTEVfQlJPV1NFUl9DTEFTUwogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0NSRUFUSVZFX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgICAgIH0KICAgIH0KICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlcyB7CiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIFthZHMucmVnaXN0cmF0aW9uX2xpYi5Db21tb25Db252ZXJzaW9uQXJjaGV0eXBlLmNvbnZlcnNpb25fYXJjaGV0eXBlXSB7CiAgICAgICAgY29udmVyc2lvbl9hdHRyaWJ1dGVzOiBDT05WRVJTSU9OX0RJTUVOU0lPTl9DT05WRVJTSU9OX0RBVEUKICAgICAgICBjb252ZXJzaW9uX2F0dHJpYnV0ZXM6IENPTlZFUlNJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQUNUSVZJVFlfSUQKICAgICAgICBjb252ZXJzaW9uX2F0dHJpYnV0ZXM6IENPTlZFUlNJT05fRElNRU5TSU9OX0lTX0JJRERBQkxFCiAgICAgICAgY29udmVyc2lvbl9hdHRyaWJ1dGVzOiBDT05WRVJTSU9OX0RJTUVOU0lPTl9JU19HQ0xJRF9KT0lOQUJMRQogICAgICB9CiAgICB9CiAgICBtYXhfYXR0cmlidXRpb25zX3Blcl9pbXByZXNzaW9uOiAyMAogIH0KICBzdGFydF9kYXRlOiAyMDI0MDkxMQogIGNvbmZpZ19zdGF0dXM6IFNUQVRVU19PSwp9Cg
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
0
x-xss-protection
0
attribution-reporting-register-source
{"aggregation_keys":{"22093308":"0x700f628040032df60000000000000000","22093309":"0xa846b44f550314080000000000000000","22093310":"0xd68b64fb8fcabf660000000000000000","22093311":"0x3e03c2b9b0ca42ce0000000000000000"},"debug_key":"14523462718597467507","debug_reporting":true,"destination":["https://google.com","https://youtube.com","https://google.cn"],"event_report_windows":{"end_times":[86400,345600]},"expiry":"2592000","filter_data":{"14":["4194651"],"21":[],"23":[],"24":[],"25":[],"26":[],"27":[],"28":[],"29":[],"8":["2542116"]},"max_event_level_reports":2,"priority":"0","source_event_id":"8054946592338470036"}
server
cafe
/
www.googleadservices.com/pagead/ar-adview/ Frame 79DE
Redirect Chain
  • https://securepubads.g.doubleclick.net/pagead/adview?ai=CBt6bL7xPZ5PMNO_E0_wP5anBqAa85Mije86f88CIE8Wp66GsPRABIOSEnzxgycapi8Ck2A-gAffKjMgDyAEGqAMBqgSeAk_Q4MyEWVoe-zEkv1kcypdKwUTflh_ZTD7d4c2z4cvcQU7g...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xc55c0bf5329023730000000000000000%22,%222%22:%220x7f3418be2dfbcaa10000000000000000%22,%223%22:%220xf2d4cd...
0
20 B
Image
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220xc55c0bf5329023730000000000000000%22,%222%22:%220x7f3418be2dfbcaa10000000000000000%22,%223%22:%220xf2d4cd301fae2c890000000000000000%22,%224%22:%220x29581c12a95f11700000000000000000%22,%225%22:%220xc71200dbe4567bb40000000000000000%22},%22debug_key%22:%2210396438126020106004%22,%22debug_reporting%22:true,%22destination%22:%22https://youtube.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22956507511%22],%2222%22:[%22true%22],%224%22:[%2212-04%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%227417994710355244993%22}&andc=true
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H3
Server
142.251.111.154 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f154.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
private
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 02:19:28 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 04 Dec 2024 02:19:28 GMT
x-xss-protection
0
attribution-reporting-register-source
{"aggregation_keys":{"1":"0xc55c0bf5329023730000000000000000","2":"0x7f3418be2dfbcaa10000000000000000","3":"0xf2d4cd301fae2c890000000000000000","4":"0x29581c12a95f11700000000000000000","5":"0xc71200dbe4567bb40000000000000000"},"debug_key":"10396438126020106004","debug_reporting":true,"destination":"https://youtube.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["956507511"],"22":["true"],"4":["12-04"],"6":["true"]},"priority":"500","source_event_id":"7417994710355244993"}
content-type
text/css; charset=UTF-8
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0xc55c0bf5329023730000000000000000","2":"0x7f3418be2dfbcaa10000000000000000","3":"0xf2d4cd301fae2c890000000000000000","4":"0x29581c12a95f11700000000000000000","5":"0xc71200dbe4567bb40000000000000000"},"debug_key":"10396438126020106004","debug_reporting":true,"destination":"https://youtube.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["956507511"],"22":["true"],"4":["12-04"],"6":["true"]},"priority":"500","source_event_id":"7417994710355244993"}&andc=true
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 04 Dec 2024 02:19:28 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
cafe
l
www.google.com/ads/measurement/ Frame 79DE
0
0

amp4ads-v0.mjs
cdn.ampproject.org/rtv/012406252034000/ Frame 6F3C
196 KB
0
Script
General
Full URL
https://cdn.ampproject.org/rtv/012406252034000/amp4ads-v0.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
278685d4467e915e1a1ce58a24e15dcdefbd7719acf70a59655361c35f8e273d
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
etag
"ab8c5e684db96b44"
age
16513
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 21:44:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 03 Dec 2024 21:44:15 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
56152
x-xss-protection
0
server
sffe
amp-ad-exit-0.1.mjs
cdn.ampproject.org/rtv/012406252034000/v0/ Frame 6F3C
15 KB
0
Script
General
Full URL
https://cdn.ampproject.org/rtv/012406252034000/v0/amp-ad-exit-0.1.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
fa843245814c185e1139a54052cf819ea23a33ac393d90f3525958116681e8be
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
etag
"de79a6048671db85"
age
16513
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 21:44:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 03 Dec 2024 21:44:15 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
5219
x-xss-protection
0
server
sffe
amp-analytics-0.1.mjs
cdn.ampproject.org/rtv/012406252034000/v0/ Frame 6F3C
95 KB
0
Script
General
Full URL
https://cdn.ampproject.org/rtv/012406252034000/v0/amp-analytics-0.1.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7442d5ba404c482128280bb0416c3d62c8d06868594c1a23892b06df1ee2983a
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
etag
"16a9579aec57c4a5"
age
16513
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 21:44:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 03 Dec 2024 21:44:15 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
29025
x-xss-protection
0
server
sffe
amp-fit-text-0.1.mjs
cdn.ampproject.org/rtv/012406252034000/v0/ Frame 6F3C
5 KB
0
Script
General
Full URL
https://cdn.ampproject.org/rtv/012406252034000/v0/amp-fit-text-0.1.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f4a66f520e5a1676afa712f63b38fec877047301b208e1d2df15fd94d16a2435
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
etag
"b7204740773aee25"
age
16513
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 21:44:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 03 Dec 2024 21:44:15 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
1907
x-xss-protection
0
server
sffe
amp-form-0.1.mjs
cdn.ampproject.org/rtv/012406252034000/v0/ Frame 6F3C
40 KB
0
Script
General
Full URL
https://cdn.ampproject.org/rtv/012406252034000/v0/amp-form-0.1.mjs
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0e284c175ea1cd1866d5d88171f3ca5fcad2b370093f0ae7891c152827a12dd0
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
br
etag
"c65b00eac3dcf073"
age
16513
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 21:44:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Tue, 03 Dec 2024 21:44:15 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
content-length
12949
x-xss-protection
0
server
sffe
css
fonts.googleapis.com/ Frame 6F3C
4 KB
0
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d95ef68aba30eecf80756ae2645af00669c14c2def73eb5d528a5f767e3392d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 02:19:28 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 04 Dec 2024 00:57:45 GMT
x-frame-options
SAMEORIGIN
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
css
fonts.googleapis.com/ Frame 6F3C
4 KB
0
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500&text=
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d95ef68aba30eecf80756ae2645af00669c14c2def73eb5d528a5f767e3392d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 02:19:28 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 04 Dec 2024 01:13:35 GMT
x-frame-options
SAMEORIGIN
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6F3C
2 KB
0
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/en.png
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
public, max-age=86400
timing-allow-origin
*
etag
14819457070020093239
age
49175
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 12:39:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
2502
x-xss-protection
0
date
Tue, 03 Dec 2024 12:39:53 GMT
content-type
image/png
vary
Accept-Encoding
server
cafe
icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 6F3C
295 B
0
Image
General
Full URL
https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c1b::84 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
public, max-age=86400
timing-allow-origin
*
etag
426692510519060060
age
5381
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Thu, 05 Dec 2024 00:49:47 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
295
x-xss-protection
0
date
Wed, 04 Dec 2024 00:49:47 GMT
content-type
image/png
vary
Accept-Encoding
server
cafe
truncated
/ Frame 6F3C
218 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fa0739ffd9bc4ac67899cbb4e46e4f10367677a238132f5bf2319ef0f9bcbe74

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
5068673236956043378
s0.2mdn.net/simgad/ Frame 6F3C
239 KB
239 KB
Image
General
Full URL
https://s0.2mdn.net/simgad/5068673236956043378
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::94 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ea228568c78711e3d8ebbb8a4d6b36c9eb3d5fe6038e2ce69be9be3656b2699c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

age
51551
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 12:00:17 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons
true
date
Tue, 03 Dec 2024 12:00:17 GMT
last-modified
Tue, 19 Nov 2024 10:39:33 GMT
content-type
image/jpeg
cache-control
public, max-age=31536000
timing-allow-origin
*
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
244270
x-xss-protection
0
server
sffe
4423814346864357314
s0.2mdn.net/simgad/ Frame 6F3C
78 KB
78 KB
Image
General
Full URL
https://s0.2mdn.net/simgad/4423814346864357314
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::94 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8c62a50dd1b00bf9f04bf9d58f823fdc7f1d4debb46d1466fee7163d85f6cdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

age
51499
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options
nosniff
expires
Wed, 03 Dec 2025 12:01:09 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
allow-fenced-frame-automatic-beacons
true
date
Tue, 03 Dec 2024 12:01:09 GMT
last-modified
Tue, 19 Nov 2024 10:38:07 GMT
content-type
image/jpeg
cache-control
public, max-age=31536000
timing-allow-origin
*
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
content-length
79509
x-xss-protection
0
server
sffe
attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDkyMDA3ODkKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL3VuaWNlZi5vcmciCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3Jp...
ad.doubleclick.net/ddm/activity/ Frame 6F3C
Redirect Chain
  • https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DqqW6hQPE1xJvxS6HikiO98ppfy9AQSUCQr5bSCh5bubz3bhM2jM5xHRJW62Fv6hqBHQ1Zq7COEUdqt4utzr1vH3d1JZDjv7nWbRKv5LDntZH8dGtHZQs_CTqBbYXYMF8HyX_37nXwetSr...
  • https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDkyMDA3ODkKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL3VuaWNlZi5vcmciCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlv...
0
22 B
Image
General
Full URL
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDkyMDA3ODkKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL3VuaWNlZi5vcmciCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMzAKZXZlbnRfaW1wcmVzc2lvbl9pZDogMTA3MzQzMzcwOTgyMzUyNDY0MzgKZGVidWdfa2V5OiAxMzAwMzk3MjIxODk0NDM3MTQ3MQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjQtMTItMDQiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA5MjAwNzg5CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9NT0JJTEVfQlJPV1NFUl9DTEFTUwogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQwODgzOTI0OQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzk0MzAzNAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyMTk1MzUxMDMwMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDYxMTkxMjUwMAogIH0KfQphcmNoZXR5cGVfaWQ6IDI3ODc5MDk2CmFyY2hldHlwZV9pZDogMjc4NzkwOTcKYXJjaGV0eXBlX2lkOiAyNzg3OTA5OAphcmNoZXR5cGVfaWQ6IDI3ODc5MDk5CmZsb29kbGlnaHRfYWN0aXZpdGllc19mb3JfYmlkZGluZzogOTMxMjg4NwphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vdW5pY2VmLm9yZyIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2FtYXpvbi1hZHN5c3RlbS5jb20iCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly91bmljZWZ1c2Eub3JnIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzgwODExNjMyNjQKZG1hX3Byb2R1Y3RfaWQ6IDEyMjcxNTgzNwp4ZmFfYXR0cmlidXRpb25fYXBpX3R5cGU6IFhGQV9BVFRSSUJVVElPTl9BUElfVFlQRV9XRUIKZWNob19zZXJ2ZXJfYWN0aW9uOiBFQ0hPX1NFUlZFUl9BQ1RJT05fVVNFX0JFU1RfQVZBSUxBQkxFX0FSQQpldmVudF9yZXBvcnRpbmdfd2luZG93cyB7CiAgZW5kX3RpbWVzX3NlY29uZHM6IDg2NDAwCiAgZW5kX3RpbWVzX3NlY29uZHM6IDM0NTYwMAp9Cm1heF9ldmVudF9sZXZlbF9yZXBvcnRzOiAyCmZsb29kbGlnaHRfYXJhX2NvbmZpZ3MgewogIGFyY2hldHlwZXNfY29uZmlnIHsKICAgIGFnZ3JlZ2F0ZV9rZXlfYXJjaGV0eXBlcyB7CiAgICAgIGFyY2hldHlwZV9pZDogMjc4NzkwOTYKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDEyCiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIGNvbnZfbWV0cmljX3R5cGU6IE1FVFJJQ19UWVBFX0NPVU5UCiAgICAgIGFnZ3JlZ2F0ZV9rZXlfbGV2ZWw6IDEKICAgICAgY29udHJpYnV0aW9uX3BlcmNlbnRhZ2U6IDAuMDEKICAgIH0KICAgIGFnZ3JlZ2F0ZV9rZXlfYXJjaGV0eXBlcyB7CiAgICAgIGFyY2hldHlwZV9pZDogMjc4NzkwOTcKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDEzCiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIGNvbnZfbWV0cmljX3R5cGU6IE1FVFJJQ19UWVBFX0NPVU5UCiAgICAgIGFnZ3JlZ2F0ZV9rZXlfbGV2ZWw6IDIKICAgICAgY29udHJpYnV0aW9uX3BlcmNlbnRhZ2U6IDAuMDEKICAgIH0KICAgIGFnZ3JlZ2F0ZV9rZXlfYXJjaGV0eXBlcyB7CiAgICAgIGFyY2hldHlwZV9pZDogMjc4NzkwOTgKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDE0CiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIGNvbnZfbWV0cmljX3R5cGU6IE1FVFJJQ19UWVBFX0NPVU5UCiAgICAgIGFnZ3JlZ2F0ZV9rZXlfbGV2ZWw6IDMKICAgICAgY29udHJpYnV0aW9uX3BlcmNlbnRhZ2U6IDAuMDEKICAgIH0KICAgIGFnZ3JlZ2F0ZV9rZXlfYXJjaGV0eXBlcyB7CiAgICAgIGFyY2hldHlwZV9pZDogMjc4NzkwOTkKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDE1CiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIGNvbnZfbWV0cmljX3R5cGU6IE1FVFJJQ19UWVBFX0NPVU5UCiAgICAgIGFnZ3JlZ2F0ZV9rZXlfbGV2ZWw6IDQKICAgICAgY29udHJpYnV0aW9uX3BlcmNlbnRhZ2U6IDAuOTcKICAgIH0KICAgIGltcHJlc3Npb25fYXJjaGV0eXBlcyB7CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxMgogICAgICBbYWRzLnJlZ2lzdHJhdGlvbl9saWIuQ29tbW9uSW1wcmVzc2lvbkFyY2hldHlwZS5pbXByZXNzaW9uX2FyY2hldHlwZV0gewogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgICAgIH0KICAgIH0KICAgIGltcHJlc3Npb25fYXJjaGV0eXBlcyB7CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxMwogICAgICBbYWRzLnJlZ2lzdHJhdGlvbl9saWIuQ29tbW9uSW1wcmVzc2lvbkFyY2hldHlwZS5pbXByZXNzaW9uX2FyY2hldHlwZV0gewogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fTU9CSUxFX0JST1dTRVJfQ0xBU1MKICAgICAgfQogICAgfQogICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVzIHsKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDE0CiAgICAgIFthZHMucmVnaXN0cmF0aW9uX2xpYi5Db21tb25JbXByZXNzaW9uQXJjaGV0eXBlLmltcHJlc3Npb25fYXJjaGV0eXBlXSB7CiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9NT0JJTEVfQlJPV1NFUl9DTEFTUwogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogICAgICB9CiAgICB9CiAgICBpbXByZXNzaW9uX2FyY2hldHlwZXMgewogICAgICBpbXByZXNzaW9uX2FyY2hldHlwZV9pZDogMTUKICAgICAgW2Fkcy5yZWdpc3RyYXRpb25fbGliLkNvbW1vbkltcHJlc3Npb25BcmNoZXR5cGUuaW1wcmVzc2lvbl9hcmNoZXR5cGVdIHsKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX01PQklMRV9CUk9XU0VSX0NMQVNTCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICAgICAgfQogICAgfQogICAgY29udmVyc2lvbl9hcmNoZXR5cGVzIHsKICAgICAgY29udmVyc2lvbl9hcmNoZXR5cGVfaWQ6IDIKICAgICAgW2Fkcy5yZWdpc3RyYXRpb25fbGliLkNvbW1vbkNvbnZlcnNpb25BcmNoZXR5cGUuY29udmVyc2lvbl9hcmNoZXR5cGVdIHsKICAgICAgICBjb252ZXJzaW9uX2F0dHJpYnV0ZXM6IENPTlZFUlNJT05fRElNRU5TSU9OX0NPTlZFUlNJT05fREFURQogICAgICAgIGNvbnZlcnNpb25fYXR0cmlidXRlczogQ09OVkVSU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9BQ1RJVklUWV9JRAogICAgICAgIGNvbnZlcnNpb25fYXR0cmlidXRlczogQ09OVkVSU0lPTl9ESU1FTlNJT05fSVNfQklEREFCTEUKICAgICAgICBjb252ZXJzaW9uX2F0dHJpYnV0ZXM6IENPTlZFUlNJT05fRElNRU5TSU9OX0lTX0dDTElEX0pPSU5BQkxFCiAgICAgIH0KICAgIH0KICAgIG1heF9hdHRyaWJ1dGlvbnNfcGVyX2ltcHJlc3Npb246IDE3CiAgfQogIHN0YXJ0X2RhdGU6IDIwMjQxMTEzCiAgY29uZmlnX3N0YXR1czogU1RBVFVTX09LCn0K
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H3
Server
64.233.180.149 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
on-in-f149.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 04 Dec 2024 02:19:28 GMT
x-xss-protection
0
attribution-reporting-register-source
{"aggregation_keys":{"27879096":"0x3fbed24f190ee5fe0000000000000000","27879097":"0x6a8de354a02c700c0000000000000000","27879098":"0x13542a460decb7ed0000000000000000","27879099":"0x7234a30c181bb3100000000000000000"},"debug_key":"13003972218944371471","debug_reporting":true,"destination":["https://unicef.org","https://amazon-adsystem.com","https://unicefusa.org"],"event_report_windows":{"end_times":[86400,345600]},"expiry":"2592000","filter_data":{"14":["9312887"],"21":[],"23":[],"24":[],"25":[],"26":[],"27":[],"28":[],"29":[],"8":["9200789"]},"max_event_level_reports":2,"priority":"0","source_event_id":"10734337098235246438"}
content-type
image/png
server
cafe

