URL: https://bearinsider.com/
Submission: On October 21 via manual from US — Scanned from DE

Summary

This website contacted 113 IPs in 11 countries across 83 domains to perform 454 HTTP transactions. The main IP is 40.119.40.202, located in San Antonio, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is bearinsider.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on August 15th 2022. Valid for: a year.
This is the only time bearinsider.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 40.119.40.202 8075 (MICROSOFT...)
7 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:225... 16509 (AMAZON-02)
3 104.18.17.243 13335 (CLOUDFLAR...)
19 20.60.20.68 8075 (MICROSOFT...)
4 2a03:2880:f01... 32934 (FACEBOOK)
2 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a03:2880:f21... 32934 (FACEBOOK)
1 2 2a03:2880:f21... 32934 (FACEBOOK)
10 2620:1ec:bdf::45 8068 (MICROSOFT...)
2 2600:1901:0:3... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
2 104.18.12.76 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
6 52.223.40.198 16509 (AMAZON-02)
2 34.120.133.55 396982 (GOOGLE-CL...)
9 20.150.39.132 8075 (MICROSOFT...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2600:9000:249... 16509 (AMAZON-02)
4 2600:9000:223... ()
2 199.232.136.157 54113 (FASTLY)
3 2606:4700::68... 13335 (CLOUDFLAR...)
3 88.221.168.201 16625 (AKAMAI-AS)
4 2602:803:c004... 26667 (RUBICONPR...)
3 34.107.148.139 396982 (GOOGLE-CL...)
5 52.28.133.144 16509 (AMAZON-02)
5 52.28.203.152 16509 (AMAZON-02)
5 54.75.88.22 16509 (AMAZON-02)
4 12 185.89.211.12 29990 (ASN-APPNEX)
4 104.18.18.126 13335 (CLOUDFLAR...)
4 185.64.189.112 62713 (AS-PUBMATIC)
3 138.197.55.50 14061 (DIGITALOC...)
9 34.98.64.218 396982 (GOOGLE-CL...)
5 34.149.20.76 15169 (GOOGLE)
4 104.18.19.126 13335 (CLOUDFLAR...)
2 2a03:2880:f11... 32934 (FACEBOOK)
1 104.244.42.72 13414 (TWITTER)
4 2600:1901:0:d... 15169 (GOOGLE)
5 35.168.146.216 14618 (AMAZON-AES)
1 2600:9000:225... 16509 (AMAZON-02)
1 18.64.79.25 16509 (AMAZON-02)
3 2600:9000:223... 16509 (AMAZON-02)
2 141.148.45.191 31898 (ORACLE-BM...)
1 6 2606:4700:10:... 13335 (CLOUDFLAR...)
1 147.75.85.234 54825 (PACKET)
1 52.29.149.17 16509 (AMAZON-02)
1 69.166.1.8 27630 (AS-XFERNET)
2 18.66.248.112 16509 (AMAZON-02)
1 143.204.89.74 16509 (AMAZON-02)
2 13.32.121.63 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
37 2a00:1450:400... 15169 (GOOGLE)
21 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 34.102.146.192 396982 (GOOGLE-CL...)
1 2a02:2638:1::3 44788 (ASN-CRITE...)
1 52.36.23.219 16509 (AMAZON-02)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 34.96.70.87 396982 (GOOGLE-CL...)
1 18.66.97.88 16509 (AMAZON-02)
1 3.139.232.239 16509 (AMAZON-02)
1 52.215.122.206 16509 (AMAZON-02)
2 141.95.98.64 16276 (OVH)
9 2a00:1450:400... 15169 (GOOGLE)
4 54.194.79.34 16509 (AMAZON-02)
1 2 34.120.107.143 396982 (GOOGLE-CL...)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
12 18 142.250.184.226 15169 (GOOGLE)
4 19 185.80.39.216 27381 (CASALE-MEDIA)
2 35.190.39.111 15169 (GOOGLE)
24 2a00:1450:400... 15169 (GOOGLE)
1 178.250.0.157 44788 (ASN-CRITE...)
2 104.75.89.75 16625 (AKAMAI-AS)
3 4 185.94.180.125 35220 (SPOTX-AMS)
2 2 18.156.0.31 16509 (AMAZON-02)
9 142.250.185.98 15169 (GOOGLE)
1 2 52.16.17.93 16509 (AMAZON-02)
17 2606:4700::68... 13335 (CLOUDFLAR...)
1 82.113.101.236 6805 (TDDE-ASN1)
7 23.203.66.225 16625 (AKAMAI-AS)
4 2600:1f13:800... 16509 (AMAZON-02)
20 184.24.9.11 16625 (AKAMAI-AS)
3 2a00:1450:400... 15169 (GOOGLE)
2 151.101.1.108 54113 (FASTLY)
2 2620:0:862:ed... 14907 (WIKIMEDIA)
8 8 3.122.72.111 16509 (AMAZON-02)
2 2 3.120.52.251 16509 (AMAZON-02)
3 3 213.19.147.45 3356 (LEVEL3)
2 95.101.200.23 16625 (AKAMAI-AS)
1 198.47.127.18 62713 (AS-PUBMATIC)
2 2 3.125.10.252 16509 (AMAZON-02)
1 72.251.249.9 32475 (SINGLEHOP...)
1 178.250.2.151 44788 (ASN-CRITE...)
1 104.79.88.129 16625 (AKAMAI-AS)
1 104.17.120.107 13335 (CLOUDFLAR...)
1 2606:2800:233... 15133 (EDGECAST)
1 67.202.105.23 32748 (STEADFAST)
1 5 23.203.77.3 16625 (AKAMAI-AS)
1 192.96.200.41 30633 (LEASEWEB-...)
2 2 188.42.196.115 7979 (SERVERS-COM)
1 198.47.127.19 62713 (AS-PUBMATIC)
3 5 52.46.128.147 16509 (AMAZON-02)
1 2 2a05:d018:d29... 16509 (AMAZON-02)
2 66.155.71.150 13768 (COGECO-PEER1)
2 2 70.42.32.127 13789 (INTERNAP-...)
1 1 2a02:fa8:8806... 41041 (VCLK-EU-SE)
2 2 35.157.30.208 16509 (AMAZON-02)
1 1 185.89.210.20 29990 (ASN-APPNEX)
1 1 2001:678:cb4:... 56396 (AMOBEE)
1 1 103.229.205.243 30419 (MEDIAMATH...)
2 2 151.101.130.49 54113 (FASTLY)
1 1 185.183.112.155 60350 (VP)
1 1 34.111.151.213 396982 (GOOGLE-CL...)
1 104.18.13.76 13335 (CLOUDFLAR...)
1 151.101.194.137 54113 (FASTLY)
2 162.247.241.14 23467 (NEWRELIC-...)
2 4 69.173.144.165 26667 (RUBICONPR...)
2 3 52.95.122.74 16509 (AMAZON-02)
4 4 69.173.144.139 26667 (RUBICONPR...)
1 2620:1ec:21::14 8068 (MICROSOFT...)
1 69.173.151.100 26667 (RUBICONPR...)
1 3.82.239.242 ()
4 2600:9000:231... 16509 (AMAZON-02)
1 34.200.112.63 ()
1 2a00:1450:400... 15169 (GOOGLE)
454 113
Apex Domain
Subdomains
Transfer
63 googlesyndication.com
4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 104
tpc.googlesyndication.com — Cisco Umbrella Rank: 147
385 KB
46 doubleclick.net
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 188
stats.g.doubleclick.net — Cisco Umbrella Rank: 84
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
cm.g.doubleclick.net — Cisco Umbrella Rank: 215
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 317
314 KB
28 windows.net
f5s008media.blob.core.windows.net
f5s.blob.core.windows.net — Cisco Umbrella Rank: 168168
873 KB
27 casalemedia.com
htlb.casalemedia.com — Cisco Umbrella Rank: 519
as-sec.casalemedia.com — Cisco Umbrella Rank: 1407
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 542
dsum.casalemedia.com — Cisco Umbrella Rank: 1311
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 439
20 KB
24 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 273
829 KB
20 betgenius.com
gsm-widgets.betstream.betgenius.com — Cisco Umbrella Rank: 133686
488 KB
18 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 492
eus.rubiconproject.com — Cisco Umbrella Rank: 596
secure-assets.rubiconproject.com — Cisco Umbrella Rank: 929
pixel.rubiconproject.com — Cisco Umbrella Rank: 347
token.rubiconproject.com — Cisco Umbrella Rank: 682
pixel-us-east.rubiconproject.com — Cisco Umbrella Rank: 852
28 KB
17 bannerflow.net
c.bannerflow.net — Cisco Umbrella Rank: 10803
187 KB
15 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 232
acdn.adnxs.com — Cisco Umbrella Rank: 618
secure.adnxs.com — Cisco Umbrella Rank: 438
60 KB
11 openx.net
didna-d.openx.net — Cisco Umbrella Rank: 36863
insticator-d.openx.net — Cisco Umbrella Rank: 21630
oajs.openx.net — Cisco Umbrella Rank: 3373
us-u.openx.net — Cisco Umbrella Rank: 409
google-bidout-d.openx.net — Cisco Umbrella Rank: 3217
u.openx.net — Cisco Umbrella Rank: 664
2 KB
10 adsafeprotected.com
static.adsafeprotected.com — Cisco Umbrella Rank: 594
fw.adsafeprotected.com — Cisco Umbrella Rank: 794
dt.adsafeprotected.com — Cisco Umbrella Rank: 546
97 KB
10 azureedge.net
f5s-cdn.azureedge.net — Cisco Umbrella Rank: 153926
676 KB
9 instiengage.com
auth.instiengage.com — Cisco Umbrella Rank: 17604
product.instiengage.com — Cisco Umbrella Rank: 20121
geoip.instiengage.com
static.instiengage.com — Cisco Umbrella Rank: 26495
cms.instiengage.com
245 KB
9 yahoo.com
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 1155
ups.analytics.yahoo.com — Cisco Umbrella Rank: 294
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 426
15 KB
9 pubmatic.com
ads.pubmatic.com — Cisco Umbrella Rank: 495
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 470
image8.pubmatic.com — Cisco Umbrella Rank: 590
image6.pubmatic.com — Cisco Umbrella Rank: 671
77 KB
9 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 44
storage.googleapis.com — Cisco Umbrella Rank: 403
ajax.googleapis.com — Cisco Umbrella Rank: 306
199 KB
9 bearinsider.com
bearinsider.com
798 KB
8 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 296
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1205
6 KB
8 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 303
4 KB
8 google.com
adservice.google.com — Cisco Umbrella Rank: 78
www.google.com — Cisco Umbrella Rank: 2
2 KB
7 connextra.com
ssl.connextra.com — Cisco Umbrella Rank: 7528
us.connextra.com — Cisco Umbrella Rank: 30254
7 KB
6 ingage.tech
ex.ingage.tech — Cisco Umbrella Rank: 7692
2 KB
6 s-onetag.com
get.s-onetag.com — Cisco Umbrella Rank: 4338
onetag-geo.s-onetag.com — Cisco Umbrella Rank: 5241
signal-beacon.s-onetag.com — Cisco Umbrella Rank: 5661
signal-segments.s-onetag.com — Cisco Umbrella Rank: 8332
18 KB
6 33across.com
ssc.33across.com — Cisco Umbrella Rank: 1686
ssc-cms.33across.com — Cisco Umbrella Rank: 972
1 KB
6 media.net
prebid.media.net — Cisco Umbrella Rank: 1238
cs.media.net — Cisco Umbrella Rank: 1392
contextual.media.net — Cisco Umbrella Rank: 570
3 KB
6 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 356
2 KB
6 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 193
260 KB
5 insticator.com
geoip.insticator.com — Cisco Umbrella Rank: 23677
event.insticator.com — Cisco Umbrella Rank: 17839
664 B
5 servenobid.com
ads.servenobid.com — Cisco Umbrella Rank: 1663
3 KB
5 sharethrough.com
btlr.sharethrough.com — Cisco Umbrella Rank: 998
781 B
5 google-analytics.com
ssl.google-analytics.com — Cisco Umbrella Rank: 278
www.google-analytics.com — Cisco Umbrella Rank: 32
57 KB
4 spotxchange.com
sync.search.spotxchange.com — Cisco Umbrella Rank: 572
2 KB
4 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 425
mug.criteo.com — Cisco Umbrella Rank: 2786
dis.criteo.com — Cisco Umbrella Rank: 679
8 KB
4 clarium.io
protected-by.clarium.io — Cisco Umbrella Rank: 1636
1 KB
4 lumpylumber.com
lumpylumber.com
959 B
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 151
198 KB
3 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 543
2 KB
3 id5-sync.com
cdn.id5-sync.com — Cisco Umbrella Rank: 1193
id5-sync.com — Cisco Umbrella Rank: 471
17 KB
3 google.de
adservice.google.de — Cisco Umbrella Rank: 8724
www.google.de — Cisco Umbrella Rank: 6045
1 KB
3 technoratimedia.com
insticator.technoratimedia.com — Cisco Umbrella Rank: 21681
ad-cdn.technoratimedia.com — Cisco Umbrella Rank: 2666
8 KB
3 resetsrv.com
ads.resetsrv.com — Cisco Umbrella Rank: 13990
1 KB
3 confiant-integrations.net
cdn.confiant-integrations.net — Cisco Umbrella Rank: 1515
156 KB
3 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 731
syndication.twitter.com — Cisco Umbrella Rank: 1061
133 KB
3 indexww.com
js-sec.indexww.com — Cisco Umbrella Rank: 608
cdn.indexww.com — Cisco Umbrella Rank: 1375
15 KB
3 instagram.com
platform.instagram.com — Cisco Umbrella Rank: 7550
www.instagram.com — Cisco Umbrella Rank: 1283
5 KB
3 authorize.net
js.authorize.net — Cisco Umbrella Rank: 35325
9 KB
2 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 226
1 KB
2 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 578
641 B
2 creative-serving.com
ads.creative-serving.com — Cisco Umbrella Rank: 4112
1 KB
2 zemanta.com
b1sync.zemanta.com — Cisco Umbrella Rank: 560
618 B
2 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 602
382 B
2 betweendigital.com
ads.betweendigital.com — Cisco Umbrella Rank: 2142
1 KB
2 w55c.net
pm.w55c.net — Cisco Umbrella Rank: 765
1 KB
2 sportradarserving.com
a.sportradarserving.com — Cisco Umbrella Rank: 2293
1 KB
2 wikimedia.org
upload.wikimedia.org — Cisco Umbrella Rank: 2211
13 KB
2 teads.tv
sync.teads.tv — Cisco Umbrella Rank: 1137
344 B
2 rtbhouse.com
esp.rtbhouse.com — Cisco Umbrella Rank: 7026
238 B
2 crwdcntrl.net
tags.crwdcntrl.net — Cisco Umbrella Rank: 1160
bcp.crwdcntrl.net — Cisco Umbrella Rank: 818
10 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 107
203 B
2 cloudfront.net
d3lcz8vpax4lo2.cloudfront.net
df80k0z3fi8zg.cloudfront.net
139 KB
2 gstatic.com
fonts.gstatic.com
60 KB
2 rlcdn.com
api.rlcdn.com — Cisco Umbrella Rank: 825
372 B
2 readymoon.com
readymoon.com
55 KB
1 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 375
922 B
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 343
13 KB
1 brand-display.com
dmp.brand-display.com — Cisco Umbrella Rank: 1679
349 B
1 adotmob.com
sync.adotmob.com — Cisco Umbrella Rank: 1415
300 B
1 mathtag.com
sync.mathtag.com — Cisco Umbrella Rank: 462
661 B
1 turn.com
ad.turn.com — Cisco Umbrella Rank: 766
425 B
1 dotomi.com
casale-match.dotomi.com — Cisco Umbrella Rank: 2662
182 B
1 aralego.com
sync.aralego.com — Cisco Umbrella Rank: 2910
413 B
1 brealtime.com
biddr.brealtime.com — Cisco Umbrella Rank: 3113
1 KB
1 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 599
277 B
1 blau.de
portal.blau.de — Cisco Umbrella Rank: 133640
632 B
1 uidapi.com
prod.uidapi.com — Cisco Umbrella Rank: 3897
5 KB
1 creativecdn.com
invstatic101.creativecdn.com — Cisco Umbrella Rank: 6602
2 KB
1 sharedid.org
id.sharedid.org — Cisco Umbrella Rank: 3439
904 B
1 criteo.net
static.criteo.net — Cisco Umbrella Rank: 680
13 KB
1 openxcdn.net
oa.openxcdn.net — Cisco Umbrella Rank: 3591
8 KB
1 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 1501
612 B
1 emxdgt.com
hb.emxdgt.com — Cisco Umbrella Rank: 2629
158 B
1 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 924
276 B
1 jwplatform.com
content.jwplatform.com — Cisco Umbrella Rank: 3728
42 KB
454 83
Domain Requested by
37 pagead2.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
bearinsider.com
pagead2.googlesyndication.com
s0.2mdn.net
www.googletagservices.com
24 s0.2mdn.net bearinsider.com
s0.2mdn.net
21 tpc.googlesyndication.com securepubads.g.doubleclick.net
tpc.googlesyndication.com
4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
bearinsider.com
s0.2mdn.net
20 gsm-widgets.betstream.betgenius.com ssl.connextra.com
gsm-widgets.betstream.betgenius.com
19 f5s008media.blob.core.windows.net bearinsider.com
f5s-cdn.azureedge.net
18 cm.g.doubleclick.net 12 redirects googleads.g.doubleclick.net
17 c.bannerflow.net s0.2mdn.net
c.bannerflow.net
14 dsum-sec.casalemedia.com 3 redirects googleads.g.doubleclick.net
ssum-sec.casalemedia.com
12 ib.adnxs.com 4 redirects bearinsider.com
df80k0z3fi8zg.cloudfront.net
googleads.g.doubleclick.net
acdn.adnxs.com
10 f5s-cdn.azureedge.net bearinsider.com
9 googleads4.g.doubleclick.net bearinsider.com
9 f5s.blob.core.windows.net f5s-cdn.azureedge.net
bearinsider.com
9 securepubads.g.doubleclick.net www.googletagservices.com
securepubads.g.doubleclick.net
bearinsider.com
9 bearinsider.com bearinsider.com
ajax.googleapis.com
8 x.bidswitch.net 8 redirects
8 googleads.g.doubleclick.net 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
bearinsider.com
6 ssl.connextra.com bearinsider.com
ssl.connextra.com
6 www.google.com tpc.googlesyndication.com
4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
6 ex.ingage.tech 1 redirects df80k0z3fi8zg.cloudfront.net
ssum-sec.casalemedia.com
6 match.adsrvr.org js-sec.indexww.com
df80k0z3fi8zg.cloudfront.net
ssum-sec.casalemedia.com
6 www.googletagservices.com bearinsider.com
4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
5 s.amazon-adsystem.com 3 redirects ssum-sec.casalemedia.com
5 dsum.casalemedia.com 1 redirects ssum-sec.casalemedia.com
5 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com securepubads.g.doubleclick.net
cdn.confiant-integrations.net
5 ssc.33across.com bearinsider.com
df80k0z3fi8zg.cloudfront.net
5 ads.servenobid.com bearinsider.com
5 c2shb.ssp.yahoo.com bearinsider.com
5 btlr.sharethrough.com bearinsider.com
4 static.instiengage.com
4 token.rubiconproject.com 4 redirects
4 pixel.rubiconproject.com 2 redirects
4 eus.rubiconproject.com df80k0z3fi8zg.cloudfront.net
eus.rubiconproject.com
ex.ingage.tech
4 dt.adsafeprotected.com 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
4 sync.search.spotxchange.com 3 redirects googleads.g.doubleclick.net
4 protected-by.clarium.io 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
4 event.insticator.com d3lcz8vpax4lo2.cloudfront.net
4 lumpylumber.com readymoon.com
4 hbopenbid.pubmatic.com bearinsider.com
df80k0z3fi8zg.cloudfront.net
4 htlb.casalemedia.com bearinsider.com
df80k0z3fi8zg.cloudfront.net
4 fastlane.rubiconproject.com bearinsider.com
df80k0z3fi8zg.cloudfront.net
4 static.adsafeprotected.com readymoon.com
4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
4 connect.facebook.net bearinsider.com
connect.facebook.net
4 fonts.googleapis.com bearinsider.com
3 aax-eu.amazon-adsystem.com 2 redirects
3 ssum-sec.casalemedia.com df80k0z3fi8zg.cloudfront.net
js-sec.indexww.com
ssum-sec.casalemedia.com
3 sync.1rx.io 3 redirects
3 www.google-analytics.com gsm-widgets.betstream.betgenius.com
bearinsider.com
www.google-analytics.com
3 didna-d.openx.net bearinsider.com
3 ads.resetsrv.com bearinsider.com
3 prebid.media.net bearinsider.com
3 ads.pubmatic.com storage.googleapis.com
df80k0z3fi8zg.cloudfront.net
3 cdn.confiant-integrations.net storage.googleapis.com
cdn.confiant-integrations.net
d3lcz8vpax4lo2.cloudfront.net
3 ajax.googleapis.com bearinsider.com
3 js.authorize.net bearinsider.com
js.authorize.net
2 bam.nr-data.net gsm-widgets.betstream.betgenius.com
2 sync-tm.everesttech.net 2 redirects
2 ads.creative-serving.com 2 redirects
2 b1sync.zemanta.com 2 redirects
2 pixel-sync.sitescout.com ssum-sec.casalemedia.com
2 pr-bh.ybp.yahoo.com 1 redirects ssum-sec.casalemedia.com
2 ads.betweendigital.com 2 redirects
2 u.openx.net df80k0z3fi8zg.cloudfront.net
2 pm.w55c.net 2 redirects
2 cs.media.net
2 a.sportradarserving.com 2 redirects
2 upload.wikimedia.org gsm-widgets.betstream.betgenius.com
2 acdn.adnxs.com gsm-widgets.betstream.betgenius.com
df80k0z3fi8zg.cloudfront.net
2 fw.adsafeprotected.com 1 redirects bearinsider.com
2 ups.analytics.yahoo.com 2 redirects
2 sync.teads.tv googleads.g.doubleclick.net
2 us-u.openx.net googleads.g.doubleclick.net
2 esp.rtbhouse.com invstatic101.creativecdn.com
2 gum.criteo.com 1 redirects static.criteo.net
2 oajs.openx.net 1 redirects
2 id5-sync.com cdn.id5-sync.com
df80k0z3fi8zg.cloudfront.net
2 adservice.google.com securepubads.g.doubleclick.net
2 adservice.google.de securepubads.g.doubleclick.net
2 signal-segments.s-onetag.com get.s-onetag.com
2 onetag-geo.s-onetag.com get.s-onetag.com
signal-beacon.s-onetag.com
2 insticator.technoratimedia.com df80k0z3fi8zg.cloudfront.net
2 auth.instiengage.com d3lcz8vpax4lo2.cloudfront.net
auth.instiengage.com
2 www.facebook.com bearinsider.com
2 platform.twitter.com f5s-cdn.azureedge.net
platform.twitter.com
2 fonts.gstatic.com fonts.googleapis.com
2 api.rlcdn.com js-sec.indexww.com
df80k0z3fi8zg.cloudfront.net
2 stats.g.doubleclick.net bearinsider.com
www.google-analytics.com
2 js-sec.indexww.com storage.googleapis.com
df80k0z3fi8zg.cloudfront.net
2 readymoon.com f5s-cdn.azureedge.net
2 www.instagram.com 1 redirects bearinsider.com
2 ssl.google-analytics.com 1 redirects bearinsider.com
2 storage.googleapis.com bearinsider.com
storage.googleapis.com
1 www.google.de
1 cms.instiengage.com product.instiengage.com
1 geoip.instiengage.com product.instiengage.com
1 product.instiengage.com d3lcz8vpax4lo2.cloudfront.net
1 pixel-us-east.rubiconproject.com eus.rubiconproject.com
1 px.ads.linkedin.com
1 secure-assets.rubiconproject.com 1 redirects
1 js-agent.newrelic.com gsm-widgets.betstream.betgenius.com
1 cdn.indexww.com ssum-sec.casalemedia.com
1 dmp.brand-display.com 1 redirects
1 sync.adotmob.com 1 redirects
1 sync.mathtag.com 1 redirects
1 ad.turn.com 1 redirects
1 secure.adnxs.com 1 redirects
1 casale-match.dotomi.com 1 redirects
1 image6.pubmatic.com ads.pubmatic.com
1 sync.aralego.com df80k0z3fi8zg.cloudfront.net
1 ssc-cms.33across.com df80k0z3fi8zg.cloudfront.net
1 ad-cdn.technoratimedia.com df80k0z3fi8zg.cloudfront.net
1 biddr.brealtime.com df80k0z3fi8zg.cloudfront.net
1 contextual.media.net
1 dis.criteo.com
1 ap.lijit.com
1 image8.pubmatic.com
1 us.connextra.com gsm-widgets.betstream.betgenius.com
1 portal.blau.de
1 google-bidout-d.openx.net oa.openxcdn.net
1 mug.criteo.com
1 bcp.crwdcntrl.net tags.crwdcntrl.net
1 prod.uidapi.com securepubads.g.doubleclick.net
1 tags.crwdcntrl.net securepubads.g.doubleclick.net
1 invstatic101.creativecdn.com securepubads.g.doubleclick.net
1 cdn.id5-sync.com securepubads.g.doubleclick.net
1 id.sharedid.org securepubads.g.doubleclick.net
1 static.criteo.net securepubads.g.doubleclick.net
1 oa.openxcdn.net securepubads.g.doubleclick.net
1 signal-beacon.s-onetag.com get.s-onetag.com
1 apex.go.sonobi.com df80k0z3fi8zg.cloudfront.net
1 hb.emxdgt.com df80k0z3fi8zg.cloudfront.net
1 prebid.a-mo.net df80k0z3fi8zg.cloudfront.net
1 insticator-d.openx.net df80k0z3fi8zg.cloudfront.net
1 get.s-onetag.com d3lcz8vpax4lo2.cloudfront.net
1 df80k0z3fi8zg.cloudfront.net d3lcz8vpax4lo2.cloudfront.net
1 geoip.insticator.com d3lcz8vpax4lo2.cloudfront.net
1 syndication.twitter.com platform.twitter.com
1 as-sec.casalemedia.com js-sec.indexww.com
1 d3lcz8vpax4lo2.cloudfront.net bearinsider.com
1 platform.instagram.com 1 redirects
1 content.jwplatform.com bearinsider.com
454 140