Redirect headers

x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
text/html; charset=UTF-8
cache-control
no-cache, must-revalidate
timing-allow-origin
*
location
https://ad.doubleclick.net/ddm/activity/attribution_src_register;crd=Zmxvb2RsaWdodF9jb25maWdfaWQ6IDkyMDA3ODkKYWR2ZXJ0aXNlcl9kb21haW46ICJodHRwczovL3VuaWNlZi5vcmciCnhmYV9hdHRyaWJ1dGlvbl9pbnRlcmFjdGlvbl90eXBlOiBWSUVXCmltcHJlc3Npb25fcHJpb3JpdHk6IDAKaW1wcmVzc2lvbl9leHBpcnlfaW5fZGF5czogMzAKZXZlbnRfaW1wcmVzc2lvbl9pZDogMTA3MzQzMzcwOTgyMzUyNDY0MzgKZGVidWdfa2V5OiAxMzAwMzk3MjIxODk0NDM3MTQ3MQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDIKICB9Cn0KaW1wcmVzc2lvbl9tZWFzdXJlbWVudF9kaW1lbnNpb25zX2RhdGEgewogIG1lYXN1cmVtZW50X2RpbWVuc2lvbjogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIjIwMjQtMTItMDQiCiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiA5MjAwNzg5CiAgfQp9CmltcHJlc3Npb25fbWVhc3VyZW1lbnRfZGltZW5zaW9uc19kYXRhIHsKICBtZWFzdXJlbWVudF9kaW1lbnNpb246IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9NT0JJTEVfQlJPV1NFUl9DTEFTUwogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMwogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9RVUVSWV9DT1VOVFJZCiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIHN0cmluZ192YWx1ZTogIlVTIgogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QTEFDRU1FTlRfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDQwODgzOTI0OQogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogIG1lYXN1cmVtZW50X2RpbWVuc2lvbl92YWx1ZSB7CiAgICBpbnQ2NF92YWx1ZTogMzk0MzAzNAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uX3ZhbHVlIHsKICAgIGludDY0X3ZhbHVlOiAyMTk1MzUxMDMwMAogIH0KfQppbXByZXNzaW9uX21lYXN1cmVtZW50X2RpbWVuc2lvbnNfZGF0YSB7CiAgbWVhc3VyZW1lbnRfZGltZW5zaW9uOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICBtZWFzdXJlbWVudF9kaW1lbnNpb25fdmFsdWUgewogICAgaW50NjRfdmFsdWU6IDYxMTkxMjUwMAogIH0KfQphcmNoZXR5cGVfaWQ6IDI3ODc5MDk2CmFyY2hldHlwZV9pZDogMjc4NzkwOTcKYXJjaGV0eXBlX2lkOiAyNzg3OTA5OAphcmNoZXR5cGVfaWQ6IDI3ODc5MDk5CmZsb29kbGlnaHRfYWN0aXZpdGllc19mb3JfYmlkZGluZzogOTMxMjg4NwphZHZlcnRpc2VyX2NvbnZlcnNpb25fZG9tYWluczogImh0dHBzOi8vdW5pY2VmLm9yZyIKYWR2ZXJ0aXNlcl9jb252ZXJzaW9uX2RvbWFpbnM6ICJodHRwczovL2FtYXpvbi1hZHN5c3RlbS5jb20iCmFkdmVydGlzZXJfY29udmVyc2lvbl9kb21haW5zOiAiaHR0cHM6Ly91bmljZWZ1c2Eub3JnIgppbXByZXNzaW9uX2V2ZW50X3JlcG9ydGluZ193aW5kb3dfZGF5czogNApicm93c2VyX2F0dHJpYnV0aW9uX2FwaV9yZXF1ZXN0X3Byb2Nlc3NpbmdfYml0czogNzgwODExNjMyNjQKZG1hX3Byb2R1Y3RfaWQ6IDEyMjcxNTgzNwp4ZmFfYXR0cmlidXRpb25fYXBpX3R5cGU6IFhGQV9BVFRSSUJVVElPTl9BUElfVFlQRV9XRUIKZWNob19zZXJ2ZXJfYWN0aW9uOiBFQ0hPX1NFUlZFUl9BQ1RJT05fVVNFX0JFU1RfQVZBSUxBQkxFX0FSQQpldmVudF9yZXBvcnRpbmdfd2luZG93cyB7CiAgZW5kX3RpbWVzX3NlY29uZHM6IDg2NDAwCiAgZW5kX3RpbWVzX3NlY29uZHM6IDM0NTYwMAp9Cm1heF9ldmVudF9sZXZlbF9yZXBvcnRzOiAyCmZsb29kbGlnaHRfYXJhX2NvbmZpZ3MgewogIGFyY2hldHlwZXNfY29uZmlnIHsKICAgIGFnZ3JlZ2F0ZV9rZXlfYXJjaGV0eXBlcyB7CiAgICAgIGFyY2hldHlwZV9pZDogMjc4NzkwOTYKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDEyCiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIGNvbnZfbWV0cmljX3R5cGU6IE1FVFJJQ19UWVBFX0NPVU5UCiAgICAgIGFnZ3JlZ2F0ZV9rZXlfbGV2ZWw6IDEKICAgICAgY29udHJpYnV0aW9uX3BlcmNlbnRhZ2U6IDAuMDEKICAgIH0KICAgIGFnZ3JlZ2F0ZV9rZXlfYXJjaGV0eXBlcyB7CiAgICAgIGFyY2hldHlwZV9pZDogMjc4NzkwOTcKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDEzCiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIGNvbnZfbWV0cmljX3R5cGU6IE1FVFJJQ19UWVBFX0NPVU5UCiAgICAgIGFnZ3JlZ2F0ZV9rZXlfbGV2ZWw6IDIKICAgICAgY29udHJpYnV0aW9uX3BlcmNlbnRhZ2U6IDAuMDEKICAgIH0KICAgIGFnZ3JlZ2F0ZV9rZXlfYXJjaGV0eXBlcyB7CiAgICAgIGFyY2hldHlwZV9pZDogMjc4NzkwOTgKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDE0CiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIGNvbnZfbWV0cmljX3R5cGU6IE1FVFJJQ19UWVBFX0NPVU5UCiAgICAgIGFnZ3JlZ2F0ZV9rZXlfbGV2ZWw6IDMKICAgICAgY29udHJpYnV0aW9uX3BlcmNlbnRhZ2U6IDAuMDEKICAgIH0KICAgIGFnZ3JlZ2F0ZV9rZXlfYXJjaGV0eXBlcyB7CiAgICAgIGFyY2hldHlwZV9pZDogMjc4NzkwOTkKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDE1CiAgICAgIGNvbnZlcnNpb25fYXJjaGV0eXBlX2lkOiAyCiAgICAgIGNvbnZfbWV0cmljX3R5cGU6IE1FVFJJQ19UWVBFX0NPVU5UCiAgICAgIGFnZ3JlZ2F0ZV9rZXlfbGV2ZWw6IDQKICAgICAgY29udHJpYnV0aW9uX3BlcmNlbnRhZ2U6IDAuOTcKICAgIH0KICAgIGltcHJlc3Npb25fYXJjaGV0eXBlcyB7CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxMgogICAgICBbYWRzLnJlZ2lzdHJhdGlvbl9saWIuQ29tbW9uSW1wcmVzc2lvbkFyY2hldHlwZS5pbXByZXNzaW9uX2FyY2hldHlwZV0gewogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgICAgIH0KICAgIH0KICAgIGltcHJlc3Npb25fYXJjaGV0eXBlcyB7CiAgICAgIGltcHJlc3Npb25fYXJjaGV0eXBlX2lkOiAxMwogICAgICBbYWRzLnJlZ2lzdHJhdGlvbl9saWIuQ29tbW9uSW1wcmVzc2lvbkFyY2hldHlwZS5pbXByZXNzaW9uX2FyY2hldHlwZV0gewogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fUFJPRFVDVF9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9UWVBFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9JTlRFUkFDVElPTl9EQVRFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9GTE9PRExJR0hUX0NPTkZJR19JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fQ09SRV9QTEFURk9STV9TRVJWSUNFCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQURWRVJUSVNFUl9JRAogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fTU9CSUxFX0JST1dTRVJfQ0xBU1MKICAgICAgfQogICAgfQogICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVzIHsKICAgICAgaW1wcmVzc2lvbl9hcmNoZXR5cGVfaWQ6IDE0CiAgICAgIFthZHMucmVnaXN0cmF0aW9uX2xpYi5Db21tb25JbXByZXNzaW9uQXJjaGV0eXBlLmltcHJlc3Npb25fYXJjaGV0eXBlXSB7CiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9QUk9EVUNUX1RZUEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX1RZUEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0lOVEVSQUNUSU9OX0RBVEUKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0ZMT09ETElHSFRfQ09ORklHX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9DT1JFX1BMQVRGT1JNX1NFUlZJQ0UKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0RWM19BRFZFUlRJU0VSX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9NT0JJTEVfQlJPV1NFUl9DTEFTUwogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0xJTkVfSVRFTV9JRAogICAgICB9CiAgICB9CiAgICBpbXByZXNzaW9uX2FyY2hldHlwZXMgewogICAgICBpbXByZXNzaW9uX2FyY2hldHlwZV9pZDogMTUKICAgICAgW2Fkcy5yZWdpc3RyYXRpb25fbGliLkNvbW1vbkltcHJlc3Npb25BcmNoZXR5cGUuaW1wcmVzc2lvbl9hcmNoZXR5cGVdIHsKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX1BST0RVQ1RfVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fVFlQRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fSU5URVJBQ1RJT05fREFURQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9DT05GSUdfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX0NPUkVfUExBVEZPUk1fU0VSVklDRQogICAgICAgIGltcHJlc3Npb25fYXR0cmlidXRlczogSU1QUkVTU0lPTl9ESU1FTlNJT05fRFYzX0FEVkVSVElTRVJfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX01PQklMRV9CUk9XU0VSX0NMQVNTCiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfTElORV9JVEVNX0lECiAgICAgICAgaW1wcmVzc2lvbl9hdHRyaWJ1dGVzOiBJTVBSRVNTSU9OX0RJTUVOU0lPTl9EVjNfQ1JFQVRJVkVfSUQKICAgICAgICBpbXByZXNzaW9uX2F0dHJpYnV0ZXM6IElNUFJFU1NJT05fRElNRU5TSU9OX1FVRVJZX0NPVU5UUlkKICAgICAgfQogICAgfQogICAgY29udmVyc2lvbl9hcmNoZXR5cGVzIHsKICAgICAgY29udmVyc2lvbl9hcmNoZXR5cGVfaWQ6IDIKICAgICAgW2Fkcy5yZWdpc3RyYXRpb25fbGliLkNvbW1vbkNvbnZlcnNpb25BcmNoZXR5cGUuY29udmVyc2lvbl9hcmNoZXR5cGVdIHsKICAgICAgICBjb252ZXJzaW9uX2F0dHJpYnV0ZXM6IENPTlZFUlNJT05fRElNRU5TSU9OX0NPTlZFUlNJT05fREFURQogICAgICAgIGNvbnZlcnNpb25fYXR0cmlidXRlczogQ09OVkVSU0lPTl9ESU1FTlNJT05fRkxPT0RMSUdIVF9BQ1RJVklUWV9JRAogICAgICAgIGNvbnZlcnNpb25fYXR0cmlidXRlczogQ09OVkVSU0lPTl9ESU1FTlNJT05fSVNfQklEREFCTEUKICAgICAgICBjb252ZXJzaW9uX2F0dHJpYnV0ZXM6IENPTlZFUlNJT05fRElNRU5TSU9OX0lTX0dDTElEX0pPSU5BQkxFCiAgICAgIH0KICAgIH0KICAgIG1heF9hdHRyaWJ1dGlvbnNfcGVyX2ltcHJlc3Npb246IDE3CiAgfQogIHN0YXJ0X2RhdGU6IDIwMjQxMTEzCiAgY29uZmlnX3N0YXR1czogU1RBVFVTX09LCn0K
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
0
x-xss-protection
0
attribution-reporting-register-source
{"aggregation_keys":{"27879096":"0x3fbed24f190ee5fe0000000000000000","27879097":"0x6a8de354a02c700c0000000000000000","27879098":"0x13542a460decb7ed0000000000000000","27879099":"0x7234a30c181bb3100000000000000000"},"debug_key":"13003972218944371471","debug_reporting":true,"destination":["https://unicef.org","https://amazon-adsystem.com","https://unicefusa.org"],"event_report_windows":{"end_times":[86400,345600]},"expiry":"2592000","filter_data":{"14":["9312887"],"21":[],"23":[],"24":[],"25":[],"26":[],"27":[],"28":[],"29":[],"8":["9200789"]},"max_event_level_reports":2,"priority":"0","source_event_id":"10734337098235246438"}
server
cafe
/
www.googleadservices.com/pagead/ar-adview/ Frame 6F3C
Redirect Chain
  • https://securepubads.g.doubleclick.net/pagead/adview?ai=C7pWJL7xPZ5TMNO_E0_wP5anBqAbOuc_ee-Wb1oyfE4PJhPaRRRABIOSEnzxgycapi8Ck2A-gAZjg_usCyAEGqAMBqgSwAk_QkKo3XSAjnH77eX8OIb0w7DqKL_kHabTnQkGiMRbg1fWj...
  • https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x6d219e1d898d6fe50000000000000000%22,%222%22:%220xec60c70fff3d1f6b0000000000000000%22,%223%22:%220x1361d7...
0
20 B
Image
General
Full URL
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22aggregation_keys%22:{%221%22:%220x6d219e1d898d6fe50000000000000000%22,%222%22:%220xec60c70fff3d1f6b0000000000000000%22,%223%22:%220x1361d719e96e22d50000000000000000%22,%224%22:%220x4b0f8fa667b5dcfc0000000000000000%22,%225%22:%220x3f3b1b59e1cd33da0000000000000000%22},%22debug_key%22:%224443430997211749726%22,%22debug_reporting%22:true,%22destination%22:%22https://unicefusa.org%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22763342872%22],%2222%22:[%22true%22],%224%22:[%2212-04%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2210268838874624102097%22}&andc=true
Requested by
Host: winteriscoming.net
URL: https://winteriscoming.net/
Protocol
H3
Server
142.251.111.154 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
bk-in-f154.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
private
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 02:19:28 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Wed, 04 Dec 2024 02:19:28 GMT
x-xss-protection
0
attribution-reporting-register-source
{"aggregation_keys":{"1":"0x6d219e1d898d6fe50000000000000000","2":"0xec60c70fff3d1f6b0000000000000000","3":"0x1361d719e96e22d50000000000000000","4":"0x4b0f8fa667b5dcfc0000000000000000","5":"0x3f3b1b59e1cd33da0000000000000000"},"debug_key":"4443430997211749726","debug_reporting":true,"destination":"https://unicefusa.org","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["763342872"],"22":["true"],"4":["12-04"],"6":["true"]},"priority":"500","source_event_id":"10268838874624102097"}
content-type
text/css; charset=UTF-8
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
location
https://www.googleadservices.com/pagead/ar-adview/?nrh={"aggregation_keys":{"1":"0x6d219e1d898d6fe50000000000000000","2":"0xec60c70fff3d1f6b0000000000000000","3":"0x1361d719e96e22d50000000000000000","4":"0x4b0f8fa667b5dcfc0000000000000000","5":"0x3f3b1b59e1cd33da0000000000000000"},"debug_key":"4443430997211749726","debug_reporting":true,"destination":"https://unicefusa.org","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["763342872"],"22":["true"],"4":["12-04"],"6":["true"]},"priority":"500","source_event_id":"10268838874624102097"}&andc=true
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Wed, 04 Dec 2024 02:19:28 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
cafe
l
www.google.com/ads/measurement/ Frame 6F3C
0
0

nav_menu_helper_1733132850231.js
cdn.userway.org/widgetapp/2024-12-02-09-47-30/remediation/
23 KB
7 KB
Script
General
Full URL
https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/remediation/nav_menu_helper_1733132850231.js
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::55 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
48eef7fe61a3e2c7c88ac1c6a263bd851b6a05363607e52fd2be4e4472d42255

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://winteriscoming.net
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"d5babf1f477d0f7bf4044b0693b956d9"
age
232
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, POST, DELETE
x-amz-cf-id
53_e6Enf_XEn3SZibtA4mW-BR2FJz4-2_gH8sDGypqaa43MDT5yCsQ==
date
Wed, 04 Dec 2024 02:19:28 GMT
content-type
application/javascript
last-modified
Mon, 02 Dec 2024 09:51:11 GMT
vary
Accept-Encoding
x-77-nzt-ray
ce37a619a3077c3830bc4f67686d432b
x-77-nzt
EgwBWbuxGAH3kzcCAAwBnJI74gG3HQAAAA
cache-control
max-age=25920000, public
via
1.1 f6acfb143216fabf7be9b3a603a486ae.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
145299
x-amz-cf-pop
JFK50-P7
server
CDN77-Turbo
x-amz-server-side-encryption
AES256
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ Frame 79DE
18 KB
0
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,600,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://winteriscoming.net
Referer
https://fonts.googleapis.com/

Response headers

age
306092
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sun, 30 Nov 2025 13:17:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 30 Nov 2024 13:17:53 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ Frame 79DE
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://winteriscoming.net
Referer
https://fonts.googleapis.com/

Response headers

age
112298
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Tue, 02 Dec 2025 19:07:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 02 Dec 2024 19:07:50 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18588
x-xss-protection
0
server
sffe
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/ Frame 6F3C
18 KB
0
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,600,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://winteriscoming.net
Referer
https://fonts.googleapis.com/

Response headers

age
306092
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sun, 30 Nov 2025 13:17:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 30 Nov 2024 13:17:53 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ Frame 6F3C
18 KB
0
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&lang=en
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://winteriscoming.net
Referer
https://fonts.googleapis.com/

Response headers

age
112298
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Tue, 02 Dec 2025 19:07:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 02 Dec 2024 19:07:50 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18588
x-xss-protection
0
server
sffe
init
gw.geoedge.be/api/ Frame F4D7
0
0
Fetch
General
Full URL
https://gw.geoedge.be/api/init
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f9:d000:10:43f:4340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
Accept-Language
gzip
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

via
1.1 5384957d0da33dc98fe1cbf6f1c100bc.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
lw6EI8tUkabL4gZN12AKZ0D1cV0lt4RWJOfOaCPADLHm0a0a0o475w==
date
Wed, 04 Dec 2024 02:19:28 GMT
x-amz-cf-pop
JFK52-P10
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ Frame 79DE
18 KB
0
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&text=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://winteriscoming.net
Referer
https://fonts.googleapis.com/

Response headers

age
112298
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Tue, 02 Dec 2025 19:07:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 02 Dec 2024 19:07:50 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18588
x-xss-protection
0
server
sffe
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v32/ Frame 6F3C
18 KB
0
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500&text=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c0b::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://winteriscoming.net
Referer
https://fonts.googleapis.com/

Response headers

age
112298
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Tue, 02 Dec 2025 19:07:50 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 02 Dec 2024 19:07:50 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18588
x-xss-protection
0
server
sffe
init
gw.geoedge.be/api/ Frame F4D7
0
0
Fetch
General
Full URL
https://gw.geoedge.be/api/init
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f9:d000:10:43f:4340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
Accept-Language
gzip
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

via
1.1 5384957d0da33dc98fe1cbf6f1c100bc.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
content-length
0
x-amz-cf-id
kVbpG57yICvy23IkJKNtYhOZDbVi27os9MFkK8Y2AZRLpazuvGHYXw==
date
Wed, 04 Dec 2024 02:19:28 GMT
x-amz-cf-pop
JFK52-P10
popup.html
rumcdn.geoedge.be/rbu/
41 KB
22 KB
Fetch
General
Full URL
https://rumcdn.geoedge.be/rbu/popup.html
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:a400:4:b37b:9440:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
902bdb118f04fb4e468380dab15eba50248ac3a81e5dc5065da2dc67036bd0f6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-expose-headers
Access-Control-Allow-Origin
content-encoding
br
x-amz-version-id
tc0_jqkY6WtICZ6Pb218cVek8mjd8FoV
etag
W/"ed7669f4b320b77a459f4f15cff48025"
age
3220
access-control-allow-methods
GET
x-cache
Hit from cloudfront
x-amz-cf-id
pS2l53wTDzKJgQIsTdTgRRR3BAfzkRyk27soidqabz4bXCad8-fNQg==
date
Wed, 04 Dec 2024 01:25:48 GMT
content-type
text/html
vary
accept-encoding
last-modified
Tue, 15 Oct 2024 13:44:59 GMT
via
1.1 079cd4553da15b2329bffae6abe6157e.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
JFK50-P6
server
AmazonS3
x-amz-server-side-encryption
AES256
truncated
/ Frame 79DE
374 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d7c26fcb00fc4f21f1fef7c31d7b2eb0566a15a8178bc570fe125dcb3f441b06

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ Frame 6F3C
374 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d7c26fcb00fc4f21f1fef7c31d7b2eb0566a15a8178bc570fe125dcb3f441b06

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
si
googleads.g.doubleclick.net/pagead/drt/ Frame 6F3C
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
0

si
googleads.g.doubleclick.net/pagead/drt/ Frame 79DE
Redirect Chain
  • https://www.google.com/pagead/drt/ui
  • https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
0
0

sodar
ep1.adtrafficquality.google/pagead/
0
0

css2
fonts.googleapis.com/
7 KB
769 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700&display=swap
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
71cfdae69236a935151761b96b4f46b54f95be14372112e9b5c398eb87db1b3a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 04 Dec 2024 02:19:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:29 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Wed, 04 Dec 2024 01:16:55 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
truncated
/
19 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
52c854815f543b120f9314bf012a95ff9902edef46b232928855005edd9cf67c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
alts.json
cdn77.api.userway.org/api/img-dscr/v2/p0xG3SZhEr/3505957/RC99icw8fUXISta2/ Frame
0
0
Preflight
General
Full URL
https://cdn77.api.userway.org/api/img-dscr/v2/p0xG3SZhEr/3505957/RC99icw8fUXISta2/alts.json?dto=%7B%22sorted%22%3A%5B%7B%22src%22%3A%22https%3A%2F%2Fimages2.minutemediacdn.com%2Fimage%2Fupload%2Fc_crop%2Cw_1920%2Ch_1080%2Cx_0%2Cy_0%2Fc_fill%2Cw_360%2Car_16%3A9%2Cf_auto%2Cq_auto%2Cg_auto%2Fimages%252FImageExchange%252Fmmsport%252F385%252F01jd053488ps5cetfdwd.jpg%22%2C%22alt%22%3A%22Photograph%20by%20Liam%20Daniel%2F%20HBO%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fimages2.minutemediacdn.com%2Fimage%2Fupload%2Fc_crop%2Cw_1920%2Ch_1080%2Cx_0%2Cy_77%2Fc_fill%2Cw_360%2Car_16%3A9%2Cf_auto%2Cq_auto%2Cg_auto%2Fimages%252FImageExchange%252Fmmsport%252F385%252F01jdpzh9azk7tzd3r47v.jpg%22%2C%22alt%22%3A%22Ser%20Harrold%20Westerling%20(Graham%20McTavish)%20in%20House%20of%20the%20Dragon%20season%201.%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fimages2.minutemediacdn.com%2Fimage%2Fupload%2Fc_crop%2Cw_1920%2Ch_1080%2Cx_0%2Cy_96%2Fc_fill%2Cw_360%2Car_16%3A9%2Cf_auto%2Cq_auto%2Cg_auto%2Fimages%252FImageExchange%252Fmmsport%252F385%252F01jdqvs86f7xn3jy7men.jpg%22%2C%22alt%22%3A%22House%20of%20the%20Dragon%20Episode%209%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fimages2.minutemediacdn.com%2Fimage%2Fupload%2Fc_crop%2Cw_2821%2Ch_1586%2Cx_0%2Cy_155%2Fc_fill%2Cw_360%2Car_16%3A9%2Cf_auto%2Cq_auto%2Cg_auto%2Fimages%252FImageExchange%252Fmmsport%252F385%252F01jdqvwg3dtfmgfbq0tf.jpg%22%2C%22alt%22%3A%22NohJu%20Han%2FNetflix%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fimages2.minutemediacdn.com%2Fimage%2Fupload%2Fc_crop%2Cw_7952%2Ch_4473%2Cx_0%2Cy_240%2Fc_fill%2Cw_720%2Car_16%3A9%2Cf_auto%2Cq_auto%2Cg_auto%2Fimages%252FImageExchange%252Fmmsport%252F385%252F01je72d6f6rwkj36ywye.jpg%22%2C%22alt%22%3A%22Cynthia%20Erivo%20is%20Elphaba%20in%20WICKED%2C%20directed%20by%20Jon%20M.%20Chu%22%2C%22dir%22%3A%22RO%22%7D%5D%2C%22tier%22%3A%22PAID_QUOTA_TIER%22%2C%22pageUrl%22%3A%22https%3A%2F%2Fwinteriscoming.net%2F%22%7D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::53 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://winteriscoming.net
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-origin
*
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
access-control-max-age
3000
cache-control
max-age=604800
date
Wed, 04 Dec 2024 02:19:29 GMT
server
CDN77-Turbo
x-77-cache
MISS
x-77-nzt
EggBT3/OzgAACAGckjvfAAA
x-77-nzt-ray
8705ec34348fc2bf31bc4f67c520e811
x-77-pop
newyorkUSNY
x-service-version
img-dscr-srv-a1be253c
alts.json
cdn77.api.userway.org/api/img-dscr/v2/p0xG3SZhEr/3505957/RC99icw8fUXISta2/
2 KB
912 B
Fetch
General
Full URL
https://cdn77.api.userway.org/api/img-dscr/v2/p0xG3SZhEr/3505957/RC99icw8fUXISta2/alts.json?dto=%7B%22sorted%22%3A%5B%7B%22src%22%3A%22https%3A%2F%2Fimages2.minutemediacdn.com%2Fimage%2Fupload%2Fc_crop%2Cw_1920%2Ch_1080%2Cx_0%2Cy_0%2Fc_fill%2Cw_360%2Car_16%3A9%2Cf_auto%2Cq_auto%2Cg_auto%2Fimages%252FImageExchange%252Fmmsport%252F385%252F01jd053488ps5cetfdwd.jpg%22%2C%22alt%22%3A%22Photograph%20by%20Liam%20Daniel%2F%20HBO%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fimages2.minutemediacdn.com%2Fimage%2Fupload%2Fc_crop%2Cw_1920%2Ch_1080%2Cx_0%2Cy_77%2Fc_fill%2Cw_360%2Car_16%3A9%2Cf_auto%2Cq_auto%2Cg_auto%2Fimages%252FImageExchange%252Fmmsport%252F385%252F01jdpzh9azk7tzd3r47v.jpg%22%2C%22alt%22%3A%22Ser%20Harrold%20Westerling%20(Graham%20McTavish)%20in%20House%20of%20the%20Dragon%20season%201.%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fimages2.minutemediacdn.com%2Fimage%2Fupload%2Fc_crop%2Cw_1920%2Ch_1080%2Cx_0%2Cy_96%2Fc_fill%2Cw_360%2Car_16%3A9%2Cf_auto%2Cq_auto%2Cg_auto%2Fimages%252FImageExchange%252Fmmsport%252F385%252F01jdqvs86f7xn3jy7men.jpg%22%2C%22alt%22%3A%22House%20of%20the%20Dragon%20Episode%209%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fimages2.minutemediacdn.com%2Fimage%2Fupload%2Fc_crop%2Cw_2821%2Ch_1586%2Cx_0%2Cy_155%2Fc_fill%2Cw_360%2Car_16%3A9%2Cf_auto%2Cq_auto%2Cg_auto%2Fimages%252FImageExchange%252Fmmsport%252F385%252F01jdqvwg3dtfmgfbq0tf.jpg%22%2C%22alt%22%3A%22NohJu%20Han%2FNetflix%22%2C%22dir%22%3A%22RO%22%7D%2C%7B%22src%22%3A%22https%3A%2F%2Fimages2.minutemediacdn.com%2Fimage%2Fupload%2Fc_crop%2Cw_7952%2Ch_4473%2Cx_0%2Cy_240%2Fc_fill%2Cw_720%2Car_16%3A9%2Cf_auto%2Cq_auto%2Cg_auto%2Fimages%252FImageExchange%252Fmmsport%252F385%252F01je72d6f6rwkj36ywye.jpg%22%2C%22alt%22%3A%22Cynthia%20Erivo%20is%20Elphaba%20in%20WICKED%2C%20directed%20by%20Jon%20M.%20Chu%22%2C%22dir%22%3A%22RO%22%7D%5D%2C%22tier%22%3A%22PAID_QUOTA_TIER%22%2C%22pageUrl%22%3A%22https%3A%2F%2Fwinteriscoming.net%2F%22%7D
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/remediation/2024-12-02-09-47-30/paid/remediation-tool.js?ts=1733132850231
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:6ea0:c400::53 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software
CDN77-Turbo /
Resource Hash
25b4a4d0779f65ca6db3d105e84d12afa3a6ec485c085594c6531c081923259e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
content-encoding
gzip
etag
W/"646-D0GUMAsY+wLr0YAKq9HEDJ8ZqzM"
x-77-cache
HIT
access-control-allow-methods
GET, HEAD, PUT, PATCH, POST, DELETE
date
Wed, 04 Dec 2024 02:19:29 GMT
content-type
application/json; charset=utf-8
x-77-nzt-ray
8705ec34348fc2bf31bc4f673593d020
vary
Accept-Encoding
access-control-allow-headers
*
x-77-nzt
EggBT3/OzgFBDAGckjvfAbdnSgAA
cache-control
max-age=604800
access-control-allow-origin
*
x-77-pop
newyorkUSNY
x-77-age
19047
x-service-version
img-dscr-srv-a1be253c
server
CDN77-Turbo
ats.js
ats-wrapper.privacymanager.io/ats-modules/c77a7cdd-fb29-4ac0-bc41-84011afce9b3/
186 KB
60 KB
Script
General
Full URL
https://ats-wrapper.privacymanager.io/ats-modules/c77a7cdd-fb29-4ac0-bc41-84011afce9b3/ats.js
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.91.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-91-61.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
30de3246206b38b390d4d119eb5377bbae3a5110606d11e4a4e60ca4881884cd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