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.facebook.com
www.instagram.com
calegends.com
f5sports.com
Subject Issuer Validity Valid
bearinsider.com
Go Daddy Secure Certificate Authority - G2
2022-08-15 -
2023-08-29
a year crt.sh
upload.video.google.com
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
jwplayer.com
Amazon
2021-12-29 -
2023-01-25
a year crt.sh
js.authorize.net
Cloudflare Inc ECC CA-3
2022-07-08 -
2023-07-08
a year crt.sh
*.blob.core.windows.net
Microsoft RSA TLS CA 01
2022-09-25 -
2023-09-25
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2022-07-30 -
2022-10-28
3 months crt.sh
storage.googleapis.com
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
*.azureedge.net
Microsoft Azure TLS Issuing CA 02
2022-08-03 -
2023-07-29
a year crt.sh
readymoon.com
R3
2022-08-27 -
2022-11-25
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-10-06 -
2023-10-05
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2022-03-31 -
2023-05-02
a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2022-02-03 -
2023-02-25
a year crt.sh
*.gstatic.com
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
*.cloudfront.net
Amazon
2022-02-01 -
2023-01-31
a year crt.sh
static.adsafeprotected.com
Amazon
2022-08-06 -
2023-09-04
a year crt.sh
platform.twitter.com
DigiCert TLS RSA SHA256 2020 CA1
2022-07-21 -
2023-08-21
a year crt.sh
*.confiant-integrations.net
E1
2022-09-26 -
2022-12-25
3 months crt.sh
*.pubmatic.com
DigiCert SHA2 Secure Server CA
2022-02-04 -
2023-02-03
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2022-03-08 -
2023-04-04
a year crt.sh
*.media.net
Sectigo RSA Domain Validation Secure Server CA
2022-04-06 -
2023-05-04
a year crt.sh
*.sharethrough.com
Amazon
2022-07-14 -
2023-08-12
a year crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2022-08-02 -
2023-01-25
6 months crt.sh
ads.servenobid.com
Amazon
2022-05-29 -
2023-06-27
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2022-02-11 -
2023-03-14
a year crt.sh
resetsrv.com
E1
2022-10-18 -
2023-01-16
3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018
2022-07-21 -
2023-08-21
a year crt.sh
ssc.33across.com
GTS CA 1D4
2022-09-14 -
2022-12-13
3 months crt.sh
syndication.twitter.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-03-07 -
2023-03-06
a year crt.sh
lumpylumber.com
R3
2022-08-24 -
2022-11-22
3 months crt.sh
*.insticator.com
Sectigo RSA Organization Validation Secure Server CA
2022-07-27 -
2023-08-26
a year crt.sh
*.s-onetag.com
Amazon
2022-01-04 -
2023-02-01
a year crt.sh
*.instiengage.com
Sectigo RSA Organization Validation Secure Server CA
2022-05-24 -
2023-05-24
a year crt.sh
*.technoratimedia.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-09-15 -
2023-09-15
a year crt.sh
*.ingage.tech
Sectigo RSA Organization Validation Secure Server CA
2022-07-13 -
2023-08-11
a year crt.sh
*.a-mo.net
R3
2022-09-05 -
2022-12-04
3 months crt.sh
*.emxdgt.com
Amazon
2022-06-02 -
2023-07-01
a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2
2021-12-08 -
2023-01-09
a year crt.sh
*.google.de
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
*.google.com
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh
www.google.com
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
oa.openxcdn.net
GTS CA 1D4
2022-10-06 -
2023-01-04
3 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-09-01 -
2022-11-30
3 months crt.sh
id.sharedid.org
Amazon
2021-12-09 -
2023-01-06
a year crt.sh
invstatic101.creativecdn.com
R3
2022-07-29 -
2022-10-27
3 months crt.sh
*.crwdcntrl.net
Go Daddy Secure Certificate Authority - G2
2022-05-01 -
2023-06-02
a year crt.sh
*.uidapi.com
Amazon
2022-02-10 -
2023-03-11
a year crt.sh
*.id5-sync.com
R3
2022-08-18 -
2022-11-16
3 months crt.sh
protected-by.clarium.io
Gandi Standard SSL CA 2
2022-04-10 -
2023-04-26
a year crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-08-27 -
2022-11-22
3 months crt.sh
esp.rtbhouse.com
GTS CA 1D4
2022-09-26 -
2022-12-25
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2022-09-12 -
2022-12-05
3 months crt.sh
teads.tv
R3
2022-08-17 -
2022-11-15
3 months crt.sh
fw.adsafeprotected.com
Amazon
2022-04-28 -
2023-05-27
a year crt.sh
*.o2online.de
DigiCert TLS RSA SHA256 2020 CA1
2022-02-11 -
2023-03-08
a year crt.sh
*.connextra.com
DigiCert TLS RSA SHA256 2020 CA1
2022-05-26 -
2023-05-26
a year crt.sh
dt.adsafeprotected.com
Amazon
2021-11-19 -
2022-12-18
a year crt.sh
*.betstream.betgenius.com
DigiCert TLS RSA SHA256 2020 CA1
2022-08-15 -
2023-08-17
a year crt.sh
cdn.adnxs.com
GeoTrust TLS RSA CA G1
2022-03-11 -
2023-04-11
a year crt.sh
*.wikipedia.org
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2021-10-19 -
2022-11-17
a year crt.sh
*.lijit.com
Go Daddy Secure Certificate Authority - G2
2022-06-27 -
2023-06-05
a year crt.sh
*.brealtime.com
Go Daddy Secure Certificate Authority - G2
2022-01-21 -
2023-02-22
a year crt.sh
*.33across.com
Sectigo RSA Domain Validation Secure Server CA
2022-09-06 -
2023-09-30
a year crt.sh
*.aralego.com
Sectigo RSA Domain Validation Secure Server CA
2022-10-19 -
2023-11-19
a year crt.sh
*.ybp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2022-06-14 -
2022-12-07
6 months crt.sh
*.sitescout.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
2021-12-15 -
2023-01-15
a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2022 Q2
2022-07-10 -
2023-08-11
a year crt.sh
*.nr-data.net
DigiCert TLS RSA SHA256 2020 CA1
2022-01-10 -
2023-02-10
a year crt.sh
www.google.de
GTS CA 1C3
2022-09-26 -
2022-12-19
3 months crt.sh

This page contains 52 frames:

Primary Page: https://bearinsider.com/
Frame ID: 4C5A2672F768FD7C1ED337FED26BCA43
Requests: 175 HTTP requests in this frame

Frame: https://bearinsider.com/modules/sportsblock
Frame ID: 5F03C75779A54638D571A7290600CED3
Requests: 15 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fbearinsider.com
Frame ID: 9A8BF187FFB75CEA2C9C9E290E01757B
Requests: 2 HTTP requests in this frame

Frame: https://auth.instiengage.com/auth/index.html
Frame ID: 2FFDF90D1AAA8F0D35D449CDBDAA6A17
Requests: 2 HTTP requests in this frame

Frame: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: BAC5AFBC03EC44A9A74DBD0B21F05905
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: F0B4395811DE692FDAF1D3D0DF204660
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1D083F02F669C59EB368C1DA9EB0FD3C
Requests: 2 HTTP requests in this frame

Frame: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A9BAFF722CE832E4C81419FCEB430A39
Requests: 16 HTTP requests in this frame

Frame: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2F88F801DE4F4CF40F0A12896D790326
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPXmGRCTqoQCGPDzudMBMAE&v=APEucNUxgfRi7_GOb1bfaJlBIhcmh9oaYmvpzGsnA5Ichky4sq-DR4z9PvGuvauX9IzhV_lOrdQwxrb-59Au-7yGzAq4ZEbrZYsTXYnnxA-0WB9KbithNlSnlFeGpExBzrEIigHWJH_kfIEp1A5Ptg_HJy-7IYI1XNnHAawjswOItw3P1CFm6Ks
Frame ID: 7C0A6C4AE8F99E08630B8A0173E01FE7
Requests: 5 HTTP requests in this frame

Frame: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8F17ACA8BAB0C7A03239C413186EC3CF
Requests: 15 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=bearinsider.com
Frame ID: E65A6C6E9DEC5065FC59A07BFEC9FCFF
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjCz-fJATAB&v=APEucNWCYTb8tATOKTFkhjkD8I0NnqUnhTDRRtZlMgaTv_v8xYaJ9KPa_ZIurTkMUyRl4qou_UkTxCuG9b8Lrnt1pwNver8DSOuSTSd2FYnOsU4zZlQQxXpJIDG7wHdaP69nPQGAVS931zj-EyEOe507Ejr2F64HojgCofk8POET8M3aT37i3Pg
Frame ID: DC235D0A18412CF1C43A36DF067D5557
Requests: 5 HTTP requests in this frame

Frame: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 55FE62CBAF72E99F492CC2F7B9CD054E
Requests: 29 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQlL6EARi54tjQATAB&v=APEucNVPkQR7PZ2aifXxLrQUu9fC9mpG-3pBoijqvZVNS_0GKpmygRGXg8OsHoLwYksHo88WxhWgsxyK4NaspxGj3bSjSskk5HcXr7PPvU-h9GkMYvKoD4-XzDrOFlvLczdtt1Zt7txPdGYr4a0IAP-gIxgxk7NwN9gLRBcNs6cFEpZnT3Ghe5o
Frame ID: B4E351B2DF2C3D0CB7CF239D590A8E5B
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOHQmqMDGLW5kdQBMAE&v=APEucNUHfWCSYkbHGju5PtYuKnaE6VfDv2qhApZR4Wy15Q1Ht6n8VIluOlfd_79d7eEDx68fr1vWLxxM4paXIGBq2q-_6RrWDItXiZqgJi_zsN4uwklfhYRz58PfyUGjb6YKqxnOC8ITUJO91zjP4DXc8PslhGqYXl68mdn6G7D1DWsgJK8TSGA
Frame ID: 7962FD303DC5C70C52FC71572A6D8110
Requests: 4 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16633326591040028672/WHRGermany-Deutsch-728x90-637987462014180196-72a168c9-377a-4ca1-a46a-2db3f8c0b239.html
Frame ID: B3362F8851E80314F108840DDF29D4F0
Requests: 11 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: 85EE79043E6D7B897FC0F6F018D6E58D
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/1263487268815896576/728x090.html?e=69&leftOffset=0&topOffset=0&c=gzrokCslzm&t=1&renderingType=2&ev=01_247
Frame ID: 698C4123E23CF8A0BA65A691CCAAD3E2
Requests: 10 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/14773911925729263616/index.html?e=69&leftOffset=0&topOffset=0&c=LO0Xe9EFxI&t=1&renderingType=2&ev=01_247
Frame ID: BD4A9CE0089EAE2FCBAB3C155D359B08
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F4E63FDB3189088313D8600E102BE43F
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FC4F65882FE3F3F83CE4F31FC4C73173
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8B0E37585F39B0875C5DC0A2C2D3244D
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
Frame ID: 014893A0A452DFA991B866244E0B077F
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BB940D658A8446279454F99DAF15C4E5
Requests: 3 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstffQzcExhasCuuBYDqLSNveREMIqEGPFwG42DlrsmAVm--cm4jXyKMe_dpqlxEOqSWAtt9zBt9Ph_pIsEk4nG0kiiMx89L5iFDSZMF99oC575-ibPhrCxPrh-q2FZu7Pe-MFUWvEOCNAmb1e0U5GmICSo0hn9f0tQqb57uRaisCFvo3129PjjLhmoGqW-DsFPtwutYgJIF2uaW0h_nGPjMVt7TTkow2rmrbYPlYLjf8M-CAHDNlgFwAmBgt02k_wArwZcwziYTxgDV7WMIBPcGh180N80BmrpZfjazQ8ARbeVjwazCG3dJtLSpjM8DUBcVJKa7EE0sdFRjg-3hFAckVgx7InLr1_TINE-N0F7t5m5N_pwFDbHcewDQ63_g-m2jqk8Y-pb1Bw&sai=AMfl-YQUjhySZFbCkbpC3rRgn3CrcPKjf2LR7Tiq4SCJ-xAGl9hZs36tycVt5EipoBRv5GOsI0HBpmgk34XmUKvyWim_jYyJsQ0I1OXie5AEjWkWFOYmgPrFCalt9q_2IBO44A&sig=Cg0ArKJSzBqVPRbY_QzWEAE&uach_m=[UACH]&urlfix=1&adurl=
Frame ID: 8735F22FF5B5AF721E8EC4F530FB8976
Requests: 5 HTTP requests in this frame

Frame: https://ssl.connextra.com/DiDNAGroup/selector/client?client=DiDNAGroup&placement=didna_didna_300x250_placement5
Frame ID: 2CD48C21FFC673EBF955F9610F321D3B
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 72F7E3FC42A8B67FF75010F508AC9514
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
Frame ID: F0E383C3B7C6BD3C81ABC0576C614326
Requests: 1 HTTP requests in this frame

Frame: https://ssl.connextra.com/servlet/controller?service=DiDNA_predictedscorewidget_300x250_widget&pubhost=bearinsider.com&client=DiDNAGroup&placement=didna_didna_300x250_placement5
Frame ID: A91908F0498527C942193AEEDD67D52E
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
Frame ID: 2B57B60D0E9B00DCABE2EF6171FC68E2
Requests: 1 HTTP requests in this frame

Frame: blob://https://s0.2mdn.net/f207b8d3-84cf-4762-b36f-835422fd5e4e
Frame ID: 66D60645AE78D76F9551E21F6181F0FE
Requests: 1 HTTP requests in this frame

Frame: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Frame ID: C6E39800EBB5342CEAF880049E18C4E7
Requests: 28 HTTP requests in this frame

Frame: https://c.bannerflow.net/accounts/wyndham/5ca76276e534b182c4576ce4/images/c13bd3f7-a76f-4588-9375-31c27e179bb1.svg
Frame ID: CEE8A38570DB93A1E62A7C3663BAA376
Requests: 2 HTTP requests in this frame

Frame: https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fwyndham%2F5ca76276e534b182c4576ce4%2Fimages%2F682f24a3-ac1d-4c30-b264-5c37a0aebf15.jpg&w=250&h=250&q=90&f=webp&rt=contain
Frame ID: FEB79BD98D6F371F46DC7D0BF4B80A3A
Requests: 2 HTTP requests in this frame