vary
accept-encoding
cache-control
must-revalidate,public,max-age=3600
content-encoding
gzip
x-amz-version-id
._rYFdFPum1CJzYnmF0MGDx1OkmFaaiR
etag
W/"2c9f87c24b729cf79e18c4d6c27c488b"
age
1570
via
1.1 913d5c5c16f161b143b54784c7f6d4be.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
-NOsYdNVY-H6WaDj9tRQw4SCAhsfubOLez2by8dvNrr3BmqHkKWq6g==
date
Wed, 04 Dec 2024 01:53:20 GMT
content-type
application/javascript
last-modified
Tue, 10 Sep 2024 21:11:44 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P9
x-amz-server-side-encryption
AES256
/
geo.privacymanager.io/
30 B
626 B
Fetch
General
Full URL
https://geo.privacymanager.io/
Requested by
Host: ats-wrapper.privacymanager.io
URL: https://ats-wrapper.privacymanager.io/ats-modules/c77a7cdd-fb29-4ac0-bc41-84011afce9b3/ats.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-52.ewr53.r.cloudfront.net
Software
/
Resource Hash
8f8ba42d03a7c5a04626835a48b8212f61a3440e51d66b4b866a8d20acf32f57

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

x-amz-apigw-id
CNeVJEiajoEEt-A=
age
56951
x-amzn-trace-id
Root=1-674eddba-771d338b44bc29e35ce19652;Parent=2f47a76cb199eb6a;Sampled=0;Lineage=1:06620786:0
access-control-allow-methods
DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
x-amzn-requestid
d1ae6537-c701-4714-bab7-03e960aaa4e7
via
1.1 7eec4b899788ee4df5c41267e91dcf8a.cloudfront.net (CloudFront), 1.1 99b519fb7ca87e7fd6040aacb1160452.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Hit from cloudfront
content-length
30
x-amz-cf-id
xTWd2X_6G3e0a-wV0dgesNz703eaJTUeLXI-_5wYBkClUL1lPjK_Cg==
date
Tue, 03 Dec 2024 10:30:18 GMT
content-type
application/json
x-amz-cf-pop
IAD61-P2, EWR53-P1
access-control-allow-headers
Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token
publishertag.prebid.144.js
static.criteo.net/js/ld/
96 KB
31 KB
Script
General
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"653b5c0e-1811e"
cross-origin-resource-policy
cross-origin
expires
Thu, 05 Dec 2024 02:19:29 GMT
access-control-allow-origin
*
date
Wed, 04 Dec 2024 02:19:29 GMT
content-type
text/javascript
last-modified
Fri, 27 Oct 2023 06:43:26 GMT
server
nginx
syncframe
gum.criteo.com/ Frame ADF9
0
0
Document
General
Full URL
https://gum.criteo.com/syncframe?origin=publishertag&topUrl=winteriscoming.net&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: rumcdn.geoedge.be
URL: https://rumcdn.geoedge.be/88548f72-daef-4151-a115-1c124613fd1e/grumi-ip.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 04 Dec 2024 02:19:29 GMT
server
Kestrel
server-processing-duration-in-ticks
840939
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
x-robots-tag
noindex
publishertag.prebid.144.js
static.criteo.net/js/ld/
96 KB
0
XHR
General
Full URL
https://static.criteo.net/js/ld/publishertag.prebid.144.js
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.144.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::4 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
nginx /
Resource Hash
66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
max-age=86400, public
timing-allow-origin
*
content-encoding
gzip
etag
W/"653b5c0e-1811e"
cross-origin-resource-policy
cross-origin
expires
Thu, 05 Dec 2024 02:19:29 GMT
access-control-allow-origin
*
date
Wed, 04 Dec 2024 02:19:29 GMT
content-type
text/javascript
last-modified
Fri, 27 Oct 2023 06:43:26 GMT
server
nginx
/
stats.bqstreamer.com/
2 B
463 B
Ping
General
Full URL
https://stats.bqstreamer.com/
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/mz-delivery.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::ac43:4728 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
86400
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=27P2rPy4ZduxT8Ni%2FmO53dwg2xKDl4CxwVac7pEV0jA%2BSvAy1VIyw5R3RU1sMGemVxDBbOz2rzR9D0cQ%2FqlKoK1XUv1i7XU4kDdl0yV8iBv6P2XpeDEq3xDLw4fcQJg5ltjaeSd5R2F%2BnS%2FgYtjGxA2t"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, OPTIONS
cf-ray
8ec84fd569ba18f2-EWR
access-control-allow-origin
*
server-timing
cfL4;desc="?proto=TCP&rtt=15591&min_rtt=8211&rtt_var=3742&sent=37&recv=48&lost=0&retrans=0&sent_bytes=6276&recv_bytes=27978&delivery_rate=471981&cwnd=257&unsent_bytes=0&cid=5123d079dbb7b049&ts=3388&x=0"
content-length
2
date
Wed, 04 Dec 2024 02:19:29 GMT
content-type
text/plain;charset=UTF-8
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
*
3505957
api.userway.org/api/br-links/v0/contribute/
51 B
429 B
Fetch
General
Full URL
https://api.userway.org/api/br-links/v0/contribute/3505957
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/remediation/2024-12-02-09-47-30/paid/remediation-tool.js?ts=1733132850231
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f14:5db:eb11:dea0:25ab:db84:d7cf Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a371978536745668f9c16dcbdbf0d5ca436d146906664dcc0529f16d70567fdf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
cache-control
no-cache, no-store, must-revalidate
etag
W/"33-H+KjAZZBE0PpJIInQTjCoPBRoaQ"
access-control-allow-methods
GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-origin
*
content-length
51
date
Wed, 04 Dec 2024 02:19:29 GMT
content-type
application/json; charset=utf-8
x-service-version
apps-5b4b97f5
vary
Accept-Encoding
access-control-allow-headers
*
3505957
api.userway.org/api/br-links/v0/links/
2 KB
1 KB
Fetch
General
Full URL
https://api.userway.org/api/br-links/v0/links/3505957
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/remediation/2024-12-02-09-47-30/paid/remediation-tool.js?ts=1733132850231
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f14:5db:eb11:dea0:25ab:db84:d7cf Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
4887540e1cc0b9ade4e6aed399e36834c6f9a406fae336f94f1cabdbdc7019ce

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
cache-control
max-age=300, public
content-encoding
gzip
etag
W/"95a-zPmpnqvm/416b/fu3y1CksUutzk"
access-control-allow-methods
GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-origin
*
date
Wed, 04 Dec 2024 02:19:29 GMT
content-type
application/json; charset=utf-8
x-service-version
apps-5b4b97f5
vary
Accept-Encoding
access-control-allow-headers
*
activeview
pagead2.googlesyndication.com/pcs/ Frame 79DE
42 B
65 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvZJQc7iCDBTXVGw6nti4-gyNsNNP6ESS-5NfYZKVSg6x1HuXrx2BH2pU00ZsXfe-wuXr2TMBdSMYJ69d9OCO_XWC7tlHka_G01WSR2O3EPIvJE43VOVx2Y49SQN5s8SxMxdAOdzgSwH0aAp_gyDDoXjpe32Cz8wTfM8wXUVyYB_dTjKRyJegxqbPvosrqDe_MUBA&sai=AMfl-YRfHSGwstZB4C_mMzL7kboYnsB53FWFZzvFfM7WBsKbnRJmVHYoxxrCEs5pz3HRHHqHWqjw8vo1gYR2dhgZXl2L59CbbW30IQlCIBi5mRvI18tPNo1RH0fIiUU&sig=Cg0ArKJSzNYZk7_EP05WEAE&cid=CAQSOwCa7L7devSTTb2_C3gJfszWIJezXDga1eylxyFh9qZDAbg42yY-99z4ABfMNqnAXntaxPuWXc6goZ4xGAE&id=ampim&o=315,75&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1001&mtos=0,0,0,1001,1001&tos=0,0,0,1001,0&tfs=595&tls=1596&g=100&h=100&tt=1596&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c0b::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 04 Dec 2024 02:19:30 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
activeview
pagead2.googlesyndication.com/pcs/ Frame 6F3C
42 B
65 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvsbu4CWh5hiAPFS-M-OVAN2DbXA9f1D2DL2NnRNLt-V0ultG2E-FtWdzpIMOXYVS36SVp62pCaOgqo7vSyrIsy5y3f2tlwEld2laWu0gV4RrQUVYvdYFpsjkbJMWKFqAF_DJNozjAXX6o5SVN3vQ9Y7e65EDHAPVy1NALHhMbqgT5utLr3w7T9o2PIRUwSMDMOwA&sai=AMfl-YSEHUdmSs6g1FwbhvLCGUnyXdWPMhAf5DsKWP13ZU7VV3n-SGQsg2ZxtySsRwbKrTO-mi5QeHrmAxMh1grhfygV2ioAdgSxmJpxeMMbGwgkFQsZa4P3Vl9egM4&sig=Cg0ArKJSzA1NmrszoRaQEAE&cid=CAQSOwCa7L7devSTTb2_C3gJfszWIJezXDga1eylxyFh9qZDAbg42yY-99z4ABfMNqnAXntaxPuWXc6goZ4xGAE&id=ampim&o=436,874&d=728,90&ss=1600,1200&bs=1600,1200&mcvt=1007&mtos=0,0,1007,1007,1007&tos=0,0,1007,0,0&tfs=578&tls=1585&g=100&h=100&tt=1585&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c0b::9a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 04 Dec 2024 02:19:30 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-NB8RD6J3M6&gtm=45je4bk0v881192982z872382166za200zb72382166&_p=1733278765649&gcd=13l3l3l3l1l1&npa=0&dma=0&tcfd=10000&tag_exp=101925629~102067555~102067808~102081485&cid=574771359.1733278767&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&dl=https%3A%2F%2Fwinteriscoming.net%2F&dt=Game%20of%20Thrones%20and%20sci-fi%2Ffantasy%20news%2C%20TV%2C%20and%20movies&dr=&sid=1733278766&sct=1&seg=0&_s=2&tfd=6911
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-NB8RD6J3M6&l=dataLayer&cx=c&gtm=45He4bk0v72382166za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://winteriscoming.net/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://winteriscoming.net
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 04 Dec 2024 02:19:31 GMT
content-type
text/plain
server
Golfe2
async_usersync.html
acdn.adnxs.com/dmp/ Frame E26D
0
0
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.193.108 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
57827
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Wed, 04 Dec 2024 02:19:31 GMT
ETag
W/"623de86a-cf34"
Expires
Fri, 17 May 2024 08:31:56 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish
X-Cache
HIT
X-Cache-Hits
107076
X-Served-By
cache-lga21930-LGA
X-Timer
S1733278772.900164,VS0,VE0
sync
eb2.3lift.com/ Frame EF70
0
0
Document
General
Full URL
https://eb2.3lift.com/sync?us_privacy=1---&
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, must-revalidate
content-length
1096
content-type
text/html; charset=utf-8
date
Wed, 04 Dec 2024 02:19:31 GMT
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
ixmatch.html
js-sec.indexww.com/um/ Frame DA6E
0
0
Document
General
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.25.18 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

age
658
cache-control
public, max-age=14400
cf-cache-status
HIT
cf-ray
8ec84fe46b2a9e17-EWR
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Wed, 04 Dec 2024 02:19:31 GMT
expires
Wed, 04 Dec 2024 06:19:31 GMT
last-modified
Mon, 25 Jul 2022 19:18:19 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server
cloudflare
vary
Accept-Encoding
pbcas
ads.yieldmo.com/ Frame 8676
0
0
Document
General
Full URL
https://ads.yieldmo.com/pbcas?us_privacy=1---&gdpr=0&gdpr_consent=&type=iframe
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.193.101.54 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-193-101-54.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile
access-control-allow-headers
Cache-Control, Pragma, *
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
*
content-encoding
gzip
content-type
text/html;charset=utf-8
date
Wed, 04 Dec 2024 02:19:31 GMT
pragma
no-cache
vary
accept-encoding
/
sync.richaudience.com/dcf3528a0b8aa83634892d50e91c306e/ Frame 76FF
0
0

usync.html
eus.rubiconproject.com/ Frame 7293
0
0
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?gdpr=0&us_privacy=1---
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.203.105.107 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-105-107.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
224
content-type
text/html; charset=UTF-8
date
Wed, 04 Dec 2024 02:19:31 GMT
etag
"28052a-10d-6142d69a886c0"
last-modified
Thu, 21 Mar 2024 15:32:19 GMT
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
pd
minutemedia-d.openx.net/w/1.0/ Frame 1DCF
0
0
Document
General
Full URL
https://minutemedia-d.openx.net/w/1.0/pd?gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
502
content-type
text/html
date
Wed, 04 Dec 2024 02:19:30 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 3853
0
0
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=159660&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.51.57.13 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-51-57-13.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=95957
content-encoding
gzip
content-length
6694
content-type
text/html
date
Wed, 04 Dec 2024 02:19:31 GMT
expires
Thu, 05 Dec 2024 04:58:48 GMT
last-modified
Wed, 13 Nov 2024 05:14:24 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
/
onetag-sys.com/usync/ Frame C70E
0
0
Document
General
Full URL
https://onetag-sys.com/usync/?cb=1733278767046&gdpr=0&us_privacy=1---
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.39.186 , Canada, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
ip186.ip-51-222-39.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
content-type
text/html
strict-transport-security
max-age=15552000
isync
visitor.omnitagjs.com/visitor/ Frame 4DF9
0
0
Document
General
Full URL
https://visitor.omnitagjs.com/visitor/isync?uid=19340f4f097d16f41f34fc0274981ca4&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by
Host: cdn.mmctsvc.com
URL: https://cdn.mmctsvc.com/commercial-api/prebid8.52.1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.245.40.102 Washington, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
102.40.245.35.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://winteriscoming.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
1845
content-type
text/html; charset=UTF-8
date
Wed, 04 Dec 2024 02:19:32 GMT
expires
0
p3p
CP="CAO PSA OUR"
pragma
no-cache
vary
Accept-Encoding
via
kong/3.6.1
x-content-type-options
nosniff
x-kong-proxy-latency
1
x-kong-request-id
4cdb425f2b8e0c1a9fbc8b407894f11f
x-kong-upstream-latency
4
sync
x.bidswitch.net/
43 B
183 B
Image
General
Full URL
https://x.bidswitch.net/sync?ssp=themediagrid&gdpr=0&us_privacy=1---
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.211.202.130 North Charleston, United States, ASN15169 (GOOGLE, US),
Reverse DNS
130.202.211.35.bc.googleusercontent.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

via
1.1 google
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
date
Wed, 04 Dec 2024 02:19:31 GMT
content-type
image/gif
status
api.userway.org/api/a11y-data/v0/page/https%3A%2F%2Fwinteriscoming.net%2F/DESKTOP/WIDGET_ON/
77 B
454 B
Fetch
General
Full URL
https://api.userway.org/api/a11y-data/v0/page/https%3A%2F%2Fwinteriscoming.net%2F/DESKTOP/WIDGET_ON/status
Requested by
Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2024-12-02-09-47-30/widget_app_base_1733132850231.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f14:5db:eb11:dea0:25ab:db84:d7cf Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
d2f13447bd89c56bad76bac2e4e551ac6b611f40503104b70ee26812afe5a94c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://winteriscoming.net/

Response headers

access-control-max-age
3000
access-control-expose-headers
Content-Range, Content-Length, ETag, Content-Type
cache-control
no-cache, no-store, must-revalidate
etag
W/"4d-wYLRLrbWidRwnfhEvoB+Y2U04NY"
access-control-allow-methods
GET, HEAD, PUT, PATCH, POST, DELETE
access-control-allow-origin
*
content-length
77
date
Wed, 04 Dec 2024 02:19:32 GMT
content-type
application/json; charset=utf-8
x-service-version
seo-w-eb3c4543
vary
Accept-Encoding
access-control-allow-headers
*

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
stats.bqstreamer.com
URL
https://stats.bqstreamer.com/
Domain
www.google.com
URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTAZ3HxMRAO1dddojoQg9VdqieUM08PBt-dOIujVz9PeAlrSjETZrACem0bSHhtn-6NQHwJfnCKPdh5zot36yEo5BRXRg
Domain
www.google.com
URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaR36jn_KgPTrLQKgTwqQEuUgDpXjVG_8ECTUQC-whULcXDVNU11L7VGLq3CsmgFRdbHZ2S6iue8Kofi0ltKgQny2NV-dg
Domain
googleads.g.doubleclick.net
URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Domain
googleads.g.doubleclick.net
URL
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Domain
ep1.adtrafficquality.google
URL
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202412030101&jk=3765811627837896&bg=!Pj2lPXLNAAaIaF9IqGg7ADQBe5WfOAN-j70D1QoTfwBTJ2UVN3Y2otqK55WkpU9ks2ALWQ8y0uNGFOChzjrGhZ3mJvhvAgAAAFhSAAAADmgBB34ANiufwjRcVExVXqmNc61rjsbnS8pYR1-bcOgpOgQkdEbcFuZQ5mCiP8YIYCloBNeC4kDIv2w195kCockOlQPOvyCDySfySdeG-xVXDocl1jqc2E6_f4DGAhxyEE9ac3uZ6utMJSYioLc7-y9Ck37vz-1J1_HhsUNgc0HbGjVBbHIdm6Cyj-_09cW-iu_7dOkj_z1B6Knfll14nhZDlaiQW63vzHivgn0Y_D2pYLxEK4cjS-NPTwYqYM1g7kif1HVCwpUHERv-COlSf6PGzVR00s0I7muqRaqtAKiq5qtUDudxuBz-eb3Z7Q4J15OkTr20hckvLYzc21ALPHRebIlN_9G2Cr2eU9_aFm29nOznU4_6Mf0r2JI0FbzAtExdsTIPQ8WIye00okDkSK7X_R5CuARu1KaThTmzPQbxfSKwo89YTSsKhq4XIM92D6L8giSx6vE6hYGLiiS0cIHrh0-0WeKtkWdA4UxmXGiwMOLuR3I0YMCJvcAxNXz5fYSWUhCdgdlLUYPlWYTNKizKuvfAz5E8wqWCPO9LCmkmTj4oVfSykKUCRQaGSh212a5IaOksWYocyDc3qT2MjXZ2vh5bg4dYLGbgXt0y5l4YXpxjXwPDgpLH_dexVafAOCsxM7vnK9iaSyDD0R8Grfy1w6fZJ-b_lidMeFeVhLQ8D_59RSkvQ40Xpf3BDhVRXhjtxXUpmhz5u993MbTJoWHVJ48FCIEujMoqeKw2czFBs9yKo9B8PKf2saSfRPX2_GosFD5ikA1JWTfUf26pueq2BcOJE3PpFKMdvVd6woGv7dwV4FqOKNwGQ_cCfPgfvdZjVRQ6iVwRtgYx5OvRyI59sspvz42xyKsaqmNUqfg_94wYsbXom8id6A_jjCs7N2-KcCCxes8RX2JcMlbNw6NwDBHvBZBEiwqBPsrCQnkUmlsFhwP3AOT7lhikE-EoPX6N2-MtEXsD-hmEv02ZSvc
Domain
sync.richaudience.com
URL
https://sync.richaudience.com/dcf3528a0b8aa83634892d50e91c306e/?ord=9822740132

Verdicts & Comments Add Verdict or Comment

419 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| webVitals string| cc string| id object| didomiConfig function| __tcfapi object| didomiEventListeners function| __uspapi object| dataLayer object| mmClientApi object| placeholders object| grumi object| __RENDERED_CLASS_NAMES__ object| __PRELOADED_STATE__ object| didomiRemoteConfig string| didomiCountry string| didomiRegion object| didomiGeoRegulations object| googletag object| win object| doc object| webpackChunkDidomi object| Didomi object| didomiOnReady object| DidomiSanitizing object| didomiState object| device object| __mmClientApiSubscriptions__ function| a0_0x4b24 function| a0_0x50b8 function| createUserIdentifier function| createAffiliateValue object| apstag object| google_tag_manager object| google_tag_data function| fbq function| _fbq function| mmTrackError function| mmGetDefaultData function| mmTrackEvent function| validateElementType object| params string| country string| platform string| clientID string| distributionChannels string| mmSessionId string| mmUserId function| onAdImpressionReports function| trackPlayerEmbed function| registerToEventsPlayer object| _comscore object| mmPrebidChunk object| mmPrebid object| _pbjsGlobals object| regeneratorRuntime object| _aps boolean| apstagLOADED object| ggeac boolean| google_plmetrics object| google_js_reporting_queue object| apscustom object| UserWayWidgetApp object| gaGlobal object| lotame_sync_16576 function| ha object| cnvr_launcher_options object| webpackJsonp object| google_reactive_ads_global_state object| COMSCORE object| ns_p function| __assign function| __read function| __spreadArray function| __values string| LS_KEY string| CDN_BASE string| LOCALES string| VERSION object| CONTROLS_WITH_TEXT_TAGS object| INPUT_TYPES_WITH_TEXT_CONTENT function| isInputElementWithText function| isDirectParentOfText object| FuncKeys object| DEFAULT_OPEN_HOTKEY object| userwaySupportedLanguages object| userwayMapToSupportedLanguages object| userwaySupportedLocales string| USERWAY_DEFAULT_FALLBACK_LANGUAGE function| getUserwaySupportedLanguage string| SITE_LANGUAGE_FROM_SCRIPT function| userwaySupports function| formatLangCode function| __rest object| messageStream object| _userway_config boolean| _userway object| launchPad object| launchPadConfiguration object| nodeScript function| __launchpad object| conversant object| hadron boolean| __halo_loaded__ function| lotameIsCompatible function| sync16576_aa function| sync16576_c function| sync16576_f object| sync16576_h function| sync16576_ca function| sync16576_j function| sync16576_da object| sync16576_ object| sync16576_ia object| sync16576_ja object| sync16576_s object| sync16576_wa function| sync16576_a function| sync16576_b function| sync16576_g function| sync16576_i function| sync16576_k function| sync16576_l function| sync16576_m function| sync16576_n function| sync16576_o function| sync16576_p function| sync16576_q function| sync16576_r function| sync16576_fa function| sync16576_ea function| sync16576_ga function| sync16576_ha function| sync16576_t function| sync16576_v function| sync16576_w function| sync16576_x function| sync16576_ka function| sync16576_la function| sync16576_y function| sync16576_ma function| sync16576_z function| sync16576_A function| sync16576_u function| sync16576_C function| sync16576_na function| sync16576_oa function| sync16576_pa function| sync16576_D function| sync16576_E function| sync16576_F function| sync16576_qa function| sync16576_G function| sync16576_H function| sync16576_I function| sync16576_K function| sync16576_M function| sync16576_L function| sync16576_N function| sync16576_O function| sync16576_J function| sync16576_ra function| sync16576_sa function| sync16576_ta function| sync16576_ua function| sync16576_va function| sync16576_P function| sync16576_Q function| sync16576_xa function| sync16576_R function| sync16576_ya function| sync16576_za function| sync16576_Aa function| sync16576_S function| sync16576_Ba function| sync16576_Ca function| sync16576_Da function| sync16576_Ea function| sync16576_T function| sync16576_Fa function| sync16576_U function| sync16576_V function| sync16576_W function| sync16576_X function| sync16576_Ga function| sync16576_Y function| sync16576_Z function| sync16576__ function| sync16576_0 function| sync16576_1 function| sync16576_2 function| sync16576_Ha function| sync16576_3 function| sync16576_Ja function| sync16576_Ia function| sync16576_4 function| sync16576_La function| sync16576_Ma function| sync16576_Ka function| sync16576_Na function| sync16576_Qa function| sync16576_Pa function| sync16576_Oa function| sync16576_Sa function| sync16576_Ua function| sync16576_Ra function| sync16576_6 function| sync16576_Ta function| sync16576_Xa function| sync16576_Wa function| sync16576_Va function| sync16576_7 function| sync16576_5 function| sync16576_8 function| sync16576_Ya function| sync16576_Za function| sync16576__a function| sync16576_0a function| sync16576_9 function| sync16576_1a function| sync16576_$ function| sync16576_2a function| sync16576_3a function| sync16576_4a object| Criteo object| au object| publink_options object| coreid object| auvars function| docReady object| autag object| audDataLayer function| audGtag object| au_seg object| UserWay function| __awaiter function| __generator function| __defProp function| __defProps function| __getOwnPropDescs function| __getOwnPropSymbols function| __hasOwnProp function| __propIsEnum function| __defNormalProp function| __spreadValues function| __spreadProps function| __objRest function| __async object| google_tag_topics_state number| google_unique_id string| slotElement function| sync16589_aa function| sync16589_c function| sync16589_f object| sync16589_h function| sync16589_ca function| sync16589_j function| sync16589_da object| sync16589_ object| sync16589_ia object| sync16589_ja object| sync16589_s object| sync16589_wa function| sync16589_a function| sync16589_b function| sync16589_g function| sync16589_i function| sync16589_k function| sync16589_l function| sync16589_m function| sync16589_n function| sync16589_o function| sync16589_p function| sync16589_q function| sync16589_r function| sync16589_fa function| sync16589_ea function| sync16589_ga function| sync16589_ha function| sync16589_t function| sync16589_v function| sync16589_w function| sync16589_x function| sync16589_ka function| sync16589_la function| sync16589_y function| sync16589_ma function| sync16589_z function| sync16589_A function| sync16589_u function| sync16589_C function| sync16589_na function| sync16589_oa function| sync16589_pa function| sync16589_D function| sync16589_E function| sync16589_F function| sync16589_qa function| sync16589_G function| sync16589_H function| sync16589_I function| sync16589_K function| sync16589_M function| sync16589_L function| sync16589_N function| sync16589_O function| sync16589_J function| sync16589_ra function| sync16589_sa function| sync16589_ta function| sync16589_ua function| sync16589_va function| sync16589_P function| sync16589_Q function| sync16589_xa function| sync16589_R function| sync16589_ya function| sync16589_za function| sync16589_Aa function| sync16589_S function| sync16589_Ba function| sync16589_Ca function| sync16589_Da function| sync16589_Ea function| sync16589_T function| sync16589_Fa function| sync16589_U function| sync16589_V function| sync16589_W function| sync16589_X function| sync16589_Ga function| sync16589_Y function| sync16589_Z function| sync16589__ function| sync16589_0 function| sync16589_1 function| sync16589_2 function| sync16589_Ha function| sync16589_3 function| sync16589_Ja function| sync16589_Ia function| sync16589_4 function| sync16589_La function| sync16589_Ma function| sync16589_Ka function| sync16589_Na function| sync16589_Qa function| sync16589_Pa function| sync16589_Oa function| sync16589_Sa function| sync16589_Ua function| sync16589_Ra function| sync16589_6 function| sync16589_Ta function| sync16589_Xa function| sync16589_Wa function| sync16589_Va function| sync16589_7 function| sync16589_5 function| sync16589_8 function| sync16589_Ya function| sync16589_Za function| sync16589__a function| sync16589_0a function| sync16589_9 function| sync16589_1a function| sync16589_$ function| sync16589_2a function| sync16589_3a function| sync16589_4a object| lotame_sync_16589 object| pbjs object| GoogleGcLKhOms object| __id5_finalization_registry object| _33across object| criteo_syncframe_state object| criteo_pubtag object| criteo_identitytag_159 object| Criteo_identitytag_159 object| __uid2SecureSignalProvider object| __uid2 object| ox_esp function| runMenuRemediationScript object| ampInaboxPositionObserver object| ampInaboxFrameOverlayManager object| google_image_requests function| rbuPopUp function| clearImmediate function| setImmediate object| atsdetectionmodule object| atsenvelopemodule object| ats boolean| envelopeModuleReady object| criteo_pubtag_prebid_144 object| Criteo_prebid_144