Frame: https://c.bannerflow.net/misc/libs/gsap/3.5.1/gsap.min.js
Frame ID: AB0AD7D814F754416329767E8DC0B12F
Requests: 4 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=95054
Frame ID: B48F18CEBCEAEBFDC5BFC7056F428651
Requests: 2 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: 43FBCE4F0E65203C61C197A595F8CCC2
Requests: 1 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 562BAF0C2F7090DD10FCCFC12A179478
Requests: 1 HTTP requests in this frame

Frame: https://biddr.brealtime.com/check.html
Frame ID: 40C4FACF746BB4C1212F5D8AD9BA0087
Requests: 1 HTTP requests in this frame

Frame: https://ad-cdn.technoratimedia.com/html/usersync.html?src=prebid_prebid_6.29.0
Frame ID: F1D87047FED3743C4AA976C5D39102F6
Requests: 1 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D
Frame ID: A7D7B3EC0EFF7596648A4648AFCD50B0
Requests: 10 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=95054&userIdMacro=PM_UID&gdpr=0&predirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fpubmatic%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3DPM_UID
Frame ID: 7D25CDC7BAED69B3DD9242E91E7779FD
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1042139016
Frame ID: 4F705CBF9379F018113E1F6D00BE3827
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 91614CEA2FA71C2380CAE84BAC8D7F16
Requests: 3 HTTP requests in this frame

Frame: https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=atx4xsU7Or6R0PaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 70948403A1E2DB342E79B8A3DB200CA4
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: B4509CB5BF2EEFBA0F98CAED0D389ACD
Requests: 10 HTTP requests in this frame

Frame: https://sync.aralego.com/idSync/?ucf_nid=par-BE7E7ADB8D34EE2BF7BBD2899BB62A77&gdpr=0&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fucfunnel%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3DUCFUID
Frame ID: 16191E91DA29D8BDF8DDB4DD66788CA1
Requests: 1 HTTP requests in this frame

Frame: https://ex.ingage.tech/v1/sync/betweenx/cf0709de-10b7-424e-9eb2-e10859bca5eb?uid=10b4d290-5fd7-5226-997d-2ee7fa2cc9ec
Frame ID: 70622E192FFCE5F6D4077B80A7ADA178
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Frame ID: CB09399CD92F185FD3DFC910092670AA
Requests: 4 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fbearinsider.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Frame ID: 198F01F5EFAAD37933F34D44E45D5DDD
Requests: 10 HTTP requests in this frame

Frame: https://product.instiengage.com/ceu-code/01dbf856-b67a-4088-bd82-73445d4ab183.js
Frame ID: FCA4FB196944F2A3FB486454EA31914E
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

Bear Insider - Cal Football, Recruiting, News & Forums

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • googletagservices\.com/tag/js/gpt(?:_mobile)?\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • /prebid\.js
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js

Overall confidence: 10%
Detected patterns
  • basket.*\.js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Page Statistics

454
Requests

90 %
HTTPS

34 %
IPv6

83
Domains

140
Subdomains

113
IPs

11
Countries

6559 kB
Transfer

16506 kB
Size

83
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16
  • https://platform.instagram.com/en_US/embeds.js HTTP 301
  • https://www.instagram.com/embed.js HTTP 302
  • https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js
Request Chain 31
  • https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=255241635&utmhn=bearinsider.com&utme=8(Subscription*Template)9(none*desktop)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Bear%20Insider%20-%20Cal%20Football%2C%20Recruiting%2C%20News%20%26%20Forums&utmhid=412033631&utmr=-&utmp=%2F&utmht=1666311942737&utmac=UA-46427436-1&utmcc=__utma%3D124379541.1222672303.1666311943.1666311943.1666311943.1%3B%2B__utmz%3D124379541.1666311943.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1178579764&utmredir=1&utmu=qxAAAAAAAAAAAAAAAAAAAAAE~ HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-46427436-1&cid=1222672303.1666311943&jid=1178579764&_v=5.7.2&z=255241635
Request Chain 193
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fbearinsider.com%2F&rid=esp HTTP 302
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fbearinsider.com%2F&rid=esp&cc=1
Request Chain 204
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
Request Chain 205
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y1HnCearnhTxNBDTDKoqQAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
Request Chain 206
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEB6muakVyB-iyH5ZxynKyWg&google_cver=1
Request Chain 207
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3OTE1MjEwMTc4Mjc5MjEzMw%3D%3D
Request Chain 221
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
Request Chain 222
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y1HnCearnhTxNBDTDKoqQAAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
Request Chain 223
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEB6muakVyB-iyH5ZxynKyWg&google_cver=1
Request Chain 224
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3OTE1MjEwMTc4Mjc5MjEzMw%3D%3D
Request Chain 228
  • https://gum.criteo.com/sid/json?origin=publishertagids&domain=bearinsider.com&sn=ChromeSyncframe&so=0&topUrl=bearinsider.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
  • https://mug.criteo.com/sid?cpp=9bCOY3x6U0VLN1J1bFFLWm13NzlXQk85bSt3QUc4Vis3Z0JNazJXRWF0Y1Npc2xmczdScmF4QkVpaHVpMGJnMnFIazJ0NU9ISmFaSU5FRWtqOUZqeUorV3Z3a0YvdzVBTDhUaDBBeGRxY3h5SElHc1E0VEFFQngwOGVYWThUVnFIWDYzeC90cGVxaEFJajNvSGMzbWFvVzMzdUpmajE0TlorNXhkOEs2WlhSQm5pL0NYSkh1OEtBb0VyLzQvM1pxK2ZMaTgrcm01SGJWaEFleGJ1YVNiU1lCdXEyWmNxVnNaMHF1bWJRWDd2b3ljSGtocXV2T2ZrZFR0MEFZSjNUNkhoUEJ5akNSaU9vUzZENkJyYm4xdE84THY4T2EraUQ5N0FJSXdNbk5ZeFFWYk9RND18&cppv=2
Request Chain 239
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBvbgsylu3gBjzuIoutAQ6U&google_cver=1
Request Chain 241
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
  • https://sync.teads.tv/um?eid=3&uid=CAESEFTqWDngn-GNV9GH8uVbD9Q&google_cver=1
Request Chain 249
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGwEWeROiZAOZFFgRe0QE1Q&google_cver=1 HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGwEWeROiZAOZFFgRe0QE1Q&google_cver=1&__user_check__=1&sync_id=e773ccfe-50d6-11ed-8fdd-1984e64b0206
Request Chain 250
  • https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
  • https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=e773641b-50d6-11ed-b8cc-14604df00106 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZTc3M2NjY2EtNTBkNi0xMWVkLThmZGQtMTk4NGU2NGIwMjA2
Request Chain 251
  • https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1XSkRwNDVGRTJ1SFNlMWNQd3J5SDYubnpfMm1HVGR1aX5B
Request Chain 309
  • https://fw.adsafeprotected.com/rfw/st/1190398/65997902/4.js?adContainerId=brand_safety_CedRY-n_GdqY-gajyrfACg&cbFunctionName=goog_wrapCb_CedRY-n_GdqY-gajyrfACg&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fbearinsider.com&adsafe_type=y&adsafe_url=https%3A%2F%2Fbearinsider.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:c613b7f3-da12-4b71-2587-35252b664e8a,c:rDku6D,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-5b58464db-w287t,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,scm:publ1,mtim:4,mot:0,app:0,maw:0,fm:tkQX6Sr+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b1%7C1b2%7C1b31%7C1c1%7C1c2%7C1c3%7C1d1%7C1d2%7C1d3%7C1e%7C1f*.1190398-65997902%7C1f1%7C1f2%7C1f3%7C1g%7C1h1,idMap:1f*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:20,oid:e794df67-50d6-11ed-b8de-9e4dfd85c625,v:19.8.358,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
  • https://static.adsafeprotected.com/4a.js
Request Chain 380
  • https://dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=360071&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
  • https://x.bidswitch.net/sync?ssp=index HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=index HTTP 302
  • https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=index HTTP 302
  • https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=index HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=284e106f-59c8-410c-afa3-e774aeeb658b&ssp=index HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c355bcde-6eff-4a3f-92dd-5b40e7d86203
Request Chain 381
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1666311947549 HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7679276743
Request Chain 384
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_ HTTP 302
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_ HTTP 302
  • https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=Uc6qo5l21OLFR95
Request Chain 386
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26cbimg%3D10141%26uid%3D%24UID HTTP 302
  • https://ads.servenobid.com/sync?pid=312&cbimg=10141&uid=2379152101782792133
Request Chain 389
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&gdpr_pd=1 HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&gdpr_pd=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=medianet&bsw_param=c355bcde-6eff-4a3f-92dd-5b40e7d86203&google_hm=YzM1NWJjZGUtNmVmZi00YTNmLTkyZGQtNWI0MGU3ZDg2MjAz HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEMwuSxC7pY9Qs1Q4c8iSMZA&google_cver=1&ssp=medianet&bsw_param=c355bcde-6eff-4a3f-92dd-5b40e7d86203 HTTP 302
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=c355bcde-6eff-4a3f-92dd-5b40e7d86203&gdpr=&gdpr_consent=&gdpr_pd=
Request Chain 390
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
  • https://ads.servenobid.com/sync?pid=312&uid=2379152101782792133
Request Chain 401
  • https://ex.ingage.tech/v1/syncPage/unruly?userId=cf0709de-10b7-424e-9eb2-e10859bca5eb&to=https%3A%2F%2Fsync.1rx.io%2Fusersync2%2Frmpssp%3Fsub%3Dinsticator HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=insticator HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1042139016
Request Chain 406
  • https://ads.betweendigital.com/match?bidder_id=43907&gdpr=0&callback_url=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fbetweenx%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D%24%7BUSER_ID%7D HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43907&gdpr=0&callback_url=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fbetweenx%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D%24%7BUSER_ID%7D&crf=1 HTTP 302
  • https://ex.ingage.tech/v1/sync/betweenx/cf0709de-10b7-424e-9eb2-e10859bca5eb?uid=10b4d290-5fd7-5226-997d-2ee7fa2cc9ec
Request Chain 411
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Y1HnCearnhTxNBDTDKoqQAAABIMAAAIB&gdpr_consent=&us_privacy=&gdpr= HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESENFxw8XCtaVZpEChNeeUefE&google_cver=1
Request Chain 412
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y1HnCearnhTxNBDTDKoqQAAABIMAAAIB HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y1HnCearnhTxNBDTDKoqQAAABIMAAAIB&dcc=t
Request Chain 416
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
Request Chain 417
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1666398347
Request Chain 418
  • https://x.bidswitch.net/sync?ssp=index HTTP 302
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=index&bsw_custom_parameter=c355bcde-6eff-4a3f-92dd-5b40e7d86203 HTTP 302
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=index&bsw_custom_parameter=c355bcde-6eff-4a3f-92dd-5b40e7d86203 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=9f0a503c-d695-4b46-867d-63940af4d265&ssp=index&expires=30&user_group=5&bsw_param=c355bcde-6eff-4a3f-92dd-5b40e7d86203 HTTP 302
  • https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c355bcde-6eff-4a3f-92dd-5b40e7d86203
Request Chain 423
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2379152101782792133
Request Chain 424
  • https://ad.turn.com/r/cs?pid=21 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7150417697092662624
Request Chain 425
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=851d6351-e70d-4d00-9b2d-68346ab854c9
Request Chain 426
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=Y1HnDAABh8ZSCwAW HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y1HnDAABh8ZSCwAW&_test=Y1HnDAABh8ZSCwAW
Request Chain 427
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=&gdpr_consent= HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
Request Chain 429
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d HTTP 302
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]
Request Chain 430
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e HTTP 302
  • https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=617b8c04-fbba-8703-d22d8ca4
Request Chain 433
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?endpoint=us-east&p=insticator HTTP 301
  • https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Request Chain 435
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=PsBT2xjLSrOKknCur1viWg&rk=usync-na HTTP 302
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=PsBT2xjLSrOKknCur1viWg
Request Chain 437
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=JRyEHX_hTbKmVSeyNmqdMQ&rk=usync-other HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=JRyEHX_hTbKmVSeyNmqdMQ
Request Chain 438
  • https://token.rubiconproject.com/token?pid=36584 HTTP 302
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L9HR3W9K-1G-6BCE
Request Chain 439
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlIUjNXOUstMUctNkJDRQ==
Request Chain 440
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/lOkZh9yak7U4v5CItoucQsn5EUdSAgOZEtemQ7w0kco?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=364683099468586370
Request Chain 441
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZDA1MTczNWI3MWFjNjgzZjczMTVjYjdiZWE0ODVmYTVhYWI5YmU1Yg
Request Chain 442
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELDIojQPqWkTGoVRWL8sYjU&google_cver=1

454 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
bearinsider.com/
72 KB
73 KB
Document
General
Full URL
https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.119.40.202 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
6a8ad0932b7721ed0487d2d7004739949a65b7796321558409f6c6208e918666
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Fri, 21 Oct 2022 00:25:40 GMT
Expires
-1
Pragma
no-cache
Server
Kestrel
Strict-Transport-Security
max-age=2592000
Transfer-Encoding
chunked
icon
fonts.googleapis.com/
569 B
869 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e2f2597386660b972fe84faa90af129a353e7e8f9990df6f3b14d0165468350f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 21 Oct 2022 00:25:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 21 Oct 2022 00:25:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 21 Oct 2022 00:25:40 GMT
Wja8ZAon.js
content.jwplatform.com/libraries/
118 KB
42 KB
Script
General
Full URL
https://content.jwplatform.com/libraries/Wja8ZAon.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:225e:3a00:1:a3fa:7cc0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
abd4c37f2e693b8e4e2e33ae084762fec7c210a17fb44126c4011becce302e11

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:24:03 GMT
content-encoding
gzip
via
1.1 ed7f977b6d983a16331e3fe3f4764e9a.cloudfront.net (CloudFront)
server
openresty
x-amz-cf-pop
FRA60-P4
age
97
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=180
content-length
42405
x-amz-cf-id
lpi08Q3SKQ9AC-ble-KV0Z4SMTwnR6eEjQRtC82ZcgigLzR-LunJew==
Accept.js
js.authorize.net/v1/
4 KB
2 KB
Script
General
Full URL
https://js.authorize.net/v1/Accept.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.18.17.243 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f4501c6e024ec5ecc8ec86d5a09b9e603e226ab83149c8f481708bffcbd3f8e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:40 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Fri, 13 Sep 2019 01:10:11 GMT
server
cloudflare
age
2816
etag
W/"bf6213fecf69d51:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=432000
cf-ray
75d5db7e0af76913-FRA
expires
Wed, 26 Oct 2022 00:25:40 GMT
0031838-bnwu-240x135.jpg
f5s008media.blob.core.windows.net/photos/
32 KB
33 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/photos/0031838-bnwu-240x135.jpg
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
74386ff7caebd4dae157769f5a71c8109bc7f28d436ac0d8d621ab97002786c1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:40 GMT
Last-Modified
Tue, 11 Oct 2022 23:58:02 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
WMjpt1qEVThlLFzAUzdr4Q==
ETag
"0x8DAABE46EB09742"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
6887030e-a01e-0040-36e3-e4aaa3000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
33097
x-ms-lease-state
available
0027125-vtfs-240x135.jpg
f5s008media.blob.core.windows.net/photos/
15 KB
16 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/photos/0027125-vtfs-240x135.jpg
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
534dd5fa0bf5011564bc58d17509b66bc0ca4f67065b9d3217290d2182674cfd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:41 GMT
Last-Modified
Tue, 21 Aug 2018 02:26:50 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
Do7U7lEFz74EEBx2P3RgZQ==
ETag
"0x8D6070D8D2DF5A6"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
cee30b74-901e-004b-05e3-e451c8000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
15497
x-ms-lease-state
available
0030790-qewu-240x135.jpg
f5s008media.blob.core.windows.net/photos/
24 KB
25 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/photos/0030790-qewu-240x135.jpg
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
49c1c5dbbcc01db1e9b5908b2f88d3a0142f89c24e2f1e551f5cd953452872e6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:41 GMT
Last-Modified
Wed, 08 Sep 2021 03:58:38 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
xEaXhxpevqFhQYoiLiYVHA==
ETag
"0x8D9727CF0B75273"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
cee30bbd-901e-004b-45e3-e451c8000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
24610
x-ms-lease-state
available
0031825-vygb-240x135.jpg
f5s008media.blob.core.windows.net/photos/
29 KB
30 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/photos/0031825-vygb-240x135.jpg
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
f287503fb66ac07e6dacdd1e6782fe6d02c32f814961420a511290a218469c94

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:41 GMT
Last-Modified
Tue, 04 Oct 2022 21:15:31 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
4XHV2CKZzBo2U5thyed8Ag==
ETag
"0x8DAA64D91C7BA90"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
6887042d-a01e-0040-40e3-e4aaa3000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
29526
x-ms-lease-state
available
0031824-expb-240x135.jpg
f5s008media.blob.core.windows.net/photos/
38 KB
39 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/photos/0031824-expb-240x135.jpg
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
3e20a1bf78b9f941b88deeea294d8a953e9871afb8cc355fc9665df4ffbc5bc4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:41 GMT
Last-Modified
Sun, 02 Oct 2022 01:51:00 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
wutLTfLxq2BEGgrf7awiRQ==
ETag
"0x8DAA4188EC2AB06"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
688704a2-a01e-0040-32e3-e4aaa3000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
39078
x-ms-lease-state
available
0030675-yfvv-240x135.jpg
f5s008media.blob.core.windows.net/photos/
23 KB
24 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/photos/0030675-yfvv-240x135.jpg
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
8a6cebdc9be5a977e8916c76af183272272020ed02a63a35249c905fb16bf1ee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:41 GMT
Last-Modified
Sat, 31 Jul 2021 19:50:19 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
GogL8BMmtzJxWtodfz6DYQ==
ETag
"0x8D9545C6D309AEB"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
68870566-a01e-0040-67e3-e4aaa3000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
23698
x-ms-lease-state
available
AcceptCore.js
js.authorize.net/v1/
9 KB
3 KB
Script
General
Full URL
https://js.authorize.net/v1/AcceptCore.js
Requested by
Host: js.authorize.net
URL: https://js.authorize.net/v1/Accept.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.18.17.243 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79ec52f0ce86fb27c47d1f860ba62d34ad5fe6cd3778ee0952ac698f52096e81
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:42 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Tue, 10 Sep 2019 23:26:44 GMT
server
cloudflare
age
6430
etag
W/"092b352f68d51:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=432000
cf-ray
75d5db86dd236913-FRA
expires
Wed, 26 Oct 2022 00:25:42 GMT
AcceptCore.js
js.authorize.net/v1/
9 KB
3 KB
XHR
General
Full URL
https://js.authorize.net/v1/AcceptCore.js
Requested by
Host: js.authorize.net
URL: https://js.authorize.net/v1/Accept.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
104.18.17.243 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79ec52f0ce86fb27c47d1f860ba62d34ad5fe6cd3778ee0952ac698f52096e81
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:41 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
last-modified
Tue, 10 Sep 2019 23:26:44 GMT
server
cloudflare
etag
W/"092b352f68d51:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=432000
cf-ray
75d5db7e6c559196-FRA
expires
Wed, 26 Oct 2022 00:25:41 GMT
sdk.js
connect.facebook.net/en_US/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9e0d404128c22390d9e513e36d742a60e1b440d6b6d108caf16bd10d9c77306f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 21 Oct 2022 00:25:40 GMT
content-md5
GPPSawlCBKz4+ve8wZmlcw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1686
x-fb-rlafr
0
x-fb-debug
5ILW9fKFP1NmjSykhThqI92KYT2ZAwLmXo/Qc6T+ef8S+SDuwXab5ccNONaMbanxqEcWZt8dZJ7YLAfuBSGJ0Q==
x-fb-trip-id
686109401
x-fb-content-md5
7ee02302a0f56b073fda20227ce6b905
cross-origin-opener-policy
same-origin-allow-popups
etag
"20c55f80b1b4179fa2010d44bbb705ca"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 21 Oct 2022 00:26:05 GMT
sdk.js
connect.facebook.net/en_US/
300 KB
85 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=7399ca8e94af9e22a26f546e68ec58c7
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b7bd68cb79dcf03fe74b395a014cdc03ddcabd4d4a2552d24cc78f84d09ec155
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://bearinsider.com/
Origin
https://bearinsider.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 21 Oct 2022 00:25:42 GMT
content-md5
WrCOHYaUJTQrbxEzd9fD6w==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
86932
x-fb-rlafr
0
x-fb-debug
s2SlZIqTGdr3Qnnwwcebe124kOcgEZ+ybWXegcaWmHvYvf+E4pPs8/zv6nLnV2JsEb4Hn6hATOuneDL1gcHRlg==
x-fb-content-md5
11effeb0f2fa2baf7c002eadb9693f50
cross-origin-opener-policy
same-origin-allow-popups
etag
"78123bf8c20a75bc14d4ea8f9176e2e3"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 20 Oct 2023 22:00:57 GMT
didna_config.js
storage.googleapis.com/didna_hb/husker/bearinsider/
13 KB
14 KB
Script
General
Full URL
https://storage.googleapis.com/didna_hb/husker/bearinsider/didna_config.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
e67a0d2101516224e734c4da43409d31c2cafd062015f2cf4a72420b3da24789