188 Cookies

Domain/Path Name / Value
.3lift.com/sync Name: sync
Value: CgoIgAIQwNXc-7gyCgoIoQEQwNXc-7gyCgoI4gEQwNXc-7gyCgoI5gEQwNXc-7gyCgoIhwIQwNXc-7gyCgkIOhDA1dz7uDIKCQgbEMDV3Pu4MgoKCIwCEMDV3Pu4MgoKCKwCEMDV3Pu4MgoJCF8QwNXc-7gy
.smartadserver.com/api Name: pid
Value: 1351866550789335893
winteriscoming.net/ Name: cityCode
Value: NA
winteriscoming.net/ Name: stateCode
Value: NY
winteriscoming.net/ Name: countryCode
Value: US
winteriscoming.net/ Name: mm-session-id
Value: yc40kWH0Eoj5HMOK
winteriscoming.net/ Name: mm-user-id
Value: eQ1hdwl55vvIHDZZ
winteriscoming.net/ Name: mm-session-interval
Value: 24
winteriscoming.net/ Name: mm-user-interval
Value: 95
winteriscoming.net/ Name: mm-referrer
Value: noreferrer
winteriscoming.net/ Name: mmSession
Value: 9ef4181e-1ce7-4e10-b750-2e621a93188b
winteriscoming.net/ Name: mmPageNum
Value: 1
winteriscoming.net/ Name: mmVariationId
Value: 01ht8s276bva9ex4e4
.winteriscoming.net/ Name: _ga_X878ZPFT48
Value: GS1.1.1733278766.1.0.1733278766.0.0.0
.winteriscoming.net/ Name: _ga
Value: GA1.1.574771359.1733278767
.scorecardresearch.com/ Name: UID
Value: 1CB13b51875880ed0ba17cb1733278766
.scorecardresearch.com/ Name: XID
Value: 1CB13b51875880ed0ba17cb1733278766
.winteriscoming.net/ Name: _fbp
Value: fb.1.1733278766756.568228333404325055
.winteriscoming.net/ Name: cto_bidid
Value: OOoeKV80NnBsNTQzZW9hTzNLNTZXRWowRTE4dVBqMEs5SlJvNXhHTkZvUmxsVmdvVkF2Z2tvM0J3Z0NtZlo2JTJGJTJCeFY4ZDFpJTJCM0Y0bk0lMkJWNGIlMkI2Y2U4SU5XbXclM0QlM0Q
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: e0d0d7143392d6173973d05b102b9234
.winteriscoming.net/ Name: _cc_id
Value: e0d0d7143392d6173973d05b102b9234
.winteriscoming.net/ Name: panoramaId_expiry
Value: 1733365166839
.amazon-adsystem.com/ Name: ad-id
Value: AzGLsUNza0kLsP_Fy_S-IQY
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.admanmedia.com/ Name: admtr
Value: d38b4301-21a5-4d49-a5d9-2e6b90f2ed38
.admanmedia.com/ Name: ac_r
Value: CS63
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.3lift.com/ Name: receive-cookie-deprecation
Value: 1
.3lift.com/ Name: tluid
Value: 3747552361447801931180
.omnitagjs.com/ Name: ayl_visitor
Value: 3db0e0b5db7890c9aaf097d58359446f
.teads.tv/ Name: tt_viewer
Value: 49c88ff4-9de2-472d-8627-52300f506396
.casalemedia.com/ Name: receive-cookie-deprecation
Value: 1
.ad.gt/ Name: au_3p_check
Value: 1
.winteriscoming.net/ Name: _au_1d
Value: AU1D-0100-001733278767-XOAZ8OUS-LOSY
.adnxs.com/ Name: XANDR_PANID
Value: ChqskUaVyounQud5W3MJW8tEInE_x7LaLuoJafTs0I0DWB5_bckbVHLTQTIbDEaF4JE_-1uCRzeTEpCbQx6qiG-_CVURQ253shJWn-6b3Hg.
.adnxs.com/ Name: uuid2
Value: 8843601102025909604
.adsrvr.org/ Name: TDID
Value: abe3c0b0-f74c-469b-b5c7-d768bd26015e
.rubiconproject.com/ Name: khaos
Value: M499FC18-U-2701
.tapad.com/ Name: TapAd_TS
Value: 1733278767162
.tapad.com/ Name: TapAd_DID
Value: 0a9d9cb7-c62d-434b-904f-e6fe9527f1a1
.openx.net/ Name: i
Value: 8a9cd4be-a57d-433e-88a9-0a5e64ca6936|1733278767
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 7415F8D0-48B4-44DD-BE32-EE89B7ABBAD1
.id5-sync.com/ Name: id5
Value: 2bebfe52-ddc7-7c9e-a922-b4dbe3b84c1e#1733278766720#2
.turn.com/ Name: uid
Value: 4459252098359499415
.go.sonobi.com/ Name: __uis
Value: d903c47d-2bb4-44fd-8a4e-a31e5828d564
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!8138
.ad.gt/ Name: au_id
Value: AU1D-0100-001733278767-XOAZ8OUS-LOSY
.winteriscoming.net/ Name: _ga_NB8RD6J3M6
Value: GS1.1.1733278766.1.0.1733278767.59.0.0
.criteo.com/ Name: uid
Value: 3c4e89f3-cf79-4173-a4d0-9dd354620abc
.criteo.com/ Name: receive-cookie-deprecation
Value: 1
.criteo.com/ Name: cto_bundle
Value: wq8Cxl9mRjMlMkI0ZW5sYW8wODhDTEMlMkJ6S2pUY3NsZlVpamJKb2Q5WUV2TTdydGtTYmtNbjVUSFhYTWZyMjZtY0dvRFRKYzJYJTJGQmtsYjIybWFPSm5laEZFZkNaVFZnb0p3R0IzSjNrcTlnZUMzRVdoS0p5NWoxZ3FOREo5OEd3UlBpSkRERjd1RHQ2SjZlR1lES0V2aDhsVmZsJTJGZyUzRCUzRA
.yahoo.com/ Name: A3
Value: d=AQABBDC8T2cCEA93PaxPKwnKCEIZdZ1Mii4FEgEBAQENUWdZZwAAAAAA_eMAAA&S=AQAAArsOVj_XXr-_40nkpyaInxE
.doubleclick.net/ Name: IDE
Value: AHWqTUn5VqY7OwUrvoJuOpVcVFSZSef7cakSOPjkUZl4x067FZsaljkeBgI_iTljlM8
.winteriscoming.net/ Name: __gads
Value: ID=6aca18c84b3e4d09:T=1733278767:RT=1733278767:S=ALNI_MavrtwviEDO4NzTQQCvbE8jL4rbmw
.winteriscoming.net/ Name: __gpi
Value: UID=00000fa6e28e751a:T=1733278767:RT=1733278767:S=ALNI_MYG_aGBPJD2QKN707Sn_muCxt1vvw
.winteriscoming.net/ Name: __eoi
Value: ID=cc4701661ca12406:T=1733278767:RT=1733278767:S=AA-AfjaPawHF7yb7iMkzwnZcvkJu
.doubleclick.net/ Name: ar_debug
Value: 1
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.googleadservices.com/ Name: ar_debug
Value: 1
.doubleclick.net/ Name: APC
Value: AfxxVi59K5Ws7qnlcpaMcbu7ZUc4m8Fq2C8bpiMRTn62UV7B8Jai1Q
.doubleclick.net/ Name: DSID
Value: NO_DATA
winteriscoming.net/ Name: _lr_geo_location_state
Value: NY
winteriscoming.net/ Name: _lr_geo_location
Value: US
.winteriscoming.net/ Name: cto_bundle
Value: p67TGV9lNlh0bFU2bzlLWXNJUmRUUWxQdzI2cjNJQmJVZ29LNzdtJTJGQ1JPcGlRVm44dEVwSUsxYyUyQjRtMDZVa2c4TXNvMHYlMkJxcGc1QnNyNElzVnZCQzUlMkJMU3olMkZES2ZBTUdvaXZUbG1KQVlUa1R5M1ExejI0VFZjenhlc0sxM0NpaWVPb2JZZGMlMkJ4RnR6VGJBaUo1QXNVYTk1NWxjYlN6U2FpT1BPaUNGcVBrd2NFVzAlM0Q
.3lift.com/ Name: tluidp
Value: 3747552361447801931180
.openx.net/ Name: pd
Value: v2|1733278768.3|vPvMgakWgy.iKbwuYhEg2f8
.yieldmo.com/ Name: yieldmo_id
Value: VzcSaaa1FSakSqbLxRO9%7C1733270400000%7C3686128570400745246
.ads.yieldmo.com/ Name: re_sync
Value: pp%3D1204505%7Crc%3D1204505%7Cunl%3D1204505%7Cdv360%3D1204505%7Cpub%3D1204505
.ads.pubmatic.com/ Name: KCCH
Value: YES
.sitescout.com/ Name: ssi
Value: 958a523f-de51-4add-815a-4b014837c0ae#1733278772052
.rubiconproject.com/ Name: khaos_p
Value: M499FC18-U-2701
.rubiconproject.com/ Name: receive-cookie-deprecation
Value: 1
.contextweb.com/ Name: ccpa
Value: 1---
.contextweb.com/ Name: V
Value: z47tRbGc7jPj
.contextweb.com/ Name: VP
Value: part_z47tRbGc7jPj
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: ff9872d56b3d8baa
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-4f93fe8f-0f27-528d-6504-3a8cbfdff35b.Z9GEt75eSJrBNKcnjbeElbNuACAytCUwubioe%2B6Kp0A
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-4f93fe8f-0f27-528d-6504-3a8cbfdff35b.Z9GEt75eSJrBNKcnjbeElbNuACAytCUwubioe%2B6Kp0A
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AT5P-jw8nUo1lBDqMv9_zWwW16oQ.8c4axZk%2B%2Fgo7qxMj2jkIZrOTbpSIKbWhG2SVSMXoxSs
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3AT5P-jw8nUo1lBDqMv9_zWwW16oQ.8c4axZk%2B%2Fgo7qxMj2jkIZrOTbpSIKbWhG2SVSMXoxSs
.ads.yieldmo.com/ Name: ptrpp
Value: z47tRbGc7jPj
.ads.yieldmo.com/ Name: ptrrc
Value: M499FC18-U-2701
.ads.yieldmo.com/ Name: ptrunl
Value: OPTOUT
.pubmatic.com/ Name: DPSync4
Value: 1733875200%3A164%7C1734480000%3A197_219_226
.bing.com/ Name: MUID
Value: 0EA7CB4CE0BE66122BE7DE07E1CC6709
.c.bing.com/ Name: MR
Value: 0
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKILSiotaG3ZUsNbieaTSkS6VQ7x-Z9q5FOkocBcJ1Y3L1EGcYBCC0-L66BjABOgSAOSS3QgQe_7VP.zNJg%2FCq3Rzx4%2B8E2pbeHNYS%2FGKmxfj20R5BCxNbkcYU
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKILSiotaG3ZUsNbieaTSkS6VQ7x-Z9q5FOkocBcJ1Y3L1EGcYBCC0-L66BjABOgSAOSS3QgQe_7VP.zNJg%2FCq3Rzx4%2B8E2pbeHNYS%2FGKmxfj20R5BCxNbkcYU
.aidemsrv.com/ Name: __cf_bm
Value: 6uDnXhj6HEuVYnJT_tJi5X0Vsm9w01pwewmaWFE73Z4-1733278772-1.0.1.1-bOiPAPEAdx9PR2.XoB44nmQsQsPqLSmXuc4UX9Q_s6DpkGLoFvyzTRpkGBDl7gU9p5sakGYLbdaJQb50FLxyKg
.yellowblue.io/ Name: wrvUserID
Value: hy7KhSa9kp_s
.bidswitch.net/ Name: tuuid
Value: 8580d06f-a377-4d9b-bd77-c38b2c3aec93
.bidswitch.net/ Name: c
Value: 1733278772
.bidswitch.net/ Name: tuuid_lu
Value: 1733278772
.zemanta.com/ Name: zuid