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:42 GMT
x-guploader-uploadid
ADPycduWr7xSEyUtgE1PDG91HUSqas_BmTtgGZ8tGo3BzudTkInW7xdJRWTofLzNPZecmFq1AnnZctNYGoDNxWEWk_9BBA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
2
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13487
last-modified
Thu, 06 Oct 2022 00:10:05 GMT
server
UploadServer
etag
"1e59a182bb9fba01800c2492fa18e7b4"
x-goog-generation
1665015005634755
content-type
text/javascript
x-goog-hash
crc32c=PvC3IQ==, md5=HlmhgrufugGADCSS+hjntA==
cache-control
no-store
x-goog-stored-content-length
13487
accept-ranges
bytes
expires
Sat, 21 Oct 2023 00:25:42 GMT
gpt.js
www.googletagservices.com/tag/js/
79 KB
28 KB
Script
General
Full URL
https://www.googletagservices.com/tag/js/gpt.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a1c6ea99bde3bca538f4bbd1d799c21cb89c0a082b884400c3df69dbe7a20848
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27625
x-xss-protection
0
server
sffe
etag
"1370 / 19 of 1000 / last-modified: 1666303767"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 21 Oct 2022 00:25:42 GMT
ga.js
ssl.google-analytics.com/
45 KB
17 KB
Script
General
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 20 Oct 2022 23:51:05 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
2077
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17168
expires
Fri, 21 Oct 2022 01:51:05 GMT
ab12745d93c5.js
www.instagram.com/static/bundles/es6/EmbedSDK.js/
Redirect Chain
  • https://platform.instagram.com/en_US/embeds.js
  • https://www.instagram.com/embed.js
  • https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js
15 KB
5 KB
Script
General
Full URL
https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Server
2a03:2880:f21c:81e5:face:b00c:0:4420 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2a04fa46b4ebc4bb2c93126695f45b0acf711870e1f169bb95247592c28c24a8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 12 Oct 2022 22:57:09 GMT
content-encoding
br
etag
"ab12745d93c5"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
edge-control
max-age=1209600, no-transform
cache-control
public,max-age=31536000,immutable
cross-origin-resource-policy
cross-origin
content-length
4843
priority
u=3,i

Redirect headers

date
Fri, 21 Oct 2022 00:25:42 GMT
x-fb-trip-id
1679558926
x-ig-origin-region
cln
content-type
text/html; charset=utf-8
location
https://www.instagram.com/static/bundles/es6/EmbedSDK.js/ab12745d93c5.js
cache-control
max-age=21600
alt-svc
h3=":443"; ma=86400
content-length
0
desktop.min.css
f5s-cdn.azureedge.net/content/20221019.2/css/
864 KB
118 KB
Stylesheet
General
Full URL
https://f5s-cdn.azureedge.net/content/20221019.2/css/desktop.min.css
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
60a27160d65e2b27e63cfae136b04f562119e53b860bfee28e9cf7739bf74c45

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:40 GMT
content-encoding
br
last-modified
Wed, 19 Oct 2022 20:27:23 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
YAkVlKcRFoyeerYaw4RMlQ==
x-azure-ref-originshield
0xuVRYwAAAABOLEC/y66rRIbdWH+GKeaIQU1TMDRFREdFMTgyMgAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
etag
0x8DAB21054E37BCC
x-azure-ref
0BedRYwAAAAAAlsG4jMmrQ7KNRraOnX84QlJVMzBFREdFMDQxOAAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
x-cache
TCP_HIT
content-type
text/css
x-ms-request-id
1d7e06ce-501e-0037-2fc7-e4b830000000
x-ms-version
2009-09-19
f5s008.desktop.min.css
f5s-cdn.azureedge.net/content/20221019.2/css/
12 KB
3 KB
Stylesheet
General
Full URL
https://f5s-cdn.azureedge.net/content/20221019.2/css/f5s008.desktop.min.css
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
c1609235113bcc0ea2c532064ee52f039b75a48edb067ca110118e813a723a85

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:41 GMT
content-encoding
br
last-modified
Wed, 19 Oct 2022 20:27:24 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
TeCOmjXaTrqWiU79LcQMjQ==
x-azure-ref-originshield
0BedRYwAAAAAK2E2559ECRZJFwkFik0gGQU1TMDRFREdFMTkxNQAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
etag
0x8DAB21055050857
x-azure-ref
0BedRYwAAAAB7FdTz2ZZ8Q5WA486HEncKQlJVMzBFREdFMDQxOAAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
x-cache
TCP_MISS
content-type
text/css
x-ms-request-id
df2acda8-b01e-0062-11e3-e4a8bb000000
x-ms-version
2009-09-19
default-skin.min.css
bearinsider.com/css/photoswipe/default-skin/
8 KB
8 KB
Stylesheet
General
Full URL
https://bearinsider.com/css/photoswipe/default-skin/default-skin.min.css
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.119.40.202 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
ce6db59bd76100dae8b381fa5e669c3ff7b4db76ae11e1676157f95413f52f23
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 21 Oct 2022 00:25:40 GMT
Strict-Transport-Security
max-age=2592000
Last-Modified
Wed, 19 Oct 2022 20:17:23 GMT
Server
Kestrel
ETag
"1d8e3f7cc36d4b1"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7985
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.2.4/
84 KB
30 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 20:13:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
15115
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30028
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 20 Oct 2023 20:13:46 GMT
jquery-ui.min.js
ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/
248 KB
66 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Sun, 16 Oct 2022 16:07:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
375505
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67948
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 16 Oct 2023 16:07:16 GMT
f5s008.desktop.min.js
f5s-cdn.azureedge.net/content/20221019.2/js/
1 KB
991 B
Script
General
Full URL
https://f5s-cdn.azureedge.net/content/20221019.2/js/f5s008.desktop.min.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
c7cdc1c5656f5ccbacdf8c46fa7d970a08cd0dd8f126a30b36a755cce942886f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:41 GMT
content-encoding
br
last-modified
Wed, 19 Oct 2022 20:27:23 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
Rx2a6Punm/8bts9IZ/e27Q==
x-azure-ref-originshield
0BedRYwAAAAArmfA9z+LSSo1Yut7h9RudQU1TMDRFREdFMTkxMgAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
etag
0x8DAB21054BCE6F2
x-azure-ref
0BedRYwAAAADuZyN2gc32RKajCj/fMU8OQlJVMzBFREdFMDQxOAAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
x-cache
TCP_MISS
content-type
application/javascript
x-ms-request-id
c4bbde69-001e-0048-0be3-e477ab000000
x-ms-version
2009-09-19
fmthJxi26ay-VFHtt4L3K-DMC--T80uvCjbNKknJY2brdf2yu_wiQMvU6B3njKY3G74
readymoon.com/v2/0/
92 KB
28 KB
Script
General
Full URL
https://readymoon.com/v2/0/fmthJxi26ay-VFHtt4L3K-DMC--T80uvCjbNKknJY2brdf2yu_wiQMvU6B3njKY3G74
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/js/f5s008.desktop.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:328a::1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
218685548113942d02fe914a90711c9b02a9100e4f6215f7d244d7683c260066
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; preload
content-encoding
br
via
1.1 google
date
Fri, 21 Oct 2022 00:25:42 GMT
x-datacenter
gce-europe-west1
etag
"707be605f15ea3bb8cb71c933c93f318d994f43bea82bfb29eed210d9ea5a4a0"
x-buildname
hoothoot
vary
Accept-Encoding, Accept-Language
x-hostname
fen-hoothoot-europe-west1-spot-9csr
content-type
text/javascript; charset=utf-8
cache-control
private, must-revalidate, max-age=21600
x-buildnumber
661392823
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
desktop.min.js
f5s-cdn.azureedge.net/content/20221019.2/js/
743 KB
209 KB
Script
General
Full URL
https://f5s-cdn.azureedge.net/content/20221019.2/js/desktop.min.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
a68c9cd6dea7fb10cf7a8251b5bed5b29b1047c7431e1ff4def2421329f0a3ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:41 GMT
content-encoding
br
last-modified
Wed, 19 Oct 2022 20:27:24 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
t5lqL7j5dJklcnmJgEtisA==
x-azure-ref-originshield
0yOVRYwAAAADP8hjv5kTWTY5Y2KFz6GnCQU1TMDRFREdFMTgyMgAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
etag
0x8DAB21054EB90D9
x-azure-ref
0BudRYwAAAABreTr4APJDRrZnpmkXGUNEQlJVMzBFREdFMDQxOAAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
x-cache
TCP_HIT
content-type
application/javascript
x-ms-request-id
6288d59e-a01e-0033-27e2-e43537000000
x-ms-version
2009-09-19
knockout.min.js
f5s-cdn.azureedge.net/content/20221019.2/ko/
37 KB
10 KB
Script
General
Full URL
https://f5s-cdn.azureedge.net/content/20221019.2/ko/knockout.min.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
b46b861b465298f9360491e6b87e707af462dad73872c60e5ee90d4fda58b5c4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:42 GMT
content-encoding
br
last-modified
Wed, 19 Oct 2022 20:27:24 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
ksucuE093ISTb9mo+1qa/g==
x-azure-ref-originshield
0ZeJRYwAAAADMz3bkCgvARLkDcrBSyU9eQU1TMDRFREdFMTkyMAAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
etag
0x8DAB2105511D79D
x-azure-ref
0BudRYwAAAADhQGJiwuQBR61HrEj9CFyIQlJVMzBFREdFMDQxOAAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
x-cache
TCP_HIT
content-type
application/javascript
x-ms-request-id
75f17f98-001e-0058-5fe0-e4b2c3000000
x-ms-version
2009-09-19
ckeditor.js
bearinsider.com/js/ckeditor-4.8.0/
671 KB
671 KB
Script
General
Full URL
https://bearinsider.com/js/ckeditor-4.8.0/ckeditor.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.119.40.202 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
47cfc09a6ea16b0f1d8b24198ba3a023f5571ecb502b3b9321b8f2aa8ac64b90
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 21 Oct 2022 00:25:42 GMT
Strict-Transport-Security
max-age=2592000
Last-Modified
Wed, 19 Oct 2022 20:17:23 GMT
Server
Kestrel
ETag
"1d8e3f7cc3cb71a"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
687258
pubads_impl_2022101701.js
securepubads.g.doubleclick.net/gpt/
379 KB
128 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b4a419095aa8f87ac838a7c0f52fa682bc635aa4d1927b9c058d547fc67dd5ea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 22:37:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6492
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
130931
x-xss-protection
0
last-modified
Mon, 17 Oct 2022 08:34:36 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 20 Oct 2023 22:37:31 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
164 B
750 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=bearinsider.com
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d4fcc935af779b64ecec8cca08ba21b82fabfaec30b388d459eb4c0a537892f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
114
x-xss-protection
0
expires
Fri, 21 Oct 2022 00:25:42 GMT
186905-129106728116453.js
js-sec.indexww.com/ht/p/
37 KB
13 KB
Script
General
Full URL
https://js-sec.indexww.com/ht/p/186905-129106728116453.js
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/didna_hb/husker/bearinsider/didna_config.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.12.76 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6deb8763f8da9983dc3f1ab5d4376b37292dbd4b7fbd988713ac334a5904069

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 21 Oct 2022 00:01:48 GMT
server
cloudflare
age
1179
etag
W/"da462f-930b-5eb8025f47ad3"
vary
Accept-Encoding
content-type
text/javascript
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control
cache-maxage=1h
cache-control
public, max-age=14400
cf-ray
75d5db8cb9429226-FRA
expires
Fri, 21 Oct 2022 04:25:43 GMT
5946c8e9-576d-4893-994d-18b9bdff4c5d
https://bearinsider.com/
564 B
0
Other
General
Full URL
blob:https://bearinsider.com/5946c8e9-576d-4893-994d-18b9bdff4c5d
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
815ee379589e2686af0a423df3987810358aaa03ea11a46250de270ad307a383

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Length
564
Content-Type
text/javascript
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=255241635&utmhn=bearinsider.com&utme=8(Subscription*Template)9(none*desktop)&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=2...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-46427436-1&cid=1222672303.1666311943&jid=1178579764&_v=5.7.2&z=255241635
35 B
430 B
Image
General
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-46427436-1&cid=1222672303.1666311943&jid=1178579764&_v=5.7.2&z=255241635
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 21 Oct 2022 00:25:43 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:43 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/html; charset=UTF-8
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-46427436-1&cid=1222672303.1666311943&jid=1178579764&_v=5.7.2&z=255241635
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
370
expires
Fri, 01 Jan 1990 00:00:00 GMT
didna_util.min.js.gz
storage.googleapis.com/didna-prod/latest/
196 KB
57 KB
Script
General
Full URL
https://storage.googleapis.com/didna-prod/latest/didna_util.min.js.gz
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/didna_hb/husker/bearinsider/didna_config.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2010 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
UploadServer /
Resource Hash
b16aef8a6a18450e93979def14ab6f9fdfb77f242c9b052333c50a0564ab6677

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:23:32 GMT
content-encoding
gzip
age
131
x-guploader-uploadid
ADPycduVboLpeStpPfDQ8ggxA2hGyIRIvp2BDkSuAmG8qswwG2PxB2xlSroT09X40y4gH1iYTNtQiu48jIoAtoh11fdKl90XS2kR
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
58407
last-modified
Thu, 20 Oct 2022 18:58:12 GMT
server
UploadServer
etag
"709c0f9e969099ddc3730c0dc4cd0d1e"
vary
Accept-Encoding
x-goog-hash
crc32c=yEK1uw==, md5=cJwPnpaQmd3DcwwNxM0NHg==
x-goog-generation
1666292291918841
content-language
en
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
max-age=86400
x-goog-stored-content-length
58407
accept-ranges
bytes
content-type
text/javascript
expires
Sat, 22 Oct 2022 00:23:32 GMT
2eaae36b-6be4-4098-a356-e40810cadb2a
https://bearinsider.com/
466 KB
0
Script
General
Full URL
blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/didna_hb/husker/bearinsider/didna_config.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
774c158323cefef568eca1cf0be2eb6f5181e043158a9c60359ad5462a18fea4

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Length
477273
Content-Type
text/javascript
vanilla-picker-2.11.2.min.js
f5s-cdn.azureedge.net/jsmodules/
19 KB
7 KB
Script
General
Full URL
https://f5s-cdn.azureedge.net/jsmodules/vanilla-picker-2.11.2.min.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
97fbe0da7255903768c8485f137c2a05e03124d01cefde09d2dcdaf6f7551bec

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:42 GMT
content-encoding
br
last-modified
Thu, 08 Jul 2021 20:20:24 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
f3rwbc9GxI49FF2+FETC2Q==
x-azure-ref-originshield
0BI5PYwAAAABBy0gsI1ZETq6ZrH32jU8hQU1TMDRFREdFMTgxNwAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
etag
0x8D9424DD1B090F9
x-azure-ref
0B+dRYwAAAAC/5zPJCTnrRLrmKPYQsknnQlJVMzBFREdFMDQxOAAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
x-cache
TCP_HIT
content-type
application/javascript
x-ms-request-id
5c2ee927-601e-002c-13cd-e28633000000
x-ms-version
2009-09-19
css
fonts.googleapis.com/
31 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,500,700|Open+Sans:400,300,600,700,200,800|Roboto+Slab:200,300,400,600,700|Open+Sans+Condensed:700
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8d5395df0779722c1499b6f1593cb870a6fc7301190f462965935abd03b33ec8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 21 Oct 2022 00:25:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 21 Oct 2022 00:25:43 GMT
css
fonts.googleapis.com/
2 KB
420 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=BenchNine:300,400,700
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
5f77d389ae7d5ff344e07d05a397ce1a495243eceb060ae8d7e191666e943563
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 21 Oct 2022 00:25:43 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 21 Oct 2022 00:25:43 GMT
css
fonts.googleapis.com/
1 KB
499 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Playfair+Display
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
d6298c3b513f2c4653a5ecd25fab7ffb5c74a8ce3c63b176f91621b77a7bc6ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 20 Oct 2022 22:33:42 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 21 Oct 2022 00:25:43 GMT
rid
match.adsrvr.org/track/
63 B
389 B
XHR
General
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=casale&fmt=json&p=186905
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186905-129106728116453.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
ca96c40f3a1a913eab009c3066ea01ef6e56cb3bca24a7f7a59099f499e12dfb

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://bearinsider.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Sun, 20 Nov 2022 00:25:43 GMT
identity
api.rlcdn.com/api/
44 B
359 B
XHR
General
Full URL
https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186905-129106728116453.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
via
1.1 google
x-content-type-options
nosniff
access-control-allow-methods
GET, OPTIONS
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length
44
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fbevents.js
connect.facebook.net/en_US/
102 KB
26 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f8486cf55c57486f26236be045e02ada380d1ee0378008375cf54295c23954c8
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 21 Oct 2022 00:25:43 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27027
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
J2REdvrGzdTvJutCJnhGZtzp8XL1tt17QBucl0WwxVeM/YAqMTroulw7o7BuKqoHyRqt+z2HcjRc15jwjiK3kw==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
logo-f5s008.svg
f5s008media.blob.core.windows.net/web/themes/svg/
3 KB
4 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/web/themes/svg/logo-f5s008.svg
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/css/f5s008.desktop.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
391034e31682ee92c9e9acf21506ccfada120c79a939a4511c7625c20fc416a1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f5s-cdn.azureedge.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:42 GMT
Content-MD5
UYBaEsmUK7FywZyec8YOqg==
Content-Length
2975
x-ms-lease-state
available
x-ms-lease-status
unlocked
Last-Modified
Wed, 23 Aug 2017 20:57:29 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
"0x8D4EA699110729D"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
x-ms-request-id
688708b6-a01e-0040-01e3-e4aaa3000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
Cache-Control
public
x-ms-version
2014-02-14
Accept-Ranges
bytes
twitter.svg
f5s.blob.core.windows.net/web/themes/svg/
762 B
1 KB
Image
General
Full URL
https://f5s.blob.core.windows.net/web/themes/svg/twitter.svg
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/css/desktop.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.150.39.132 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
87dd5d7b4b8cd4933724bf25f215ff86b2604a7fc61a329e31e88ff2b1f7af90

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f5s-cdn.azureedge.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:42 GMT
Last-Modified
Mon, 15 Aug 2016 15:32:41 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8D3C521652E5020
x-ms-meta-CbModifiedTime
Fri, 27 Feb 2015 22:36:27 GMT
Content-Type
image/svg+xml
x-ms-request-id
8789c24e-e01e-0040-07e3-e46da4000000
x-ms-version
2009-09-19
Content-Length
762
facebook.svg
f5s.blob.core.windows.net/web/themes/svg/
364 B
789 B
Image
General
Full URL
https://f5s.blob.core.windows.net/web/themes/svg/facebook.svg
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/css/desktop.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.150.39.132 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
3af043b3af56e8b7829c712f913a3fe3f23fe90c09ff6d6a240d7900158f0c29