Value: i9T-OtYiWuj84JE76_vq
.rlcdn.com/ Name: rlas3
Value: RRp8MHkzdaiosyFhsp6zdmpfN2YxmR8Mhi6g/+aMKhE=
.openwebmp.com/ Name: wrvUserID
Value: FCNdhStrCp_ow
.adform.net/ Name: C
Value: 1
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-abe3c0b0-f74c-469b-b5c7-d768bd26015e&KRTB&22918-abe3c0b0-f74c-469b-b5c7-d768bd26015e&KRTB&22926-abe3c0b0-f74c-469b-b5c7-d768bd26015e&KRTB&23031-abe3c0b0-f74c-469b-b5c7-d768bd26015e
.pubmatic.com/ Name: KRTBCOOKIE_80
Value: 22987-CAESEIOvaQZ0hhZ4yNmNB5E6QyI&KRTB&16514-CAESEIOvaQZ0hhZ4yNmNB5E6QyI&KRTB&23025-CAESEIOvaQZ0hhZ4yNmNB5E6QyI&KRTB&23386-CAESEIOvaQZ0hhZ4yNmNB5E6QyI
.simpli.fi/ Name: suid
Value: 3795DD736BEC4E5FBB47A7438E171E99
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1v4l|7TZ.0.1|8i8.0.1
.contextweb.com/ Name: pb_rtb_ev_part
Value: 3-1v4l|7TZ.0.1|8i8.0.1
.onaudience.com/ Name: cookie
Value: 77dd5b8b45a51948
.onaudience.com/ Name: done_redirects252
Value: 1
.33across.com/ Name: 33x_ps
Value: u%3D212905239884365%3As1%3D1733278772257%3Ats%3D1733278772257
.rlcdn.com/ Name: pxrc
Value: CLT4vroGEgUI6AcQABIFCOhHEAASBgi46wEQAA==
.adform.net/ Name: uid
Value: 8355257311826322028
.ipredictive.com/ Name: cu
Value: 110c1a33-51bc-445f-89a6-3a78e412146d|1733278772294
.pubmatic.com/ Name: pi
Value: 159706:3
.linkedin.com/ Name: li_sugr
Value: f5db1930-1a0e-418e-8b24-2a469abb0dbe
.linkedin.com/ Name: bcookie
Value: "v=2&d0e64644-37d4-4066-85d8-f722767edf3d"
.linkedin.com/ Name: lidc
Value: "b=VGST04:s=V:r=V:a=V:p=V:g=3399:u=1:x=1:i=1733278772:t=1733365172:v=2:sig=AQE4hqVa37U-2h1y0Lzml7SPJmwePqjP"
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:3795DD736BEC4E5FBB47A7438E171E99&KRTB&23486-uid:3795DD736BEC4E5FBB47A7438E171E99&KRTB&23489-uid:3795DD736BEC4E5FBB47A7438E171E99&KRTB&23539-uid:3795DD736BEC4E5FBB47A7438E171E99
.pubmatic.com/ Name: KRTBCOOKIE_279
Value: 22890-110c1a33-51bc-445f-89a6-3a78e412146d&KRTB&23011-110c1a33-51bc-445f-89a6-3a78e412146d&KRTB&23355-110c1a33-51bc-445f-89a6-3a78e412146d
.pubmatic.com/ Name: PugT
Value: 1733278772
.pubmatic.com/ Name: SyncRTB4
Value: 1734480000%3A54_250_71_220_201_104_3_21_13%7C1733875200%3A223_15
.go.sonobi.com/ Name: HAPLB8G
Value: s8643|Z0+8N
.sharethrough.com/ Name: stx_user_id
Value: a0bd3352-fa77-451d-ae7e-cdfe5a527f0d
.smaato.net/ Name: SCM
Value: b13a57d62e
.smaato.net/ Name: SCMrise
Value: b13a57d62e
.lijit.com/ Name: ljt_reader
Value: JxdrALZHy7y1mlLmSeGGM7_u
.pippio.com/ Name: did
Value: xC_adw4iKer76S4F
.pippio.com/ Name: didts
Value: 1733278772
.pippio.com/ Name: nnls
Value:
.pippio.com/ Name: pxrc
Value: CLT4vroGEgYIgr0rEAA=
.casalemedia.com/ Name: CMID
Value: Z0.8NEt3uXMAAHsDAq0r0QAA
.casalemedia.com/ Name: CMPS
Value: 160
.casalemedia.com/ Name: CMPRO
Value: 160
.media.net/ Name: visitor-id
Value: 3762803720813248000V10
.media.net/ Name: data-ris
Value: {{APID}}~~25
.copper6.com/ Name: co_key
Value: cfe30bc7-823f-4bf6-a980-51a612a59a6d
.copper6.com/ Name: co_red
Value: 4
.creativecdn.com/ Name: ts
Value: 1733278772
.creativecdn.com/ Name: g
Value: JUnByHMAqDvsx1EWciLX_1733278772392
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 4
.csync.loopme.me/ Name: viewer_token
Value: e3af3151-a60a-424f-a0c9-536c22baf438
.pubmatic.com/ Name: SPugT
Value: 1733278772
.postrelease.com/ Name: visitor
Value: 0d942954-1ccb-44c2-8fbd-2efd8c1e64dd
.postrelease.com/ Name: status
Value: 0
.quantserve.com/ Name: mc
Value: 674fbc34-6ccf9-92574-a21b0
.quantserve.com/ Name: sp
Value: CgkIuYoDEgMQhg4=
.bidr.io/ Name: bitoIsSecure
Value: ok
.tynt.com/ Name: uid
Value: k3eNWWdPvDQHOLzCDGHp6A==
.aniview.com/ Name: 1_C_142
Value: a0bd3352-fa77-451d-ae7e-cdfe5a527f0d
sync.aniview.com/ Name: 1_C_142
Value: a0bd3352-fa77-451d-ae7e-cdfe5a527f0d
.aniview.com/ Name: aniC
Value: f61b794c-aa41-4cc0-ab68-c756511c83e3
sync.aniview.com/ Name: aniC
Value: f61b794c-aa41-4cc0-ab68-c756511c83e3
.bidr.io/ Name: bito
Value: AAENTE7On3gAABliEIaqrg
.media6degrees.com/ Name: clid
Value: 2sny6gk01171v3ukdi9d9isa000000019e011d01c01
.media6degrees.com/ Name: acs
Value: 012020k1sny6gkxzt10
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: pid
Value: 9077945123480267531
.smartadserver.com/ Name: csync
Value: 127:AAIJsU7On3gAABwnw7yZhQ
.bttrack.com/ Name: GLOBALID
Value: 2uKlc8-sIBd987FnJwe7nZz9eg0CX1P-dXI45Qm1J0NwQjlviI7C0IfInmPXm_QoJ2r2muTXF5QC4TM1
.dotomi.com/ Name: DotomiTest
Value: ca22eb323620746
.primis.tech/ Name: csuuid
Value: 674fbc3493469
.tynt.com/ Name: pids
Value: %5B%7B%22p%22%3A%22797f54a72d%22%2C%22f%22%3A1%2C%22ts%22%3A1733278772607%7D%2C%7B%22p%22%3A%224ef5c9a86a%22%2C%22f%22%3A1%2C%22ts%22%3A1733278772607%7D%2C%7B%22p%22%3A%2224c05c7b76%22%2C%22f%22%3A1%2C%22ts%22%3A1733278772607%7D%2C%7B%22p%22%3A%22d26852f088%22%2C%22f%22%3A1%2C%22ts%22%3A1733278772607%7D%2C%7B%22p%22%3A%22cf4d6e49b5%22%2C%22f%22%3A1%2C%22ts%22%3A1733278772607%7D%2C%7B%22p%22%3A%22f9a4a8fd15%22%2C%22f%22%3A1%2C%22ts%22%3A1733278772607%7D%5D
.semasio.net/ Name: SEUNCY
Value: 85BDF89701D336A8
.lijit.com/ Name: _ljtrtb_80
Value: M499FC18-U-2701
.sitescout.com/ Name: _ssuma
Value: eyIxNyI6MTczMzI3ODc3MjA5NiwiMzkiOjE3MzMyNzg3NzI3MTEsIjciOjE3MzMyNzg3NzI3MTEsIjc0IjoxNzMzMjc4NzcyNzExfQ
.pubmatic.com/ Name: KRTBCOOKIE_32
Value: 11175-AQADJsKs6JcE1wJDOTbMAQEBAQEBAQCSjnYshQEBAJKOdiyF&KRTB&22715-AQADJsKs6JcE1wJDOTbMAQEBAQEBAQCSjnYshQEBAJKOdiyF&KRTB&23519-AQADJsKs6JcE1wJDOTbMAQEBAQEBAQCSjnYshQEBAJKOdiyF&KRTB&23632-AQADJsKs6JcE1wJDOTbMAQEBAQEBAQCSjnYshQEBAJKOdiyF
.aniview.com/ Name: 1_C_204
Value: 05f9f7f1-e552-4f67-bfc6-907dd3af6b27
sync.aniview.com/ Name: 1_C_204
Value: 05f9f7f1-e552-4f67-bfc6-907dd3af6b27
.aniview.com/ Name: 1_C_18
Value: JxdrALZHy7y1mlLmSeGGM7_u
sync.aniview.com/ Name: 1_C_18
Value: JxdrALZHy7y1mlLmSeGGM7_u
.intentiq.com/ Name: intentIQ
Value: UrDvLpTfn7
.intentiq.com/ Name: IQver
Value: 1.9
.aniview.com/ Name: 1_C_24
Value: 8580d06f-a377-4d9b-bd77-c38b2c3aec93
sync.aniview.com/ Name: 1_C_24
Value: 8580d06f-a377-4d9b-bd77-c38b2c3aec93
.krushmedia.com/ Name: krm_usr
Value: a732cd0b-758c-5519-a992-65e8d770d24c
.krushmedia.com/ Name: krm_r
Value: 615:1734488372763
.intentiq.com/ Name: ASDT
Value: 0
.intentiq.com/ Name: CSDT
Value: UEQ6MTUxMDZfMCZVVnd6NWk2
.intentiq.com/ Name: intentIQCDate
Value: 1733278772760
.intentiq.com/ Name: IQPData
Value: 95808134#1733278772758#0#1733278772758
.analytics.yahoo.com/ Name: IDSYNC
Value: "18z8~2m6q:190u~2m6q:199z~2m6q"
.onaudience.com/ Name: done_redirects147
Value: 1
.adsrvr.org/ Name: TDCPM
Value: CAESFAoFdGFwYWQSCwi8w4bDg4XKPRAFEhYKB3N2eDl0NTASCwjghoTwg4XKPRAFEhcKCHB1Ym1hdGljEgsIyJLq8YOFyj0QBRIWCgdydWJpY29uEgsI5JPm8oOFyj0QBRgBIAEoAjILCNCp66Wahco9EAU4AVoHeGtzdzlsYWAC
.aniview.com/ Name: 1_C_72
Value: 958a523f-de51-4add-815a-4b014837c0ae-674fbc34-5553
sync.aniview.com/ Name: 1_C_72
Value: 958a523f-de51-4add-815a-4b014837c0ae-674fbc34-5553
.onaudience.com/ Name: done_redirects219
Value: 1
.rubiconproject.com/ Name: audit_p
Value: 1|bRmm4TjRDjLC0kNtZMarA1MG4C6D/t+3x5H4/Al95QXvDmtBOwNM+XA4ZikFENuBx7SMBsDTaQ0UjZRpoSzdsg3dG/EOswnq3TdAjMMjkKrTsRXQkQ3WlfFdJMTEemORX1vKT1ONdRY=
.rubiconproject.com/ Name: audit
Value: 1|bRmm4TjRDjLC0kNtZMarA1MG4C6D/t+3x5H4/Al95QXvDmtBOwNM+XA4ZikFENuBx7SMBsDTaQ0UjZRpoSzdsg3dG/EOswnq3TdAjMMjkKrTsRXQkQ3WlfFdJMTEemORX1vKT1ONdRY=
.aniview.com/ Name: 1_C_5
Value: M499FC18-U-2701
sync.aniview.com/ Name: 1_C_5
Value: M499FC18-U-2701
.zeotap.com/ Name: zc
Value: 044abcda-ecbc-4eaa-69f4-456c076096b8
.zeotap.com/ Name: zsc
Value: %E1B%9B%05%E5%F2GK%B2jU%89%273%C3%C11%C8%2B%DD%9E%88%F5%81%7F%CFZpVQ%91%C2l%04z%FD%A7X%F0s%F9F%08Q%AA%F7%C2%F4%E5%E7%95%83%3D%2B%5D3W%00s%0D%87%3A%FDA0%3D%0EW%3F%98%1B%DB%A6%ACF1%EBz%84%D2%F8I%8C