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f5s-cdn.azureedge.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Last-Modified
Mon, 15 Aug 2016 15:33:06 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8D3C5217457A813
x-ms-meta-CbModifiedTime
Fri, 27 Feb 2015 22:36:24 GMT
Content-Type
image/svg+xml
x-ms-request-id
75f6c028-001e-0058-68e3-e4b2c3000000
x-ms-version
2009-09-19
Content-Length
364
instagram.svg
f5s.blob.core.windows.net/web/themes/svg/
2 KB
3 KB
Image
General
Full URL
https://f5s.blob.core.windows.net/web/themes/svg/instagram.svg
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/css/desktop.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.150.39.132 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
4596b0c0a2aae993a54464248cfaec870f24f2219fc55e86ed3fe89b52feffc3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f5s-cdn.azureedge.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Last-Modified
Thu, 18 Aug 2016 21:50:51 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8D3C7B1B8F72F0A
x-ms-meta-CbModifiedTime
Thu, 18 Aug 2016 21:50:03 GMT
Content-Type
image/svg+xml
x-ms-request-id
05ebbc7c-101e-0026-1be3-e42284000000
x-ms-version
2009-09-19
Content-Length
2295
search-icon-f5s008.svg
f5s008media.blob.core.windows.net/web/themes/svg/
920 B
2 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/web/themes/svg/search-icon-f5s008.svg
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/css/f5s008.desktop.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
8d9761793770b2cd27c86963e529fffd98565d74c1d67bc7931c2e8e8cfd86db

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f5s-cdn.azureedge.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Content-MD5
P+pfkeHY//9JkvTP4dthEA==
Content-Length
920
x-ms-lease-state
available
x-ms-lease-status
unlocked
Last-Modified
Tue, 08 Aug 2017 20:01:27 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
"0x8D4DE98412C46C3"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
x-ms-request-id
cee30e08-901e-004b-45e3-e451c8000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
Cache-Control
public
x-ms-version
2014-02-14
Accept-Ranges
bytes
x.svg
f5s.blob.core.windows.net/web/themes/svg/
575 B
1005 B
Image
General
Full URL
https://f5s.blob.core.windows.net/web/themes/svg/x.svg
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/css/desktop.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.150.39.132 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
28ba5785e9485b1031c773b928840f43943cc326be6bd12afc92b60d65167571

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f5s-cdn.azureedge.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Last-Modified
Mon, 15 Apr 2019 14:53:41 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
dGGZVUhBgK5d+VliKikQrg==
ETag
0x8D6C1B226BE3F84
Content-Type
image/svg+xml
x-ms-request-id
1398c862-901e-0017-23e3-e4c397000000
Cache-Control
public
x-ms-version
2009-09-19
Content-Length
575
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/
44 KB
44 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,700|Open+Sans:400,300,600,700,200,800|Roboto+Slab:200,300,400,600,700|Open+Sans+Condensed:700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bearinsider.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 17 Oct 2022 18:50:24 GMT
x-content-type-options
nosniff
age
279319
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44856
x-xss-protection
0
last-modified
Mon, 15 Aug 2022 18:20:18 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 17 Oct 2023 18:50:24 GMT
z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuXMRw.woff2
fonts.gstatic.com/s/opensanscondensed/v23/
16 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensanscondensed/v23/z7NFdQDnbTkabZAIOl9il_O6KJj73e7Ff0GmDuXMRw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:400,500,700|Open+Sans:400,300,600,700,200,800|Roboto+Slab:200,300,400,600,700|Open+Sans+Condensed:700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0aa6a7045a55ddcb25bbee4d1edcb864081cf59f7fc9bdc1ada22a32ed4ad3ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://bearinsider.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 18 Oct 2022 01:54:59 GMT
x-content-type-options
nosniff
age
253844
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16324
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:08:32 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 18 Oct 2023 01:54:59 GMT
_nav
bearinsider.com/forums/
904 B
1 KB
XHR
General
Full URL
https://bearinsider.com/forums/_nav
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.119.40.202 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
c831f8a053ae390116b17fd75c7b8f34b659ef4c4c0e1f285806848e0752e0bd
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Accept
*/*
Referer
https://bearinsider.com/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:43 GMT
Strict-Transport-Security
max-age=2592000
Server
Kestrel
Transfer-Encoding
chunked
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Expires
-1
join-newsletter-f5s008.svg
f5s008media.blob.core.windows.net/web/themes/svg/
6 KB
6 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/web/themes/svg/join-newsletter-f5s008.svg
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/css/f5s008.desktop.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
95f59d3673485eaf0566cda1fac52d3d5dfeb9ba38c41b7c83e351449bb5a4f6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f5s-cdn.azureedge.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:42 GMT
Content-MD5
vMAfH/jKXFY4vFp83ic/og==
Content-Length
5806
x-ms-lease-state
available
x-ms-lease-status
unlocked
Last-Modified
Thu, 30 Aug 2018 15:42:53 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
"0x8D60E8F3FC9DF84"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
x-ms-request-id
b1a9b886-401e-0015-37e3-e4ba28000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
Cache-Control
public
x-ms-version
2014-02-14
Accept-Ranges
bytes
0031844-dugi-854x480.jpg
f5s008media.blob.core.windows.net/photos/
277 KB
277 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/photos/0031844-dugi-854x480.jpg
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
ea5682a0a6618c3bb9f5bf74a51454f481d59cb96a0f1a544a72a9c940f0bdf3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:42 GMT
Last-Modified
Thu, 20 Oct 2022 00:39:46 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
778tusKMliv6x6sSK3o87w==
ETag
"0x8DAB233964288E9"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
c6a2ad4e-301e-001f-74e3-e41e9f000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
283294
x-ms-lease-state
available
0031843-ivyc-240x135.jpg
f5s008media.blob.core.windows.net/photos/
24 KB
24 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/photos/0031843-ivyc-240x135.jpg
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
ac850bc623427309d0305d230767fca0506b4f9966c6ecb9bb7f75159f03dd0e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Last-Modified
Tue, 18 Oct 2022 19:09:00 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
wCnejMVvd5UKv7UdPrI+GA==
ETag
"0x8DAB13C36B9E5EF"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
cee30ef0-901e-004b-1ae3-e451c8000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
24224
x-ms-lease-state
available
0031841-nlch-240x135.jpg
f5s008media.blob.core.windows.net/photos/
36 KB
37 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/photos/0031841-nlch-240x135.jpg
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
8e958b33e239d8aa264b39e62c4d549ff21a49cda6e94f76cccf5b23cdd12216

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Last-Modified
Sat, 15 Oct 2022 23:44:49 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
KSdp5xax2C5E11EBXg8Z4w==
ETag
"0x8DAAF073FAABA06"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
68870ab8-a01e-0040-53e3-e4aaa3000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
36975
x-ms-lease-state
available
0031839-ahtm-240x135.jpg
f5s008media.blob.core.windows.net/photos/
30 KB
31 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/photos/0031839-ahtm-240x135.jpg
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
feca2c500ff0adb01036741a190f5295dc783319b9f1dc530e223d9177073aa9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:42 GMT
Last-Modified
Fri, 14 Oct 2022 00:51:47 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
0N8Z0w8ZCErIDSTagjqCRA==
ETag
"0x8DAAD7E45EBC01E"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
d650cc6f-e01e-001c-5ce3-e4fffb000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
30580
x-ms-lease-state
available
0031840-vkvy-240x135.jpg
f5s008media.blob.core.windows.net/photos/
34 KB
34 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/photos/0031840-vkvy-240x135.jpg
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
b18ae4a03fd46ca12b7fd334e8c379bb803f39e0fb4a464a1a1a5398d8d2cb4e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Last-Modified
Fri, 14 Oct 2022 03:31:03 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
AE/3GWoOKEDQkP1GunT4vw==
ETag
"0x8DAAD9485D84761"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
b1a9b8dd-401e-0015-01e3-e4ba28000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
34449
x-ms-lease-state
available
homepage_bg.jpg
f5s008media.blob.core.windows.net/web/themes/images/
153 KB
153 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/web/themes/images/homepage_bg.jpg
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
467219fc1bdbb650d1ac8b6cd19427235232416bea92a7846ee770fd9390b5e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:42 GMT
Content-MD5
2tCIjbj17T2YU4tey9g9/Q==
Content-Length
156414
x-ms-lease-state
available
x-ms-lease-status
unlocked
Last-Modified
Tue, 29 Aug 2017 14:27:09 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
"0x8D4EEEA0885D20C"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
68870986-a01e-0040-45e3-e4aaa3000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
Cache-Control
public
x-ms-version
2014-02-14
Accept-Ranges
bytes
fan_poll.png
f5s008media.blob.core.windows.net/web/themes/images/
23 KB
23 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/web/themes/images/fan_poll.png
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/css/f5s008.desktop.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
36baaaaa36dbb3fde09d9a1fa1210b50e8453eaded0d6148e5a641f2be624994

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f5s-cdn.azureedge.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Content-MD5
pM2enVPqcE39bnx/92gr4A==
Content-Length
23249
x-ms-lease-state
available
x-ms-lease-status
unlocked
Last-Modified
Sun, 19 Aug 2018 03:22:25 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
"0x8D60582FC49ACB1"
Content-Type
image/png
Access-Control-Allow-Origin
*
x-ms-request-id
cee30e54-901e-004b-0ce3-e451c8000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
Cache-Control
public
x-ms-version
2014-02-14
Accept-Ranges
bytes
premium-letter-f5s008.svg
f5s008media.blob.core.windows.net/web/themes/svg/
983 B
2 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/web/themes/svg/premium-letter-f5s008.svg
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/css/f5s008.desktop.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
65e449ba28b14b2cc103087acfe38f8800cebb19b4b573df7599779e68a3006f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f5s-cdn.azureedge.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Content-MD5
UyOj0XpVhdnl5ONdEQHskg==
Content-Length
983
x-ms-lease-state
available
x-ms-lease-status
unlocked
Last-Modified
Tue, 08 Aug 2017 20:02:00 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
"0x8D4DE98550F3FAD"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
x-ms-request-id
cee30e9c-901e-004b-4ee3-e451c8000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
Cache-Control
public
x-ms-version
2014-02-14
Accept-Ranges
bytes
/
bearinsider.com/
32 KB
32 KB
Image
General
Full URL
https://bearinsider.com/
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.119.40.202 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:43 GMT
Strict-Transport-Security
max-age=2592000
Server
Kestrel
Transfer-Encoding
chunked
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Expires
-1
15d3358a-5086-4925-8bc6-c7a5c8559978.js
d3lcz8vpax4lo2.cloudfront.net/ads-code/
172 KB
42 KB
Script
General
Full URL
https://d3lcz8vpax4lo2.cloudfront.net/ads-code/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:4400:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3b036f9d469341d7f376f3b63c64d302e796d186c4980ff15a750dac7c813cdf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
HQIFyLbAy9XfTXqf12MPwsswDyO6jIAK
content-encoding
gzip
via
1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
date
Fri, 21 Oct 2022 00:25:44 GMT
last-modified
Mon, 17 Oct 2022 19:42:10 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P7
etag
W/"9cb4fd73eb0da090fad131fd6e02d140"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=60
x-amz-cf-id
Keit4C_Y58ylgXWhdlOnH4sUm0MUBGR---6Qt7Ew6EmPMpsEsvNpEQ==
premium-staff-f5s008.svg
f5s008media.blob.core.windows.net/web/themes/svg/
6 KB
6 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/web/themes/svg/premium-staff-f5s008.svg
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/css/f5s008.desktop.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
7413374d2d4b50a67e2e18415f76b882a713edecd20182b7d1bcef903330987b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f5s-cdn.azureedge.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Content-MD5
66+CoK14L4bYfWjeMBY2wA==
Content-Length
5871
x-ms-lease-state
available
x-ms-lease-status
unlocked
Last-Modified
Tue, 08 Aug 2017 20:01:49 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
"0x8D4DE984E58EE59"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
x-ms-request-id
7c4231d3-d01e-0017-45e3-e40490000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
Cache-Control
public
x-ms-version
2014-02-14
Accept-Ranges
bytes
sportsblock
bearinsider.com/modules/ Frame 5F03
3 KB
3 KB
Document
General
Full URL
https://bearinsider.com/modules/sportsblock
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.119.40.202 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
0b124faf401871a12369d10407bb8589005311e85216dc65f1ceec1ca6b707e6
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Date
Fri, 21 Oct 2022 00:25:43 GMT
Expires
-1
Pragma
no-cache
Server
Kestrel
Strict-Transport-Security
max-age=2592000
Transfer-Encoding
chunked
skeleton.js
static.adsafeprotected.com/
17 B
467 B
Script
General
Full URL
https://static.adsafeprotected.com/skeleton.js
Requested by
Host: readymoon.com
URL: https://readymoon.com/v2/0/fmthJxi26ay-VFHtt4L3K-DMC--T80uvCjbNKknJY2brdf2yu_wiQMvU6B3njKY3G74
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:9a00:8:48e:53c0:93a1 , United States, ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 15 Feb 2022 13:58:04 GMT
x-amz-version-id
nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via
1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
21378460
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
17
last-modified
Mon, 17 Aug 2020 23:54:35 GMT
server
AmazonS3
etag
"53fab767ecbd3bf07990b10246befbd4"
content-type
application/javascript
cache-control
max-age=315360000
accept-ranges
bytes
x-amz-cf-id
M1NSP2Bu-yYFxognLLYxM6ZSNfHWPCpGAB4ZTqnEo0Mer3ZAvY4Vwg==
magnify-small-grey-b.svg
f5s.blob.core.windows.net/web/themes/svg/
905 B
1 KB
Image
General
Full URL
https://f5s.blob.core.windows.net/web/themes/svg/magnify-small-grey-b.svg
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/css/desktop.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.150.39.132 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
97eea540d51caf9ea8fdbfbe29e788d1fe016731afa797c33b1f39825a5df14f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f5s-cdn.azureedge.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Last-Modified
Mon, 15 Aug 2016 15:33:01 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8D3C52171177898
x-ms-meta-CbModifiedTime
Fri, 27 Feb 2015 22:36:26 GMT
Content-Type
image/svg+xml
x-ms-request-id
573936ec-601e-0071-6ce3-e48cb7000000
x-ms-version
2009-09-19
Content-Length
905
star-small-dblue.svg
f5s.blob.core.windows.net/web/themes/svg/
377 B
807 B
Image
General
Full URL
https://f5s.blob.core.windows.net/web/themes/svg/star-small-dblue.svg
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/css/desktop.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.150.39.132 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
bd85d107203019a4f16297de2536f98fb29e6799bb47142457bd435895959e6f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f5s-cdn.azureedge.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Last-Modified
Fri, 08 May 2020 20:39:57 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
575U+yUYGNGp6jgxjRSR8w==
ETag
0x8D7F38FF8D5314A
Content-Type
image/svg+xml
x-ms-request-id
e9d811dc-f01e-0073-31e3-e4320f000000
Cache-Control
public
x-ms-version
2009-09-19
Content-Length
377
f5sports-f5s008.svg
f5s008media.blob.core.windows.net/web/themes/svg/
2 KB
3 KB
Image
General
Full URL
https://f5s008media.blob.core.windows.net/web/themes/svg/f5sports-f5s008.svg
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/css/f5s008.desktop.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.60.20.68 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
50327989cbdf5f6c410b391fd183d0b399617bcf8e13eab6fcd062a501d795d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://f5s-cdn.azureedge.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Content-MD5
gkSQchxdgdQc8kb09dfUSg==
Content-Length
2543
x-ms-lease-state
available
x-ms-lease-status
unlocked
Last-Modified
Tue, 08 Aug 2017 20:04:05 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
"0x8D4DE989F4ABEF8"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
x-ms-request-id
cee30f2d-901e-004b-4fe3-e451c8000000
Access-Control-Expose-Headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
Cache-Control
public
x-ms-version
2014-02-14
Accept-Ranges
bytes
_userstatus
bearinsider.com/account/
230 B
540 B
XHR
General
Full URL
https://bearinsider.com/account/_userstatus
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.119.40.202 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
2f7fb6e64d8fab635bb3d30224d772f607d37764e65cc73be4ec74ee9566b103
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://bearinsider.com/
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:43 GMT
Strict-Transport-Security
max-age=2592000
Server
Kestrel
Transfer-Encoding
chunked
Content-Type
application/json; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Expires
-1
widgets.js
platform.twitter.com/
97 KB
29 KB
Script
General
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/js/desktop.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9bd8dcc115a0e9fce94520cecad5254352b86d55bca2506833057bb52e87ee1a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
last-modified
Wed, 28 Sep 2022 20:05:37 GMT
etag
"f26384f93da6974ed577808dfa1fede5+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
access-control-allow-origin
*
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=1800
accept-ranges
bytes
tw-cdn
FT
content-length
29223
x-served-by
cache-iad-kjyo7100089-IAD, cache-hhn11529-HHN
264791790811051
connect.facebook.net/signals/config/
292 KB
84 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/264791790811051?v=2.9.87&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
77ed72d440214106b70e7687748235ccfb425fbda2227b64ca35c449bd8f194e
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 21 Oct 2022 00:25:43 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
ASNO6Y7tOLXY+opEScWJljFQXNOSrfDCQ+QJfuW/d+7YOF4CBAkT27yxaC7pvVyUCqNWIst4dun9NVfwFTvVDQ==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
config.js
cdn.confiant-integrations.net/MbZTQS496EB4Sd27ILU4rbHXnJ8/gpt_and_prebid/
337 KB
68 KB
Script
General
Full URL
https://cdn.confiant-integrations.net/MbZTQS496EB4Sd27ILU4rbHXnJ8/gpt_and_prebid/config.js
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/didna-prod/latest/didna_util.min.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:116b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1001d02a94adcf09231d1f5168e3f9555b8ea7a747f446154e1092e6bae7077c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 20 Oct 2022 22:51:22 GMT
server
cloudflare
x-amz-request-id
CNTBNZDHHWY3TF0T
age
358
etag
W/"0e74525214a17193f147c5aff44d4259"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
75d5db8deab19b8e-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
kKkLHiseGwJhC/SvsOq187ukJLtSOVzKtylZyYVBEkb/AbvE+B9Txbkse4hnL2SiPG/FxHLO69k=
pwt.js
ads.pubmatic.com/AdServer/js/pwt/159745/4535/
213 KB
65 KB
Script
General
Full URL
https://ads.pubmatic.com/AdServer/js/pwt/159745/4535/pwt.js
Requested by
Host: storage.googleapis.com
URL: https://storage.googleapis.com/didna-prod/latest/didna_util.min.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.168.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-168-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
01468d0365981ec4c5b2ac916a2df5ed997ab8fd45e6123ea68a117f72ae83e3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
last-modified
Fri, 29 Jul 2022 21:27:50 GMT
server
Apache
vary
Accept-Encoding
content-type
application/javascript
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control
max-age=46250
accept-ranges
bytes
content-length
66316
expires
Fri, 21 Oct 2022 13:16:33 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
386 B
1 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=20100&site_id=239950&zone_id=1184560&size_id=15&rf=http%3A%2F%2Fbearinsider.com%2F&tg_i.page=http%3A%2F%2Fbearinsider.com%2F&tg_i.domain=bearinsider.com&tg_i.pbadslot=%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_direct_300x250&tk_flint=pbjs_lite_v7.20.0&x_source.tid=f3d99840-26e5-41ec-bff2-7c593e26c8fd&l_pb_bid_id=2ce080c7f0faac&p_screen_res=1600x1200&rp_floor=0.05&rp_secure=1&rp_maxbids=1&p_gpid=%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_direct_300x250&slots=1&rand=0.5067718835893467
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
5b64c1713b0ca73893780f4857db46e6ed55e41a4f3cb5a065f32af161dad8ec

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:43 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://bearinsider.com
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
386
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
prebid.media.net/rtb/
996 B
610 B
XHR
General
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUJY6S41
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
479d14940f56ee8623ea8f23f2a9df9130bf7dbbb8f70dfca2886e9a28ff1ee5

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
via
1.1 google
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
v1
btlr.sharethrough.com/universal/
0
156 B
XHR
General
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.28.133.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-133-144.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:45 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
bidRequest
c2shb.ssp.yahoo.com/
13 KB
13 KB
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691d0017070401401403a11d30006&pos=8a9698ab01747406698907d5067700f3&cmd=bid&secure=1
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
b2dbb1cf5c5506562b776bd081fd844a2dae08e907b4cd03c08aad627a9ac06a

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
content-length
13265
adreq
ads.servenobid.com/
925 B
716 B
XHR
General
Full URL
https://ads.servenobid.com/adreq?cb=1968
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.75.88.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-75-88-22.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6297df6d47d26c25f16327e1c256e5733521a3133c8908a3f7b187617f1d9d78