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.ad.gt
a.teads.tv
aax.amazon-adsystem.com
acdn.adnxs.com
ad.doubleclick.net
ads.pubmatic.com
ads.yieldmo.com
analytics.google.com
api.userway.org
app.fansided.com
assets.minutemediacdn.com
ats-wrapper.privacymanager.io
bcp.crwdcntrl.net
bidder.criteo.com
c.amazon-adsystem.com
c.aps.amazon-adsystem.com
cdn-ima.33across.com
cdn.ampproject.org
cdn.hadronid.net
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.mmctsvc.com
cdn.prod.uidapi.com
cdn.userway.org
cdn77.api.userway.org
cm.g.doubleclick.net
config.aps.amazon-adsystem.com
config.bqstreamer.com
connect.facebook.net
d.turn.com
e23890915835ff161149d5e994685475.safeframe.googlesyndication.com
eb2.3lift.com
ep1.adtrafficquality.google
ep2.adtrafficquality.google
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
geo.privacymanager.io
google-bidout-d.openx.net
googleads.g.doubleclick.net
grid.bidswitch.net
gum.criteo.com
gw.geoedge.be
hb-api.omnitagjs.com
hb.minutemedia-prebid.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id.hadron.ad.gt
id5-sync.com
ids.ad.gt
ids4.ad.gt
image2.pubmatic.com
images2.minutemediacdn.com
js-sec.indexww.com
launchpad-wrapper.privacymanager.io
launchpad.privacymanager.io
lb.eu-1-id5-sync.com
match.adsrvr.org
minutemedia-d.openx.net
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
p.ad.gt
pagead2.googlesyndication.com
pixel.tapad.com
pixels.ad.gt
proc.ad.cpe.dotomi.com
proton.ad.gt
rtb.openx.net
rumcdn.geoedge.be
s.amazon-adsystem.com
s0.2mdn.net
sb.scorecardresearch.com
sdk.privacy-center.org
secure.adnxs.com
secure.cdn.fastclick.net
securepubads.g.doubleclick.net
seg.ad.gt
shb.richaudience.com
static.criteo.net
stats.bqstreamer.com
stats.g.doubleclick.net
sync.go.sonobi.com
sync.richaudience.com
tags.crwdcntrl.net
td.doubleclick.net
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
visitor.omnitagjs.com
winteriscoming.net
www.facebook.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
x.bidswitch.net
ep1.adtrafficquality.google
googleads.g.doubleclick.net
stats.bqstreamer.com
sync.richaudience.com
www.google.com
104.18.25.18
104.18.27.193
104.18.28.101
108.138.106.59
108.138.112.90
108.138.128.28
13.249.91.61
13.35.93.44
142.251.111.154
151.101.193.108
162.19.138.117
162.19.138.118
172.253.122.156
18.164.108.113
18.164.116.85
18.173.219.84
18.211.109.241
18.238.80.40
2001:4860:4802:36::181
207.65.37.179
208.115.232.246
23.203.105.107
23.203.179.38
23.41.169.52
23.51.57.13
2600:1f14:5db:eb11:dea0:25ab:db84:d7cf
2600:9000:211c:1a00:1b:3a6c:1300:93a1
2600:9000:21f9:d000:10:43f:4340:93a1
2600:9000:23ca:6e00:14:3f07:afc0:93a1
2600:9000:2510:6e00:5:b7cc:d3c0:93a1
2600:9000:2511:7000:a:e047:754:f4a1
2600:9000:2511:a400:4:b37b:9440:93a1
2600:9000:261f:6200:19:4ac0:c3c0:93a1
2600:9000:27c2:7200:a:3342:cb00:93a1
2600:9000:2840:d400:18:ed96:9000:93a1
2602:803:c002:200::32
2606:4700:10::6816:3456
2606:4700:10::6816:445
2606:4700:10::6816:545
2606:4700:10::ac43:17ea
2606:4700:10::ac43:246e
2606:4700:20::681a:367
2606:4700:20::ac43:4728
2606:ae80:1451:20::1780
2607:f350:3:2569:0:10:0:c
2607:f8b0:4004:c08::9d
2607:f8b0:4004:c09::94
2607:f8b0:4004:c0b::5e
2607:f8b0:4004:c0b::9a
2607:f8b0:4004:c19::9a
2607:f8b0:4004:c1b::69
2607:f8b0:4004:c1b::84
2607:f8b0:4004:c1d::5f
2607:f8b0:4004:c1d::84
2607:f8b0:4004:c1f::9c
2607:f8b0:4004:c1f::9d
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80d::2008
2607:f8b0:4006:820::2001
2607:f8b0:4006:822::2001
2607:f8b0:4006:822::200e
2620:100:a00b::12
2620:100:a00b::30
2620:100:a00b::4
2620:112:f008:200::101
2a02:6ea0:c400::53
2a02:6ea0:c400::55
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
2a04:4e42::485
3.220.40.212
3.233.183.24
34.102.146.192
34.111.113.62
34.120.107.143
34.98.64.218
35.162.65.214
35.186.253.211
35.211.202.130
35.244.159.8
35.245.40.102
35.71.139.29
44.193.101.54
51.222.239.230
51.222.39.186
52.223.40.198
52.45.239.128
52.85.61.52
64.233.180.149
68.67.160.184
69.173.146.5
74.119.117.17
8.28.7.83
98.82.158.241
00305e463d41613d61feaf6571cdf4569bfbbbdc3df066e1664269c18a57441f
00385bb02050e6039dcebb4f3a49b3cb4d94ba0ccbcffc184996ef9343a7c0a4
01757695b3e7944d6d92a0b39cb835a81031fc4ce69c0807c7869b9d20a26ed2
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
07306dda8e45a8eead3947db6289b60757bc3a0eff9173dd6ff239893a046bb8
07c27bf8e80697a7ebef5120e97dc6c09db1255b72b6c21c6c3307e2d04c602c
089b27e5184c1fec4ca2dcbd89641be0d7c69694d19662ff0234cea6bc5485e4
09aaf85ec2dd4c170f2c44462e9cd2fe39bb4e893a604979f47b6628d8dc271c
09f2553e8022e5f2510d3509f0c17b67086ca4342492bd311b45cd46b0283398
0b35fd96d2ef26af1b3539f8a19c534931abf8e43007fecc7fd52f477c31d3f9
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0d72088c7754c751e231fde66f09f715ca078574c361b9662e5569a400b06c2d
0e284c175ea1cd1866d5d88171f3ca5fcad2b370093f0ae7891c152827a12dd0
111d54cba674c43f4607ffe44c574cce2bc419baf830fbbe3601ce00c6665bc3
120d87bc371bbb3ae2ac861ecfc92a6188f87cc20c94a31f232b4c4bbdc1f740
1415fe00c4470b064a96d45f32b6b82d02bbfc4f827a378737a2d71ea96a216c
154f27a9f918937c0856a53b7ff7c32d6b130d67792573779ca37d17156f33d9
1635d2075d3343c86490d2229c1fb868ad59d92958ef65e04cb65767c703e9f6
1764e898369c24be8d7d1cbcb82079c27f3898fbc1883f388a5c1008dd30c9e8
1864c515cb8d27edeeb06d1c47b0eac409d3611d6d979efb9e38c66c2484e01a
1a670621887fc5a477e0fc893b488eba232eb5be781230e1cff733780f95d139
1e98b26df745f76b1dbf8757ecb7abadbafa34d3b97b02dd4b24d21720d200e2
1fd9028d5fb8bd54347982d9ec184b5a0a03b24b3ab9fec3bfee897cf0863e52
21eb1e487c899c6192c31800445bfb81caa7ff1fca550ea3fdb3444834d85710
233e204992af29c72ecd6b8a5efa64449aba6f4d74d8ae39d3080f6e5cf5a259
23b228313ac1b0816c4ee8994b9fc9e1e25d3e679908320125f60770579ec9ac
24ec8befbd1189baebbcfb2af4b1b1ca1e2fe715c7125863941ed7d0fa9ec909
25b4a4d0779f65ca6db3d105e84d12afa3a6ec485c085594c6531c081923259e
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
26b81689fbcf8d76ff8c45c323de62a7085f5b6d2514d412ad3ceb8cedb818a3
272abc391df3e15605d3908694596670700cda708f3fd38e27637ac394d2e89f
278685d4467e915e1a1ce58a24e15dcdefbd7719acf70a59655361c35f8e273d
28f6ada997873a7e073fc506b93f86b6d2be7de4cc6ae085557bc322cc6df331
2b6ed5e2f6d8ddf22a93d6ee453bd711b17c55bbd6317f4c8300ed5b5aa279fe
30b32e97f2e3e06deb742bf2e19daeb4f4657a956e836c2a25a7df2bc72f7500
30de3246206b38b390d4d119eb5377bbae3a5110606d11e4a4e60ca4881884cd
327fe6d02a0093957548a317de262d85eba34567d4d806a1e5af45b73eb6e116
33c70c297b1a729f965a6aca60b7b3bb7a3b06bd13efe07698516fa98ac8b9f9
3520ab6871aac9ce5c67a2f3f8e9b5a312f76a79130e52c387a10c5c56b0cbbb
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3a3d3651d984ab6608e5395ebe540d0fe29750f33ac4457e19adc777582da987
3fd7b86ab05e6ccfaaa26a79c1401fe067922ae8fe9867307327a837e8d956db
41740cbf4cb374a9359f301ed2232273b4330cd23edca6b84a587e2a9159d340
4409ae2f9f75179a1020c2060f308697a5599149b0aa4f29c088ce97a442b2bf
463a38e12ab498dda9a61b4a32dd73d26cf2649617bdab82fcc728c8ce8895cd
465fcc22a8d03db25f15da540b733de0c636465839c7ef99c6dcb233a50af04c
46880f99d2aaec85185eee36fe017a2081e1bfad96ed1fdea9e161a174ce6406
4887540e1cc0b9ade4e6aed399e36834c6f9a406fae336f94f1cabdbdc7019ce
48eef7fe61a3e2c7c88ac1c6a263bd851b6a05363607e52fd2be4e4472d42255
52c854815f543b120f9314bf012a95ff9902edef46b232928855005edd9cf67c
538d15501cc27005b834d8e10d6ac2dffa16fa19278495726e03de16fd40fa94
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
554d86be733cf3f534ef0ed6c0613381a45229b4f6ae1a64b03806b22a2dfb2f
57eac1082a24c4bfbd926594f0af4d36f98e3b3695973a96e238d953d7e79fbb
59855ab21479dde905cf48ff3e82c9c15fcf97c96f99276952e263ede1f58916
5a3d69c0f4c390615ab951405230ee0b517d2cca2eac239b965c82628b043cb5
5b6fd3c9cb3cf13684e3ed164443b6e59d34491623f142d100b0546a556668da
5c731ca5a62b74f49ea1116bccd8a03596895c82e5dfb4aa5515583139231661
5d1374a728eb83232fb3eafde75f2ec8c0c47e32483b891071e60c602c2cbe30
5d7be6f59fe99ff493b48c1ff9bb7cad6d8d13b5abf62a009e8f08fb07ad45d2
5ef99327c8d7a4017f81fcfee49b0c3841000fb5eb6727a574d336a6398cdf15
5fd7fc4b8be9c2eeb3efb728f0483d444e4a8db80f0597e4ef7950105638bb08
625188c026613819f042c50a3e82cb4a4d2843fd15ebe4cd88380f13d5663c3e
6498fee08a44deeeeab37324eeee5a376bcf493f210b0a9e3486adc12b4886e8
6598525fb7f424f533cc1e037c324825db29436400b47e15b4272a58857eec33
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
66776998b10e583a72f8fd29391a50e2c80eb3bc9a65b0dafe97e576d7d88507
6a7b0c8bf87b2bd5ca31557f25cf2a6c80f93af72bf68a6085e9b55a87fe908c
6d26f7668d31aaeb9a8a01ca082bfbc2d4c4ab37eeb46bc54f14bd7d7e085985
71cfdae69236a935151761b96b4f46b54f95be14372112e9b5c398eb87db1b3a
71f0c958e33905cb028dfd76ff7fcffa9d57a260845594e84d116530e3f80a36
7442d5ba404c482128280bb0416c3d62c8d06868594c1a23892b06df1ee2983a
7480ad4844eadbd418e8e91b136bbd5fab3120cc8122a68cc5ed838f3ab5cc60
7580e2154f7f46ece9b99534a24e43726f514d668cdd6d7a33c92879ca8e7822
77e3943528baacf0d54e633423b08aeb036d475447ad5e80da7a35c558bf43ce
7b07a0a85a4be46b00cf82b2775eaec996c6a444d3987bd5a0cad66012f42e76
7ca187c727a65c28a3943337cc665d3761ab96a3533c9cd415d6e30a70c9d15e
7d3f4464a0640a3bdc7e965975f3fcedb3df644c814f4dae4e36006738ca0601
7d554338eb87d26504ecaf220d55695296ded4a6933c916f528031937d872698
7f996a0e7b6b60388701960c53efcfe93969f7aedfdf8411930e95ffdd4ff6d9
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
827cf01c445ea3f29a98f5f75ef293ce692312df3647f7b9971ee92330051aa4
82e16ee1bcf32a940c622c4a318be5da2e337c1278e6226131ca1c6f73001ae1
8751b595bf81b2e1d86d7fe4ef6be9ba5db857242f746bff9e6db626c66836af
88cd0f27791bda7470ed0523b1b7b061703fcb7d635c2b79aeefdbcdb98c0cc8
891a85bedcc8593cdbd4783b5b08f04341ef66aa08c08c47bb9246be12ebe0c5
898dd2300bfbc72171ca3ae4b59c3958c7e58a598fe4e6ff5fec72f49817d737
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
89b4aa9e9bf8516c2ab7b5134f65d47b02071637259a14c9f60dccc207e05ce4
89c240d7f6ec668f2abb06a3d3921b870b1d2b2801405ad19202596b0ec8af31
8c62a50dd1b00bf9f04bf9d58f823fdc7f1d4debb46d1466fee7163d85f6cdb9
8c73f9a6f0b8297c118aa6cf1db4fd00b23119b9edfd8fbb9f67ba6d269fb061
8d3971b06114a9fdf129dab4c23283ecd28cc12679b77a27f3c7f3483f6be924
8e4d4acd6adce81bca1874285e1d2b4925c1cda903b460095f1c553366181f27
8f8ba42d03a7c5a04626835a48b8212f61a3440e51d66b4b866a8d20acf32f57
902bdb118f04fb4e468380dab15eba50248ac3a81e5dc5065da2dc67036bd0f6
904c7102bebafffeace528bae48e0739d4b997e1ef6e83efbf4c148ccfb028a5
90517d55ed5bdd2dd0680f450b94d016545bed326153aafb45b474a777e20cce
906331eeaa33476c5672cfba89c381dda6b9de0df6d59f5e7f3686aad545fa41
926f54fd1c5f039da33b7b320c2e89876ae4709d02697e9f7bdcb45a11013c47
938c64115ce60b98ee8151d7eb28208567753f3d4ebbe0aa0f56618c555a18fb
93be48412621779ed719ab713ca1116de5eae63bac3827e29729ab64f0504f40
9426749b997d18aa173a47d37b76c529f37fadc1fa5bc27b666dbe57c75d96f8
9506ee856da00232d3c2626a817c26ed279e2eb6ea111d7041dd7d4ae9a86ca1
985439e624e2d00a62f6ab6fcc6738cd7281f95acd61fd610586bd0669c8874c
99241624a2bd584ea0ee05d52efa3970c59e99f88a2e8c63d6ec7d277dba3f4d
9e9343d46452bcc5d558c9739578f0c254981d9566ef58984224c700bd611f3c
9ffa45453324362cbc5cc78288e04513100c2d61baf3a969717ea5df3d0dbb39
a12cd3a51ffd912f5000e1a5b3b197a6e314d3806be5095304a2a36095690c8a
a32148b2db558a216f6f640052e43fd1fa5abf618fbd295eba718b0d5a352c98
a371978536745668f9c16dcbdbf0d5ca436d146906664dcc0529f16d70567fdf
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a63464b261cbda77815af53f6587f68cfeb352447f2896c0dd9784b1062e7c09
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab7dcfad27703bd3f510f2fb8eea5a8e4be2aa92c0086ad70a0ff4302d5923d1
ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
ae66a6bfeda36f14aee99589a98078c3d8ffa82a4ce443e11229864de21b68f8
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b2ac0a80c3037e36cc04e4ac63a9fd246542c3c2370504f571ebaeada10be9cc
b406d3a8df3a5f266caeddfd71877956f730fb03d39ddb0b9ee016f17cef1eac
b5ce626628e8825b9361c84c9e94a389d2c00e4a72fc51a77f95bb22b792843b
b6a61fbfc079dd7d0c9f3a9fafc811cfe4f7050831c1124bd4b3e49df8c97708
b7465d4c561fe75b44aaa7872e52958313c2aa22025e0f964565fcfcb255a01d
b773f5ca97e1f719c7f3a18c0fee1e27bf29da29554ac1ce92f31e331968f119
b9208aee0398bda39abb57c76a1af722d0e7a03a49644ce2f531ca20913004ec
bb30806a921a35e06a5446d679b0c669ddcad0dd480bd7d80b9f37791cb0e435
bd1577e5e293092a1212a7c88fa6bcff12be3420305e5caae8e78369eeeb7ddd
c3294e44895e8e8f91cbdc14526f315f5986ac7d5d504020674c5af774bf8bf9
c32d3b479112dca3211b0400d00d391e89d014c688bc90b13fcccd7e5e86597c
c3e3d7e0bce6022ae66381d04eb4742252d577ba15c5f9cceb49cb14c9eb90b1
c45f637f905e1ea01ba81aa39e8da62ee7e7f8703c3da4c3bba55f6192e5834c
c46936850cfa993988f2c32b0b04a5c4b0f94c30d36aca502626befbd2b802de
c486e9e82b20b5506be37c1712d0feeafd506a3519e35bad95272ecf55632dde
c81ad05c2dcb288d09c829951a1ab76101454b3afb86bbc67807922b3155cebd
c8c28caf97c281ccc1cf355847535b7461beca728c1e10d04ea0b65eca520abc
d0159f4a51df0b211e11ff1446f7b94ca6e3e81b2c041477da80670d8fda263a
d2f13447bd89c56bad76bac2e4e551ac6b611f40503104b70ee26812afe5a94c
d3c286558922ca8c2c69167698cd61a8280cb03b81bb41d9bd633f80f18c274f
d6350cefb90d29241d3e02629bb4cf96e2458fa3d1dd1bf0ff1a5870a4eb8f2f
d66fc81b8da5c230e4a4ea784bcf0caf2935127c02e35924f902330542915a4a
d6fb1649fc7635aa1c0dffc0a11126cc94a672fe9b1ac8afe9d0e6538b94f06b
d744be23d9d42febe0cb4c44358f92d3a6ddfa5922a598ffca089a805c1a32b1
d7988bfa1e7bdefad6eee21d30705d6d27bf9aeff0076cc4a374f901a041a270
d7c26fcb00fc4f21f1fef7c31d7b2eb0566a15a8178bc570fe125dcb3f441b06
d95ef68aba30eecf80756ae2645af00669c14c2def73eb5d528a5f767e3392d0
d9edb5922009e8fcdbdaff4d37ea6903bc9f7079e0c4d16e9ee97327af3a358b
deedcc3109eac44732c4750a5bc8ed4d39c6c427f1007aa3dfb05b254b6d568b
df0b1932128c05ccaaed0733bbabedb592943bd27d42b219f1f49538a966e16e
e1e6f277c33ff995e4e988743eec16116b137ef1b2ae0e177730e2b2e66a6e6e
e33cff2da607ed34049c949ac59d671b34ce321369629f45ed5462131f6b0a83
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e84f49c9ac99bd81566f8d125de14d0db38ef0adf139a869f299de474d22916e
ea228568c78711e3d8ebbb8a4d6b36c9eb3d5fe6038e2ce69be9be3656b2699c
eb87c0447bd19366919bdb8913f775caca732ac31cbc5e5d42e4db5df39437ce
edfd0c717ee2cfef6b0634e359f1aec87f9f1d9a819d611ac615a8225bb6fdbc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0744731aa95b807bfb554db0d69f387225e90ab21f2c7bd2d42dbcaad05e4d1
f4570c74047a26ecb942ca537b0d7a9872197d376f61b99cccc3730924595350
f4a66f520e5a1676afa712f63b38fec877047301b208e1d2df15fd94d16a2435
f4a9f0660f5c68ff763c6f5eb2d89f977cc2a61ed5d3f2688a2257de0f65fef3
f8f93c4c2609fb8ae9975a99d1e0851c51777b69e8388f5b0c97e2d2a4323a43
f9deaf68dfcd615d422dd020f1a117a85bec167e9ee1ef218ee83a9adb03a181
fa0739ffd9bc4ac67899cbb4e46e4f10367677a238132f5bf2319ef0f9bcbe74
fa739992a86252b23ad49f8bf2309674f484719778774f2aaecfff4bf779eca1
fa843245814c185e1139a54052cf819ea23a33ac393d90f3525958116681e8be
fb55f581555cc64d7993e85799a131a9b55509c4bd2ccdb21458c3a228619334
fc2f7d9d9a3f6ec9f5815983d125d1e1c79ac4afaf95a042b0b56d8f7939e1d3
fdc9964050bfa24c27a3c76c6791b3674292a5f352cbc83d7a4dc49595bc3fb1
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99