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://bearinsider.com
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/
19 B
707 B
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:43 GMT
AN-X-Request-Uuid
9652fcea-c878-4be5-b22c-84ae6e920d73
Server
nginx/1.21.3
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://bearinsider.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pbjs
htlb.casalemedia.com/openrtb/
36 B
314 B
XHR
General
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=360071&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%22133099f43a22ad%22%2C%22site%22%3A%7B%22page%22%3A%22http%3A%2F%2Fbearinsider.com%2F%22%2C%22domain%22%3A%22bearinsider.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22bearinsider.com%22%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22ls%22%3Afalse%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%227.20.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fbearinsider.com%2F%22%2C%22tmax%22%3A2000%2C%22syncsPerBidder%22%3A5%2C%22fpd%22%3Atrue%2C%22pbadslot%22%3A%22%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_direct_300x250%22%2C%22adunitcode%22%3A%22div-gad-home_300x250_1%22%2C%22divId%22%3A%22div-gad-home_300x250_1%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2214ad0face7d9ab1%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22360071%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_direct_300x250%22%2C%22gpid%22%3A%22%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_direct_300x250%22%2C%22tid%22%3A%22f3d99840-26e5-41ec-bff2-7c593e26c8fd%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22tid%22%3A%22didna-118c04ac-d0c3-46a0-bd4b-f854817845fb%22%7D%2C%22user%22%3A%7B%7D%7D
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a390064db2d28bd0a571c732717f7f50e3e6179ea4af59f8e398eeb9f5e5dd2a

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:43 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EKEU9EuiORBFSYy99DvbTTzOn0XTDwcQmRFFbj02E7TJt1z5DDYwOPYl1mJ%2F1VF8n5GbbaD8sp0aLkYUCnvrZcJO3xLUgECuzLCsdM%2B8hqynL5YRizD1z6%2BzWdog5v%2BD9UfXelMw"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
75d5db8e6c0c699f-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
36
expires
0
translator
hbopenbid.pubmatic.com/
0
59 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:43 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
/
ads.resetsrv.com/
0
381 B
XHR
General
Full URL
https://ads.resetsrv.com/
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.197.55.50 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:43 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-methods
GET, POST
content-type
text/html
arj
didna-d.openx.net/w/1.0/
73 B
377 B
XHR
General
Full URL
https://didna-d.openx.net/w/1.0/arj?ju=http%3A%2F%2Fbearinsider.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=f3d99840-26e5-41ec-bff2-7c593e26c8fd&nocache=1666311943375&aus=300x250&divids=div-gad-home_300x250_1&aucs=%252F170737076%252Fspg_default%252Fbearinsider%252F008_desktop_direct_300x250&auid=556872275
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
d615dc71e2b871728bcac91be31747518b19e5d9019d8d1963300bc169a0fdea

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://bearinsider.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
expires
Mon, 26 Jul 1997 05:00:00 GMT
hb
ssc.33across.com/api/v1/
93 B
177 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=doDh5gbI4r6Qa2aKkv7mNO
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
f2daa7e76eb71f0467c09a9ad129a8c3de6217644510131af36b6cf0f8114d2e

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fastlane.json
fastlane.rubiconproject.com/a/api/
397 B
1 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=20100&site_id=239950&zone_id=1184560&size_id=2&alt_size_ids=55&rf=http%3A%2F%2Fbearinsider.com%2F&tg_i.page=http%3A%2F%2Fbearinsider.com%2F&tg_i.domain=bearinsider.com&tg_i.pbadslot=%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_970x90&tk_flint=pbjs_lite_v7.20.0&x_source.tid=aaec6adf-05f6-4b0e-9953-d00b9105e05e&l_pb_bid_id=241fc49062c5d29&p_screen_res=1600x1200&rp_floor=0.05&rp_secure=1&rp_hard_floor=0.05&rp_maxbids=1&p_gpid=%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_970x90&slots=1&rand=0.8540277773501961
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
7f918e55e2c7fdfe4fbfac4e8baf5a131c88eacb54165dee2aaaa6e70f528a4f

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:43 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://bearinsider.com
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
397
Expires
Wed, 17 Sep 1975 21:32:10 GMT
v1
btlr.sharethrough.com/universal/
0
156 B
XHR
General
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.28.133.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-133-144.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:43 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/
0
157 B
XHR
General
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.28.133.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-133-144.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:43 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
bidRequest
c2shb.ssp.yahoo.com/
62 B
292 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691d0017070401401403a11d30006&pos=8a9698ab01747406698907d45d4400f1&cmd=bid&secure=1
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
f59992e3bbba63c938be3226ef9716861484b54008fd395086af290a823e5e50

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/
62 B
92 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691d0017070401401403a11d30006&pos=8a9698ab01747406698907d7077300fa&cmd=bid&secure=1
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
bee77aeb7bcb6a3163c4d537ca9b6632f6b236f65bb8d6eb536c252064e5b5b4

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
content-length
62
arj
didna-d.openx.net/w/1.0/
73 B
145 B
XHR
General
Full URL
https://didna-d.openx.net/w/1.0/arj?ju=http%3A%2F%2Fbearinsider.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=aaec6adf-05f6-4b0e-9953-d00b9105e05e&nocache=1666311943381&aus=970x90%2C728x90&divids=div-gad-home-mid&aucs=%252F170737076%252Fspg_default%252Fbearinsider%252F008_desktop_970x90&auid=556872275&aumfs=50
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
75327d13c2b94a5eb87b9d18ba6d2517016c6285de2c7b32901339a899282635

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://bearinsider.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
expires
Mon, 26 Jul 1997 05:00:00 GMT
hb
ssc.33across.com/api/v1/
93 B
348 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=doDh5gbI4r6Qa2aKkv7mNO
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
d46f0249b4880fa2127f3408edc02158ffa0673c31218312e2b6dbef1b96d507

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
adreq
ads.servenobid.com/
925 B
715 B
XHR
General
Full URL
https://ads.servenobid.com/adreq?cb=2061
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.75.88.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-75-88-22.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6297df6d47d26c25f16327e1c256e5733521a3133c8908a3f7b187617f1d9d78

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://bearinsider.com
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/
19 B
707 B
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:43 GMT
AN-X-Request-Uuid
160eeaa0-e416-4c73-867e-7b5e5796c6c2
Server
nginx/1.21.3
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://bearinsider.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
translator
hbopenbid.pubmatic.com/
0
115 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:43 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
prebid
prebid.media.net/rtb/
996 B
747 B
XHR
General
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUJY6S41
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
0570ae40ab14f165f549d180e14c59fcd5744a3663c62e52e235012abfa14037

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
via
1.1 google
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
pbjs
htlb.casalemedia.com/openrtb/
37 B
570 B
XHR
General
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=360071&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2244e3cde976c32f8%22%2C%22site%22%3A%7B%22page%22%3A%22http%3A%2F%2Fbearinsider.com%2F%22%2C%22domain%22%3A%22bearinsider.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22bearinsider.com%22%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22ls%22%3Afalse%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%227.20.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fbearinsider.com%2F%22%2C%22tmax%22%3A2000%2C%22syncsPerBidder%22%3A5%2C%22fpd%22%3Atrue%2C%22pbadslot%22%3A%22%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_970x90%22%2C%22adunitcode%22%3A%22div-gad-home-mid%22%2C%22divId%22%3A%22div-gad-home-mid%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%224599985ec2149fa%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22360071%22%2C%22fl%22%3A%22p%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22360071%22%2C%22fl%22%3A%22p%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_970x90%22%2C%22gpid%22%3A%22%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_970x90%22%2C%22tid%22%3A%22aaec6adf-05f6-4b0e-9953-d00b9105e05e%22%7D%2C%22bidfloor%22%3A0.05%2C%22bidfloorcur%22%3A%22USD%22%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22tid%22%3A%22didna-97615719-8bcd-477d-9d97-1aaf5adaf243%22%7D%2C%22user%22%3A%7B%7D%7D
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.18.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b635b1f7a7a6e25d34930b516ff41da98d939dad20fb024acb596a7828106813

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:43 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ktAGrvm8LTl7ZFEtlzNtWDD2c5CnGxlMF%2Fo0UtDtxmIUO6YqNwznUujd%2FpFcfqeLMOnXJpT2D5MWqVONOHx%2FObTC6LqIxtlOHlQbjJ%2FG3Xat9nMD6GSO3az3sG5sF%2B%2FOSHWKCAaw"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
75d5db8e6c0d699f-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
37
expires
0
/
ads.resetsrv.com/
0
381 B
XHR
General
Full URL
https://ads.resetsrv.com/
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.197.55.50 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:43 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-methods
GET, POST
content-type
text/html
headerstats
as-sec.casalemedia.com/
0
509 B
XHR
General
Full URL
https://as-sec.casalemedia.com/headerstats?s=360066&u=https%3A%2F%2Fbearinsider.com%2F&v=3
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/ht/p/186905-129106728116453.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.19.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:43 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lps5YaAZoZbWu%2FT31dMhrKL6tFnPAzsD%2BUWQVZ0ARBmFChd%2FkSqadk5veShVvp7vPpQ5jTlEX2X00P8PudKC6KikI0k%2F29icRHoFmJfLRv%2F6H%2B0%2BCgrWXRBnRuD%2BE5G%2FNOBJqdzatDY%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
75d5db8e68719956-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
0
widget_iframe.7dae38096d06923d683a2a807172322a.html
platform.twitter.com/widgets/ Frame 9A8B
320 KB
103 KB
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fbearinsider.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.232.136.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
public, max-age=315360000
content-encoding
gzip
content-length
105445
content-type
text/html; charset=utf-8
date
Fri, 21 Oct 2022 00:25:43 GMT
etag
"50d73c0b4a4c7e4697b9c6ac6f1ecd75+gzip"
last-modified
Wed, 28 Sep 2022 20:04:27 GMT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn
FT
vary
Accept-Encoding
x-cache
HIT, HIT
x-served-by
cache-iad-kiad7000174-IAD, cache-hhn11529-HHN
/
www.facebook.com/tr/
0
185 B
Image
General
Full URL
https://www.facebook.com/tr/?id=264791790811051&ev=PageView&dl=https%3A%2F%2Fbearinsider.com%2F&rl=&if=false&ts=1666311943416&sw=1600&sh=1200&v=2.9.87&r=stable&ec=0&o=30&fbp=fb.1.1666311943415.1265420642&it=1666311943300&coo=false&rqm=GET
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 21 Oct 2022 00:25:43 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
settings
syndication.twitter.com/ Frame 9A8B
851 B
676 B
Fetch
General
Full URL
https://syndication.twitter.com/settings?session_id=d5b9403501f445bcc22d8b7ca9b8b291abda3c05
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.7dae38096d06923d683a2a807172322a.html?origin=https%3A%2F%2Fbearinsider.com
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.72 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
45bc75820c2292bf64b74af20b9785c4a053608816b7d0c05bdc968e8e9de805
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-response-time
117
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
strict-transport-security
max-age=631138519
last-modified
Fri, 21 Oct 2022 00:25:43 GMT
server
tsa_o
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
x-transaction-id
fa65b348d95023b4
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
perf
7626143928
x-connection-hash
0f176ef64c2a7d6070c916da367abaf6070f7e66430d1efb085ae60e31749479
content-length
355
wrap.js
cdn.confiant-integrations.net/gptprebidnative/202210171204/
212 KB
67 KB
Script
General
Full URL
https://cdn.confiant-integrations.net/gptprebidnative/202210171204/wrap.js
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/MbZTQS496EB4Sd27ILU4rbHXnJ8/gpt_and_prebid/config.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:116b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e095f4fbb86c7318a76ae06340cfd812a5247ea02b416ed57933365d67648df7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 17 Oct 2022 16:14:48 GMT
server
cloudflare
x-amz-request-id
WNS007AW1YA17426
age
284448
etag
W/"a7af60ecf4cf095070eed6b7b3e4664d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
75d5db8eaeb66964-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
LejpkgVPfYvUuFRNu/z8OY65nT13IuN5+LcfkIYARh+l1iLvkgdTHj/ncMeRXTr/xZnumZdiPDA=
fastlane.json
fastlane.rubiconproject.com/a/api/
404 B
1 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=20100&site_id=239950&zone_id=1184560&size_id=2&alt_size_ids=55&rf=http%3A%2F%2Fbearinsider.com%2F&tg_i.page=http%3A%2F%2Fbearinsider.com%2F&tg_i.domain=bearinsider.com&tg_i.pbadslot=%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_home_970x90_1&tk_flint=pbjs_lite_v7.20.0&x_source.tid=a994be20-f9cf-4520-b481-896d75a5a7e4&l_pb_bid_id=511ded445f18b46&p_screen_res=1600x1200&rp_floor=0.05&rp_secure=1&rp_maxbids=1&p_gpid=%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_home_970x90_1&slots=1&rand=0.12157775105967672
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
b2dc3e5952f57966cea81717e4fa93edad056d9035ce9a93c6a40fdf57d9e704

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:43 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://bearinsider.com
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
404
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
prebid.media.net/rtb/
996 B
609 B
XHR
General
Full URL
https://prebid.media.net/rtb/prebid?cid=8CUJY6S41
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.148.139 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
139.148.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
87a7f8c7df72493a7feecbe7c34360f1544cbfc2b63e0a8a09da2ea4dd3941f7

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
via
1.1 google
server
nginx
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
clear
pbjs
htlb.casalemedia.com/openrtb/
37 B
541 B
XHR
General
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=360071&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2254e7a24479364fc%22%2C%22site%22%3A%7B%22page%22%3A%22http%3A%2F%2Fbearinsider.com%2F%22%2C%22domain%22%3A%22bearinsider.com%22%2C%22publisher%22%3A%7B%22domain%22%3A%22bearinsider.com%22%7D%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22ls%22%3Afalse%2C%22mfu%22%3A0%2C%22bu%22%3A1%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A1%2C%22ren%22%3Afalse%2C%22version%22%3A%227.20.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fbearinsider.com%2F%22%2C%22tmax%22%3A2000%2C%22syncsPerBidder%22%3A5%2C%22fpd%22%3Atrue%2C%22pbadslot%22%3A%22%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_home_970x90_1%22%2C%22adunitcode%22%3A%22div-gad-LeaderboardTop2%22%2C%22divId%22%3A%22div-gad-LeaderboardTop2%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%2255a552cdc86b956%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A970%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22360071%22%2C%22fl%22%3A%22p%22%7D%7D%2C%7B%22w%22%3A728%2C%22h%22%3A90%2C%22ext%22%3A%7B%22siteID%22%3A%22360071%22%2C%22fl%22%3A%22p%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22dfp_ad_unit_code%22%3A%22%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_home_970x90_1%22%2C%22gpid%22%3A%22%2F170737076%2Fspg_default%2Fbearinsider%2F008_desktop_home_970x90_1%22%2C%22tid%22%3A%22a994be20-f9cf-4520-b481-896d75a5a7e4%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22tid%22%3A%22didna-8fdbc3ef-e836-46bd-ba20-f1cdbcf105d4%22%7D%2C%22user%22%3A%7B%7D%7D
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.18.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37a59d47c0adfac7ab5acbb4be9ae2c15d041ef669a26c57d94b3ba314f80792

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:43 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w4KgQEr%2F2hC0inQzPBLt4fMl0QOuogC%2FjJONsHWpIDIKF78PkO9MYDJJOVLgBlKXActnxevXd1ClrZgCoTr0UYq2bUyY4Po%2F2OhVQ3gQ2nN3Z5qYAgByW%2Bz6AGFdPyrNuiLuVXGS"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
75d5db8ebb80bb73-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
37
expires
0
prebid
ib.adnxs.com/ut/v3/
19 B
707 B
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:43 GMT
AN-X-Request-Uuid
05b3148c-3126-4851-bff7-ad28cf65362f
Server
nginx/1.21.3
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://bearinsider.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
19
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
hb
ssc.33across.com/api/v1/
93 B
184 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=doDh5gbI4r6Qa2aKkv7mNO
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
15c554e216e271fceae375c36374b1d28518969003a01915bc64f820f31be7a7

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
/
ads.resetsrv.com/
0
381 B
XHR
General
Full URL
https://ads.resetsrv.com/
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
138.197.55.50 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:43 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-methods
GET, POST
content-type
text/html
adreq
ads.servenobid.com/
925 B
715 B
XHR
General
Full URL
https://ads.servenobid.com/adreq?cb=4563
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.75.88.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-75-88-22.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6297df6d47d26c25f16327e1c256e5733521a3133c8908a3f7b187617f1d9d78

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
amp-access-control-allow-source-origin
*
vary
accept-encoding
content-type
application/json
access-control-allow-origin
https://bearinsider.com
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
translator
hbopenbid.pubmatic.com/
0
59 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:41 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
bidRequest
c2shb.ssp.yahoo.com/
62 B
92 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691d0017070401401403a11d30006&pos=8a9698ab01747406698907d45d4400f1&cmd=bid&secure=1
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
f4a9cd611ccd96117516a93d5c529f429d7f5e7187b453c12e0405196211e38d

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/
62 B
92 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a9691d0017070401401403a11d30006&pos=8a9698ab01747406698907d7077300fa&cmd=bid&secure=1
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.10.25 /
Resource Hash
abbcd33d404aca830e658671ef6fe1f71ec5b1a9b7ba2498a472ba38daea453b

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
server
ATS/9.1.10.25
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
content-length
62
v1
btlr.sharethrough.com/universal/
0
156 B
XHR
General
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.28.133.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-133-144.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:43 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
v1
btlr.sharethrough.com/universal/
0
156 B
XHR
General
Full URL
https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.28.133.144 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-28-133-144.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:43 GMT
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
vary
Origin
arj
didna-d.openx.net/w/1.0/
73 B
101 B
XHR
General
Full URL
https://didna-d.openx.net/w/1.0/arj?ju=http%3A%2F%2Fbearinsider.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=a994be20-f9cf-4520-b481-896d75a5a7e4&nocache=1666311943464&aus=970x90%2C728x90&divids=div-gad-LeaderboardTop2&aucs=%252F170737076%252Fspg_default%252Fbearinsider%252F008_desktop_home_970x90_1&auid=556872275
Requested by
Host: bearinsider.com
URL: blob:https://bearinsider.com/2eaae36b-6be4-4098-a356-e40810cadb2a
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e5206328d2cc2308fcaeac42be6ea00a48a1787053f6581b97fffee6182a57f2

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://bearinsider.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
expires
Mon, 26 Jul 1997 05:00:00 GMT
v2kpy1un2_6bidETqTI8CIJiBuuDFnQMu646H6fB06Arw0BrCpDdeXMtYXinrhG6fK7JdT-Rv
lumpylumber.com/
191 B
705 B
Fetch
General
Full URL
https://lumpylumber.com/v2kpy1un2_6bidETqTI8CIJiBuuDFnQMu646H6fB06Arw0BrCpDdeXMtYXinrhG6fK7JdT-Rv
Requested by
Host: readymoon.com
URL: https://readymoon.com/v2/0/fmthJxi26ay-VFHtt4L3K-DMC--T80uvCjbNKknJY2brdf2yu_wiQMvU6B3njKY3G74
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:d733::1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e628a77b432ee49dc3c2a637bef4494dec9be61d1baceef5c86e0cf97f7d1afc
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
date
Fri, 21 Oct 2022 00:25:43 GMT
via
1.1 google
x-buildnumber
661392823
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
191
x-datacenter
gce-europe-west1
x-buildname
hoothoot
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://bearinsider.com
x-hostname
fen-hoothoot-europe-west1-spot-9csr
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires
Fri, 21 Oct 2022 00:25:42 GMT
desktop.min.css
f5s-cdn.azureedge.net/content/20221019.2/css/ Frame 5F03
864 KB
117 KB
Stylesheet
General
Full URL
https://f5s-cdn.azureedge.net/content/20221019.2/css/desktop.min.css
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/modules/sportsblock
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
60a27160d65e2b27e63cfae136b04f562119e53b860bfee28e9cf7739bf74c45

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
br
last-modified
Wed, 19 Oct 2022 20:27:23 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
YAkVlKcRFoyeerYaw4RMlQ==
x-azure-ref-originshield
0xuVRYwAAAABOLEC/y66rRIbdWH+GKeaIQU1TMDRFREdFMTgyMgAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
etag
0x8DAB21054E37BCC
x-azure-ref
0B+dRYwAAAAAsf1hUiQKbT4YXJwfwFe2JQlJVMzBFREdFMDQxOAAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
x-cache
TCP_HIT
content-type
text/css
x-ms-request-id
1d7e06ce-501e-0037-2fc7-e4b830000000
x-ms-version
2009-09-19
f5s008.desktop.min.css
f5s-cdn.azureedge.net/content/20221019.2/css/ Frame 5F03
12 KB
3 KB
Stylesheet
General
Full URL
https://f5s-cdn.azureedge.net/content/20221019.2/css/f5s008.desktop.min.css
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/modules/sportsblock
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
c1609235113bcc0ea2c532064ee52f039b75a48edb067ca110118e813a723a85

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
br
last-modified
Wed, 19 Oct 2022 20:27:24 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
TeCOmjXaTrqWiU79LcQMjQ==
x-azure-ref-originshield
0BedRYwAAAAAK2E2559ECRZJFwkFik0gGQU1TMDRFREdFMTkxNQAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
etag
0x8DAB21055050857
x-azure-ref
0B+dRYwAAAADeym6QkagKTYD5DErt2+wRQlJVMzBFREdFMDQxOAAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
x-cache
TCP_HIT
content-type
text/css
x-ms-request-id
df2acda8-b01e-0062-11e3-e4a8bb000000
x-ms-version
2009-09-19
default-skin.min.css
bearinsider.com/css/photoswipe/default-skin/ Frame 5F03
8 KB
8 KB
Stylesheet
General
Full URL
https://bearinsider.com/css/photoswipe/default-skin/default-skin.min.css
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/modules/sportsblock
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.119.40.202 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
ce6db59bd76100dae8b381fa5e669c3ff7b4db76ae11e1676157f95413f52f23
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/modules/sportsblock
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 21 Oct 2022 00:25:43 GMT
Strict-Transport-Security
max-age=2592000
Last-Modified
Wed, 19 Oct 2022 20:17:23 GMT
Server
Kestrel
ETag
"1d8e3f7cc36d4b1"
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7985
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/2.1.1/ Frame 5F03
82 KB
29 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/modules/sportsblock
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:14:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
22292
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29671
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 20 Oct 2023 18:14:11 GMT
f5s008.desktop.min.js
f5s-cdn.azureedge.net/content/20221019.2/js/ Frame 5F03
1 KB
829 B
Script
General
Full URL
https://f5s-cdn.azureedge.net/content/20221019.2/js/f5s008.desktop.min.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/modules/sportsblock
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
c7cdc1c5656f5ccbacdf8c46fa7d970a08cd0dd8f126a30b36a755cce942886f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
br
last-modified
Wed, 19 Oct 2022 20:27:23 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
Rx2a6Punm/8bts9IZ/e27Q==
x-azure-ref-originshield
0BedRYwAAAAArmfA9z+LSSo1Yut7h9RudQU1TMDRFREdFMTkxMgAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
etag
0x8DAB21054BCE6F2
x-azure-ref
0B+dRYwAAAACvaTGwjEyDQIY8Gv+n/Y1+QlJVMzBFREdFMDQxOAAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
x-cache
TCP_HIT
content-type
application/javascript
x-ms-request-id
c4bbde69-001e-0048-0be3-e477ab000000
x-ms-version
2009-09-19
desktop.min.js
f5s-cdn.azureedge.net/content/20221019.2/js/ Frame 5F03
743 KB
209 KB
Script
General
Full URL
https://f5s-cdn.azureedge.net/content/20221019.2/js/desktop.min.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/modules/sportsblock
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
a68c9cd6dea7fb10cf7a8251b5bed5b29b1047c7431e1ff4def2421329f0a3ad

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
br
last-modified
Wed, 19 Oct 2022 20:27:24 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
t5lqL7j5dJklcnmJgEtisA==
x-azure-ref-originshield
0yOVRYwAAAADP8hjv5kTWTY5Y2KFz6GnCQU1TMDRFREdFMTgyMgAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
etag
0x8DAB21054EB90D9
x-azure-ref
0B+dRYwAAAAAdpzzMzFBDRp/RNlMfD3ueQlJVMzBFREdFMDQxOAAyNmM4ZDVjYi02MmZmLTRmMmMtOWE1NS0yNDNhYTQxYzhiMzg=
x-cache
TCP_HIT
content-type
application/javascript
x-ms-request-id
6288d59e-a01e-0033-27e2-e43537000000
x-ms-version
2009-09-19
v2rkcHw_Asxs1K5lYFZIJ7gWH0M1Tua3VO14eRNrBby2qMEay3Noyol0XGx9qPv1-K49Rplxb
lumpylumber.com/
3 B
27 B
Fetch
General
Full URL
https://lumpylumber.com/v2rkcHw_Asxs1K5lYFZIJ7gWH0M1Tua3VO14eRNrBby2qMEay3Noyol0XGx9qPv1-K49Rplxb
Requested by
Host: readymoon.com
URL: https://readymoon.com/v2/0/fmthJxi26ay-VFHtt4L3K-DMC--T80uvCjbNKknJY2brdf2yu_wiQMvU6B3njKY3G74
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:d733::1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
date
Fri, 21 Oct 2022 00:25:43 GMT
via
1.1 google
x-buildnumber
661392823
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
x-datacenter
gce-europe-west1
x-buildname
hoothoot
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://bearinsider.com
x-hostname
fen-hoothoot-europe-west1-spot-9csr
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
fmthJxi26ay-VFHtt4L3K-DMC--T80uvCjbNKknJY2brdf2yu_wiQMvU6B3njKY3G74
readymoon.com/v2/0/ Frame 5F03
92 KB
27 KB
Script
General
Full URL
https://readymoon.com/v2/0/fmthJxi26ay-VFHtt4L3K-DMC--T80uvCjbNKknJY2brdf2yu_wiQMvU6B3njKY3G74
Requested by
Host: f5s-cdn.azureedge.net
URL: https://f5s-cdn.azureedge.net/content/20221019.2/js/f5s008.desktop.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:328a::1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
4acddac1a60a29d1d0890f2eac91d4a19bcb3246de7c6ea877548ca9510c5f65
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; preload
content-encoding
br
via
1.1 google
date
Fri, 21 Oct 2022 00:25:43 GMT
x-datacenter
gce-europe-west1
etag
"707be605f15ea3bb8cb71c933c93f318d994f43bea82bfb29eed210d9ea5a4a0"
x-buildname
hoothoot
vary
Accept-Encoding, Accept-Language
x-hostname
fen-hoothoot-europe-west1-spot-9csr
content-type
text/javascript; charset=utf-8
cache-control
private, must-revalidate, max-age=21600
x-buildnumber
661392823
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
_sportsblockinner
bearinsider.com/modules/ Frame 5F03
759 B
1 KB
XHR
General
Full URL
https://bearinsider.com/modules/_sportsblockinner?sportID=1
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.119.40.202 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
9d1c206ba5eb10f0a63468f9d80439277a779046aac4a8b4be3f3cd0e7dd5846
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Accept
text/html, */*; q=0.01
Referer
https://bearinsider.com/modules/sportsblock
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:43 GMT
Strict-Transport-Security
max-age=2592000
Server
Kestrel
Transfer-Encoding
chunked
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Expires
-1
/
geoip.insticator.com/json/
241 B
426 B
XHR
General
Full URL
https://geoip.insticator.com/json/
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.168.146.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-168-146-216.compute-1.amazonaws.com
Software
/
Resource Hash
44793d44ea1bbc12dace2640119b71b42be35573ef979a8305066fa106f45930

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:44 GMT
access-control-allow-credentials
true
x-database-date
Thu, 20 Oct 2022 23:36:29 GMT
content-length
241
vary
Origin
content-type
application/json
15d3358a-5086-4925-8bc6-c7a5c8559978.js
df80k0z3fi8zg.cloudfront.net/files/instibid/
321 KB
98 KB
Script
General
Full URL
https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2251:400:10:3422:3f00:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
43676543e19de1fc36c90ef1ab1dca5dab0661afde678c7e00d4924ea4903a97

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
ADdovQ3nzR9ZByWHEHSPHEJ5KWM5aitI
content-encoding
gzip
via
1.1 89f400f550feb1d74a18ecb2070103ac.cloudfront.net (CloudFront)
date
Fri, 21 Oct 2022 00:25:43 GMT
last-modified
Mon, 17 Oct 2022 19:41:50 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P3
age
19384
etag
W/"dca7b8fe19c02308b1433598213d1ed7"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
nkI_3MnMPtP1iQl94a_MmP_xxiyQHGNipdCV78QMWSLSlTeUMHUUPA==
tag.min.js
get.s-onetag.com/42a30fdd-c1da-4d85-ab06-c212412bd9ab/
23 KB
8 KB
Script
General
Full URL
https://get.s-onetag.com/42a30fdd-c1da-4d85-ab06-c212412bd9ab/tag.min.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.64.79.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-64-79-25.txl50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cbff952e8c47bf976906662ac210c3ae9aaf8e10820d404e8f760bc273bcb4fb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
MzFJp_hCplumN12v7na.JL4ToSqQ7M.M
content-encoding
gzip
via
1.1 648e777af976c4cfcd01765a8e77fd5e.cloudfront.net (CloudFront)
date
Thu, 20 Oct 2022 05:16:31 GMT
last-modified
Mon, 30 May 2022 15:16:46 GMT
server
AmazonS3
x-amz-cf-pop
TXL50-P2
age
68954
etag
W/"32357f1c0de69779f4fedf3aeb29d83e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=86400
x-amz-cf-id
KGdWcLf9SGXeiLgGU--0yCkL_5SLNYXxvUYnQ1Uan9_SqVjWq0sUew==
config.js
cdn.confiant-integrations.net/Fseez_-nDyWQXIJsbnoKkKTHXC4/gpt_and_prebid/
96 KB
21 KB
Script
General
Full URL
https://cdn.confiant-integrations.net/Fseez_-nDyWQXIJsbnoKkKTHXC4/gpt_and_prebid/config.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:116b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0aa38846f5d1668e250649ffc91f566f66019d0c42c71d7237480280b6c96c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Thu, 20 Oct 2022 22:51:52 GMT
server
cloudflare
x-amz-request-id
73NSS07HJRXYJHKY
age
479
etag
W/"ae0253c2af991edd50d6a0b2c527d13a"
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=900, stale-while-revalidate=3600
cf-ray
75d5db9079136964-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
2/pjoQLwN8wj8zLJPgXFytgpyHWigGG3LgLUWevEANTKu4vKupo0h+0ok+lYwLCH4cQyqvPQLsI=
index.html
auth.instiengage.com/auth/ Frame 2FFD
75 B
469 B
Document
General
Full URL
https://auth.instiengage.com/auth/index.html
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:b400:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
32dcb7b5d0e79583353a56225e4d8097e004103102d584e245d1b96547f9948d

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
155
cache-control
max-age=300
content-length
75
content-type
text/html
date
Fri, 21 Oct 2022 00:23:10 GMT
etag
"2e3d17ce9023be2c1313c02113f5c568"
last-modified
Wed, 19 Oct 2022 10:48:49 GMT
server
AmazonS3
vary
Accept-Encoding
via
1.1 626c544a24a86c6cd608360f520b6d8c.cloudfront.net (CloudFront)
x-amz-cf-id
FjsJFdxSfCzgbA1XnZcL2gP1Azq9IUINkaxyVC_jmN5bHEU99oLHIQ==
x-amz-cf-pop
FRA56-P3
x-amz-version-id
etWPI5eonL_SxoRBatQsvoqabhU7Yn57
x-cache
Hit from cloudfront
icon_football_white.png
f5s.blob.core.windows.net/web/content/icons/ Frame 5F03
31 KB
32 KB
Image
General
Full URL
https://f5s.blob.core.windows.net/web/content/icons/icon_football_white.png
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/modules/sportsblock
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.150.39.132 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
1e73777f32fdadc9137db91d5a23a62cbe3940b540ffba10fb93678b4624cabb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Last-Modified
Thu, 25 Aug 2016 19:18:16 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
L6oQFa4iYvBsQC9Ycvd86A==
ETag
0x8D3CD1C90C6B619
Content-Type
image/png
x-ms-request-id
8789c29a-e01e-0040-4ee3-e46da4000000
Cache-Control
public
x-ms-version
2009-09-19
Content-Length
32055
icon_basketball_white.png
f5s.blob.core.windows.net/web/content/icons/ Frame 5F03
32 KB
32 KB
Image
General
Full URL
https://f5s.blob.core.windows.net/web/content/icons/icon_basketball_white.png
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/modules/sportsblock
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.150.39.132 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
dabcbaebd91fbacba05da75f9d8c8322fd18110c126334cdf55affe0261993af

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Last-Modified
Thu, 25 Aug 2016 19:18:07 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
gBCsh1NODZaDea1o5Yu2IQ==
ETag
0x8D3CD1C8BB1DFDE
Content-Type
image/png
x-ms-request-id
05ebbcb4-101e-0026-4fe3-e42284000000
Cache-Control
public
x-ms-version
2009-09-19
Content-Length
32649
icon_wbasketball_white.png
f5s.blob.core.windows.net/web/content/icons/ Frame 5F03
32 KB
33 KB
Image
General
Full URL
https://f5s.blob.core.windows.net/web/content/icons/icon_wbasketball_white.png
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/modules/sportsblock
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.150.39.132 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
8049b934c0656532d9a83024065477b24a9e907a5e0a86a82a6f8a083557bf9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Fri, 21 Oct 2022 00:25:43 GMT
Last-Modified
Thu, 25 Aug 2016 19:18:54 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
ETag
0x8D3CD1CA796CF86
Content-Type
image/png
x-ms-request-id
1398c878-901e-0017-35e3-e4c397000000
Cache-Control
public
x-ms-version
2009-09-19
Content-Length
32905
event
event.insticator.com/v1/
0
119 B
XHR
General
Full URL
https://event.insticator.com/v1/event?event_name=event_pageview
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.168.146.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-168-146-216.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Access-Control-Allow-Origin
*
Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-type
application/json

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:44 GMT
access-control-allow-credentials
true
content-length
0
vary
Origin
event
event.insticator.com/v1/ Frame
0
0
Preflight
General
Full URL
https://event.insticator.com/v1/event?event_name=event_pageview
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.168.146.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-168-146-216.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
access-control-allow-origin,content-type
Access-Control-Request-Method
POST
Origin
https://bearinsider.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
access-control-allow-origin,content-type
access-control-allow-methods
POST
access-control-allow-origin
https://bearinsider.com
access-control-max-age
3600
content-length
0
date
Fri, 21 Oct 2022 00:25:44 GMT
vary
Origin
skeleton.js
static.adsafeprotected.com/ Frame 5F03
17 B
465 B
Script
General
Full URL
https://static.adsafeprotected.com/skeleton.js
Requested by
Host: readymoon.com
URL: https://readymoon.com/v2/0/fmthJxi26ay-VFHtt4L3K-DMC--T80uvCjbNKknJY2brdf2yu_wiQMvU6B3njKY3G74
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:9a00:8:48e:53c0:93a1 , United States, ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 15 Feb 2022 13:58:04 GMT
x-amz-version-id
nylqTweorRThFHMBJSrf_fHcWx3KVKN3
via
1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
21378460
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
17
last-modified
Mon, 17 Aug 2020 23:54:35 GMT
server
AmazonS3
etag
"53fab767ecbd3bf07990b10246befbd4"
content-type
application/javascript
cache-control
max-age=315360000
accept-ranges
bytes
x-amz-cf-id
ez_LZc28xjIFTFPNFdS_DVpWQ9Q6b-VGvkYYNKI5arb_xgbbE6tefg==
insticator
insticator.technoratimedia.com/openrtb/bids/ Frame
0
0
Preflight
General
Full URL
https://insticator.technoratimedia.com/openrtb/bids/insticator?src=prebid_prebid_6.29.0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.148.45.191 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://bearinsider.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST, GET, HEAD, OPTIONS
access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:44 GMT
server
nginx
openrtb
ex.ingage.tech/v1/ Frame
0
0
Preflight
General
Full URL
https://ex.ingage.tech/v1/openrtb
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:53d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://bearinsider.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
https://bearinsider.com
access-control-max-age
3600
cf-cache-status
DYNAMIC
cf-ray
75d5db918f5c6939-FRA
content-length
0
date
Fri, 21 Oct 2022 00:25:44 GMT
server
cloudflare
vary
Origin, Access-Control-Request-Headers
fastlane.json
fastlane.rubiconproject.com/a/api/
397 B
853 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=17062&site_id=153530&zone_id=771356%3B771358&size_id=15&rp_schain=1.0,1!insticator.com,9b6bfe8d-37c7-4656-8a1b-496fe96cb5f6,1,,,&rf=https%3A%2F%2Fbearinsider.com%2F&tg_i.pbadslot=bearinsider.com-div-insticator-ad-1%3Bbearinsider.com-div-insticator-ad-2&tk_flint=pbjs_lite_v6.29.0&x_source.tid=1bd4990a-8d9b-4e2e-8ace-da40b5db166b%3Bc7895c17-5851-455f-ac56-4639b8d9e9b6&l_pb_bid_id=2797a5c6d6ded4%3B3f05c48ab984a2&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&p_gpid=bearinsider.com-div-insticator-ad-1%3Bbearinsider.com-div-insticator-ad-2&slots=2&rand=0.22167115496897583
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
2602:803:c004:200::141 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
cf6ed6ab73b7f0e5cf5f593a15fa607a9b1daa3c6fc58fc8c98568e70088adbc

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:43 GMT
Server
nginx/1.21.4
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
https://bearinsider.com
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
397
Expires
Wed, 17 Sep 1975 21:32:10 GMT
insticator
insticator.technoratimedia.com/openrtb/bids/
0
293 B
XHR
General
Full URL
https://insticator.technoratimedia.com/openrtb/bids/insticator?src=prebid_prebid_6.29.0
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.148.45.191 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
via
1.1 varnish
server
nginx
age
0
access-control-allow-methods
POST,GET,HEAD,OPTIONS
x-varnish
511804919
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
arj
insticator-d.openx.net/w/1.0/
73 B
145 B
XHR
General
Full URL
https://insticator-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fbearinsider.com%2F&ch=UTF-8&res=1600x1200x24&ifr=false&tz=0&tws=1600x1200&be=1&bc=hb_pb_3.0.3&dddid=c8fcc474-4a98-4f78-b8a7-2447dbf2273c%2C39343917-acc6-4b55-b432-1cc03f6dc2e5&nocache=1666311943885&pubcid=601adfec-afed-46f8-9c63-bb7470283c16&schain=1.0%2C1!insticator.com%2C9b6bfe8d-37c7-4656-8a1b-496fe96cb5f6%2C1%2C%2C%2C&aus=300x250%7C300x250&divids=div-insticator-ad-1%2Cdiv-insticator-ad-2&aucs=bearinsider.com-div-insticator-ad-1%2Cbearinsider.com-div-insticator-ad-2&auid=545663691%2C545663691
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
df6e47f3dead15c7aee83b385619b44bd4d41cf4012df3e34d5e29f511eac6b0

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:43 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
application/json
p3p
CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin
https://bearinsider.com
cache-control
private, max-age=0, no-cache
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79
expires
Mon, 26 Jul 1997 05:00:00 GMT
c
prebid.a-mo.net/a/
0
276 B
XHR
General
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.85.234 Schiphol, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:43 GMT
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-envoy-upstream-service-time
68
server
envoy
vary
origin, Accept-Encoding
pbjs
htlb.casalemedia.com/openrtb/
37 B
504 B
XHR
General
Full URL
https://htlb.casalemedia.com/openrtb/pbjs?s=579236&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2213d167ede4a0f96%22%2C%22site%22%3A%7B%22page%22%3A%22https%3A%2F%2Fbearinsider.com%2F%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22mfu%22%3A0%2C%22bu%22%3A2%2C%22iu%22%3A0%2C%22nu%22%3A0%2C%22ou%22%3A0%2C%22allu%22%3A2%2C%22ren%22%3Afalse%2C%22version%22%3A%226.29.0%22%2C%22userIds%22%3A%5B%5D%2C%22url%22%3A%22https%3A%2F%2Fbearinsider.com%2F%22%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%221497dbebfb033b4%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22579236%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%22bearinsider.com-div-insticator-ad-1%22%7D%7D%2C%7B%22id%22%3A%22154bc3601afe8af%22%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22format%22%3A%5B%7B%22w%22%3A300%2C%22h%22%3A250%2C%22ext%22%3A%7B%22siteID%22%3A%22579236%22%2C%22sid%22%3A%22300x250%22%7D%7D%5D%7D%2C%22ext%22%3A%7B%22gpid%22%3A%22bearinsider.com-div-insticator-ad-2%22%7D%7D%5D%2C%22at%22%3A1%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22insticator.com%22%2C%22sid%22%3A%229b6bfe8d-37c7-4656-8a1b-496fe96cb5f6%22%2C%22hp%22%3A1%7D%5D%7D%7D%7D%7D
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.18.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0744134e11772193275ccbb074d97b0709fedf96a40cea21a36b5f8912709b0f

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:43 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LbePd0LaCEe4isg5%2F2MGWchbzZDaRg1migY0InlMxYRg9zrVNfyaM5GFkWv1QlwyeZkwl%2FVm%2FiNcT47UhG71xDiDDXUsoIyoROCV5nVQ3I9evWr%2F1jsHLw%2B18wNem80wz59cbKqH"}],"group":"cf-nel","max_age":604800}
content-type
application/json
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache
access-control-allow-credentials
true
cf-ray
75d5db914e77bb73-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
37
expires
0
/
hb.emxdgt.com/
0
158 B
XHR
General
Full URL
https://hb.emxdgt.com/?t=3000&ts=1666311943889&src=pbjs
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.29.149.17 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-29-149-17.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:43 GMT
cache-control
no-cache
access-control-allow-credentials
true
access-control-allow-headers
security, Content-Type
translator
hbopenbid.pubmatic.com/
0
59 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.112 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:43 GMT
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
openrtb
ex.ingage.tech/v1/
2 KB
950 B
XHR
General
Full URL
https://ex.ingage.tech/v1/openrtb
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:53d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e86157053770a3cdeb7a91f2bbd0e933894a401486840d2ffdd6b0fc27fa584

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
gzip
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
cf-ray
75d5db925cecbbf2-FRA
prebid
ib.adnxs.com/ut/v3/
260 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
ed4262d115281bd512c8032e89ff83cfc3ab4b2107786aabff6ca6bcec4561b5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:44 GMT
AN-X-Request-Uuid
31bebaa7-5d5f-48a1-bc96-580f44f2a9cc
Server
nginx/1.21.3
Content-Type
application/json; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://bearinsider.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
260
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
hb
ssc.33across.com/api/v1/
87 B
179 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=atx4xsU7Or6R0PaKlId8sQ
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
aa0e07397fd65980a26cd95fd726b6e7c3b4c8b9ab20af6505124ec2d50d584a

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
hb
ssc.33across.com/api/v1/
87 B
179 B
XHR
General
Full URL
https://ssc.33across.com/api/v1/hb?guid=atx4xsU7Or6R0PaKlId8sQ
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
76.20.149.34.bc.googleusercontent.com
Software
/ 33Across
Resource Hash
aa0e07397fd65980a26cd95fd726b6e7c3b4c8b9ab20af6505124ec2d50d584a

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
gzip
via
1.1 google
x-powered-by
33Across
vary
Accept-Encoding, Origin
content-type
application/json; charset=utf-8
status
200 OK
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
trinity.json
apex.go.sonobi.com/
116 B
612 B
XHR
General
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2232b9626410be883%22%3A%22e2fe15852a9783c23067%7C300x250%7Cgpid%3Dbearinsider.com-div-insticator-ad-1%22%2C%2233ed5a48b1cdb5b%22%3A%22d711d58a776fd95c71db%7C300x250%7Cgpid%3Dbearinsider.com-div-insticator-ad-2%22%7D&ref=https%3A%2F%2Fbearinsider.com%2F&s=dae8f646-f37d-47fa-880b-756d3caddd17&pv=4bd71171-5063-49bd-9066-eaa5cdc124af&vp=desktop&lib_name=prebid&lib_v=6.29.0&us=50&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22insticator.com%22%2C%22sid%22%3A%229b6bfe8d-37c7-4656-8a1b-496fe96cb5f6%22%2C%22hp%22%3A1%2C%22rid%22%3A%22224991c17d6d793%22%7D%5D%7D&coppa=0
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
69.166.1.8 , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
de5fd4268613c2dbf84f78e5c62e6711e45312ca5bff7a6b45058b8527b0a9f1
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
gzip
server
sonobi-go
vary
negotiate,Accept-Encoding
x-go-server
go-iad-2-5-40
content-type
application/json
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache, no-store, private
access-control-allow-credentials
true
tcn
Choice
content-length
141
x-xss-protection
0
expires
Sat, 26 Jul 1997 05:00:00 GMT
authIframe.js
auth.instiengage.com/auth/ Frame 2FFD
65 KB
22 KB
Script
General
Full URL
https://auth.instiengage.com/auth/authIframe.js?v=1
Requested by
Host: auth.instiengage.com
URL: https://auth.instiengage.com/auth/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:b400:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d1d05642e23866a6d7fb1b165615355e7c01fffaf89c61e9c14c0beecb96ae23

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.instiengage.com/auth/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
DA02CsX6dHEbzrJoqcyJ0Fv8305Wfzz_
content-encoding
br
via
1.1 626c544a24a86c6cd608360f520b6d8c.cloudfront.net (CloudFront)
date
Fri, 21 Oct 2022 00:24:50 GMT
last-modified
Wed, 19 Oct 2022 10:48:44 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
age
106
etag
W/"e0bffec4a3929b23d4347f914449f5cb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
cache-control
max-age=300
x-amz-cf-id
WvmC4rYTIr4BaRVDiZKwjMP6iA2uhIS_vRF4zi351OOtNkup5KQL8A==
/
onetag-geo.s-onetag.com/
555 B
962 B
Fetch
General
Full URL
https://onetag-geo.s-onetag.com/
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/42a30fdd-c1da-4d85-ab06-c212412bd9ab/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-112.dus51.r.cloudfront.net
Software
/
Resource Hash
f51938710e179807bbf1be9a1e9d7e3441fa74e7dfe9f46841914fb12ca7de3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
via
1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront), 1.1 ed18d8ae19db26837eda53bbf8f03c08.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6, DUS51-P1
x-amzn-requestid
d19f2dbc-681b-4415-a92a-beb5935a57c7
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-apigw-id
aVEJSGBUiYcF1JA=
content-length
555
x-amz-cf-id
LxuchG1n_xjIF-r0644UCqpcbwBoHAd3UD0ZD2OXv5p_mBVXkyb62A==
beacon.min.js
signal-beacon.s-onetag.com/
20 KB
7 KB
Script
General
Full URL
https://signal-beacon.s-onetag.com/beacon.min.js
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/42a30fdd-c1da-4d85-ab06-c212412bd9ab/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.89.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-89-74.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
93975ae1d8cef7cb7a8c05ef392abe1b4d080b570b19cab279a208afe7d36cf9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
SQDb2i9Q5YZSPn9JZMj9axyuCi9GAOZD
content-encoding
gzip
via
1.1 1b73451818d2dd47a574604c0b84f692.cloudfront.net (CloudFront)
date
Thu, 20 Oct 2022 01:04:55 GMT
last-modified
Wed, 10 Aug 2022 09:56:11 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
age
84049
x-amz-server-side-encryption
AES256
etag
W/"588a5c88fba4ca02dace48040384e257"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=86400
x-amz-cf-id
j67E7NwJqlginHQLtUjoT6Ph3X4twCaRsCZn1KE-kWfTCQ8IGUVh8A==
%2F
signal-segments.s-onetag.com/desktop/bearinsider.com/
1 KB
574 B
Fetch
General
Full URL
https://signal-segments.s-onetag.com/desktop/bearinsider.com/%2F
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/42a30fdd-c1da-4d85-ab06-c212412bd9ab/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-63.fra60.r.cloudfront.net
Software
/
Resource Hash
4842db5c889237898bf23769933570b1785aa50d7284a953cd2e3b58820ec485

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:56:16 GMT
content-encoding
gzip
via
1.1 b3fce8903671f8346e7a6a138d2d4610.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
age
19767
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400, public
x-amz-cf-id
25iqRGD6_srW0OWFVySOO3E0qwmOomMOfGHPWA-XeaoPdE8uFjiChw==
apigw-requestid
aUT4mionCYcEQFg=
bearinsider.com
signal-segments.s-onetag.com/desktop/
1 KB
574 B
Fetch
General
Full URL
https://signal-segments.s-onetag.com/desktop/bearinsider.com
Requested by
Host: get.s-onetag.com
URL: https://get.s-onetag.com/42a30fdd-c1da-4d85-ab06-c212412bd9ab/tag.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.121.63 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-121-63.fra60.r.cloudfront.net
Software
/
Resource Hash
5ba60f8e2a5f07c6c9eeea935fe824513ffd63ce10b432856a15acae2c36d41a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:09:36 GMT
content-encoding
gzip
via
1.1 b3fce8903671f8346e7a6a138d2d4610.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P1
age
22567
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400, public
x-amz-cf-id
UEbpJAaRqLPW6D-a6aZwsLOPUIk35-iKSs54yYoyt-j1BfKQL6chdQ==
apigw-requestid
aUNDGiB2iYcEJ-w=
/
www.facebook.com/tr/
0
18 B
Image
General
Full URL
https://www.facebook.com/tr/?id=264791790811051&ev=Microdata&dl=https%3A%2F%2Fbearinsider.com%2F&rl=&if=false&ts=1666311943963&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Bear%20Insider%20-%20Cal%20Football%2C%20Recruiting%2C%20News%20%26%20Forums%22%2C%22meta%3Adescription%22%3A%22Cal%20Bears%20football%2C%20athletics%20and%20recruiting%20news%2C%20insider%20videos%2C%20analysis%2C%20and%20forums%20on%20Bear%20Insider%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Bear%20Insider%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.87&r=stable&ec=1&o=30&fbp=fb.1.1666311943415.1265420642&it=1666311943300&coo=false&es=automatic&tm=3&exp=a1&rqm=GET
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 21 Oct 2022 00:25:43 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
/
onetag-geo.s-onetag.com/
555 B
960 B
Fetch
General
Full URL
https://onetag-geo.s-onetag.com/
Requested by
Host: signal-beacon.s-onetag.com
URL: https://signal-beacon.s-onetag.com/beacon.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.112 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-112.dus51.r.cloudfront.net
Software
/
Resource Hash
f51938710e179807bbf1be9a1e9d7e3441fa74e7dfe9f46841914fb12ca7de3c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
via
1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront), 1.1 ed18d8ae19db26837eda53bbf8f03c08.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6, DUS51-P1
x-amzn-requestid
d19f2dbc-681b-4415-a92a-beb5935a57c7
x-cache
Hit from cloudfront
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=86400
x-amz-apigw-id
aVEJSGBUiYcF1JA=
content-length
555
x-amz-cf-id
0jVPfcqAnP9V-hRGLirvkLD7rAlN7AlL7qHoUbKoWEYggr9fCvxDiQ==
v2cvcCV7ZA-IkgqXBPm7jMAv8mml2nOVF7Fal8UFqIvL7ciMRdGeEiI8sZ-hBlu9sDRq-9WBV
lumpylumber.com/ Frame 5F03
173 B
200 B
Fetch
General
Full URL
https://lumpylumber.com/v2cvcCV7ZA-IkgqXBPm7jMAv8mml2nOVF7Fal8UFqIvL7ciMRdGeEiI8sZ-hBlu9sDRq-9WBV
Requested by
Host: readymoon.com
URL: https://readymoon.com/v2/0/fmthJxi26ay-VFHtt4L3K-DMC--T80uvCjbNKknJY2brdf2yu_wiQMvU6B3njKY3G74
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:d733::1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
b0eb580782e34b6d65bca1d034c8791c3df2164963b3259af441a0289bb4f3bd
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
date
Fri, 21 Oct 2022 00:25:44 GMT
via
1.1 google
x-buildnumber
661392823
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
173
x-datacenter
gce-europe-west1
x-buildname
hoothoot
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://bearinsider.com
x-hostname
fen-hoothoot-europe-west1-spot-9csr
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires
Fri, 21 Oct 2022 00:25:43 GMT
v2uwsPwiXM7jjSLJgC6akBorBMR0fyEBoIwoaTDj7HRJ-pGZd_-lUg44ktcvm3yg70NA8SYNq
lumpylumber.com/ Frame 5F03
3 B
27 B
Fetch
General
Full URL
https://lumpylumber.com/v2uwsPwiXM7jjSLJgC6akBorBMR0fyEBoIwoaTDj7HRJ-pGZd_-lUg44ktcvm3yg70NA8SYNq
Requested by
Host: readymoon.com
URL: https://readymoon.com/v2/0/fmthJxi26ay-VFHtt4L3K-DMC--T80uvCjbNKknJY2brdf2yu_wiQMvU6B3njKY3G74
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2600:1901:0:d733::1 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; preload

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=15724800; preload
date
Fri, 21 Oct 2022 00:25:44 GMT
via
1.1 google
x-buildnumber
661392823
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
x-datacenter
gce-europe-west1
x-buildname
hoothoot
vary
Accept-Encoding, Origin
access-control-allow-methods
POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://bearinsider.com
x-hostname
fen-hoothoot-europe-west1-spot-9csr
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
integrator.js
adservice.google.de/adsid/
107 B
792 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=bearinsider.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=bearinsider.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
16 KB
8 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3397757246618958&correlator=2093235031277827&eid=31068457%2C31068500%2C31069596%2C31069682&output=ldjh&gdfp_req=1&vrg=2022101701&ptt=17&impl=fifs&iu_parts=170737076%2Cspg_default%2Cbearinsider%2C008_desktop_970x90&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=970x90%7C728x90&ifi=1&adks=3432910516&sfv=1-0-38&prev_scp=adLocation%3Datf%26didnaRef%3Ddiv-gad-home-mid%26didna_vis%3Dtrue%26didna_refr%3Dfalse&eri=1&cust_params=url%3D%252F%26sub%3Dnone%26pub%3Dbearinsider.com%26path%3D%252F%26didna_version%3D4%26ip%3D0%26he%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1666311944522&lmt=1666311944&dlt=1666311940633&idt=2496&adxs=315&adys=1176&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fbearinsider.com%2F&frm=20&vis=1&psz=980x0&msz=980x0&fws=0&ohw=0&ga_vid=1410227624.1666311945&ga_sid=1666311945&ga_hid=412033631&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
96317c3e5a0698390f1e2fe74dbc1bb40bd08aa635d3308f50426070494ca840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8545
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame BAC5
6 KB
4 KB
Document
General
Full URL
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 21 Oct 2022 00:25:44 GMT
expires
Sat, 21 Oct 2023 00:25:44 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
15 KB
8 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3397757246618958&correlator=2021335607391299&eid=31068457%2C31068500%2C31069596%2C31069682&output=ldjh&gdfp_req=1&vrg=2022101701&ptt=17&impl=fifs&iu_parts=170737076%2Cspg_default%2Cbearinsider%2C008_desktop_home_970x90_1&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=970x90%7C728x90&ifi=2&adks=1431258259&sfv=1-0-38&prev_scp=adLocation%3Datf%26didnaRef%3Ddiv-gad-LeaderboardTop2%26didna_vis%3Dtrue%26didna_refr%3Dfalse&eri=1&cust_params=url%3D%252F%26sub%3Dnone%26pub%3Dbearinsider.com%26path%3D%252F%26didna_version%3D4%26ip%3D0%26he%3D0&sc=1&cookie_enabled=1&abxe=1&dt=1666311944533&lmt=1666311944&dlt=1666311940633&idt=2496&adxs=315&adys=170&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=2&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fbearinsider.com%2F&frm=20&vis=1&psz=1600x110&msz=1600x90&fws=0&ohw=0&ga_vid=1410227624.1666311945&ga_sid=1666311945&ga_hid=412033631&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
bf0ab891701cb42a0ba7e19199ace3d4d39935dd61ed4bdc1e9b80c531ecc6d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8281
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
event
event.insticator.com/v1/ Frame
0
0
Preflight
General
Full URL
https://event.insticator.com/v1/event?event_name=event_adunit-load
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.168.146.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-168-146-216.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://bearinsider.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://bearinsider.com
access-control-max-age
3600
content-length
0
date
Fri, 21 Oct 2022 00:25:44 GMT
vary
Origin
event
event.insticator.com/v1/
0
119 B
XHR
General
Full URL
https://event.insticator.com/v1/event?event_name=event_adunit-load
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.168.146.216 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-168-146-216.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-type
application/json

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:44 GMT
access-control-allow-credentials
true
content-length
0
vary
Origin
ads
securepubads.g.doubleclick.net/gampad/
15 KB
8 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3397757246618958&correlator=2205060481245195&eid=31068457%2C31068500%2C31069596%2C31069682&output=ldjh&gdfp_req=1&vrg=2022101701&ptt=17&impl=fifs&iu_parts=2507246%3A22611285429%2Cbearinsider.com_Web_300x250_1&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=3&adks=3516602402&sfv=1-0-38&prev_scp=h%3D0%26shb%3D1%26tg%3D0%26p%3DBTF%26at%3D1%26hostname%3Dbearinsider.com%26consent%3D0%26Exclude_Adx%3DN%26ib%3Dnofill%26iba%3D0%26iaid%3Dnofill%26it%3Dil&eri=1&cust_params=url%3D%252F%26sub%3Dnone%26pub%3Dbearinsider.com%26path%3D%252F%26didna_version%3D4%26ip%3D0%26he%3D0&ppid=601adfec-afed-46f8-9c63-bb7470283c16&sc=1&cookie_enabled=1&abxe=1&dt=1666311944556&lmt=1666311944&dlt=1666311940633&idt=2496&adxs=1008&adys=1789&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1&ucis=3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fbearinsider.com%2F&frm=20&vis=1&psz=300x560&msz=336x-1&fws=0&ohw=0&ga_vid=1410227624.1666311945&ga_sid=1666311945&ga_hid=412033631&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6d6a71cd1ad104144bf6fb5a531a9a0fe1cdebb3914038f1f56835afec0e3f20
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8070
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
securepubads.g.doubleclick.net/gampad/
12 KB
6 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3397757246618958&correlator=434975375379184&eid=31068457%2C31068500%2C31069596%2C31069682&output=ldjh&gdfp_req=1&vrg=2022101701&ptt=17&impl=fifs&iu_parts=2507246%3A22611285429%2Cbearinsider.com_Web_300x250_2&enc_prev_ius=%2F0%2F1&prev_iu_szs=300x250&ifi=4&adks=2209494886&sfv=1-0-38&prev_scp=h%3D0%26shb%3D1%26tg%3D0%26p%3DBTF%26at%3D1%26hostname%3Dbearinsider.com%26consent%3D0%26Exclude_Adx%3DN%26ib%3Dnofill%26iba%3D0%26iaid%3Dnofill%26it%3Dil&eri=1&cust_params=url%3D%252F%26sub%3Dnone%26pub%3Dbearinsider.com%26path%3D%252F%26didna_version%3D4%26ip%3D0%26he%3D0&ppid=601adfec-afed-46f8-9c63-bb7470283c16&sc=1&cookie_enabled=1&abxe=1&dt=1666311944557&lmt=1666311944&dlt=1666311940633&idt=2496&adxs=1008&adys=2069&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=2&ucis=4&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fbearinsider.com%2F&frm=20&vis=1&psz=300x560&msz=336x-1&fws=0&ohw=0&ga_vid=1410227624.1666311945&ga_sid=1666311945&ga_hid=412033631&ga_fc=false
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
038e7bcb2f6e10a1f4a8242a8b4d897bd0d3d41b7d296f71d54b400cb8590721
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6617
x-xss-protection
0
google-lineitem-id
-1
pragma
no-cache
server
cafe
google-creative-id
-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/getconfig/
14 KB
11 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022101701&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ebf9a68ed65b588ec9397c2bda9d79b1f5bf9e9ea0c34b4eaac0e927002362bf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11164
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 21 Oct 2022 00:25:44 GMT
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame F0B4
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
10320
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
5046
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Thu, 20 Oct 2022 21:33:44 GMT
expires
Fri, 20 Oct 2023 21:33:44 GMT
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 1D08
783 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
adaf48219ee42efaf48879b7ef083b6c3664ed8a84aba080065bb37b446e0b14
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-tR6Iq_ixB_RQFcA5IeiRmg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private, max-age=300
content-encoding
gzip
content-length
512
content-security-policy
script-src 'report-sample' 'nonce-tR6Iq_ixB_RQFcA5IeiRmg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 21 Oct 2022 00:25:44 GMT
expires
Fri, 21 Oct 2022 00:25:44 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
esp.js
oa.openxcdn.net/
24 KB
8 KB
Script
General
Full URL
https://oa.openxcdn.net/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
192.146.102.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Mon, 26 Sep 2022 06:12:03 GMT
content-encoding
gzip
age
2139221
x-guploader-uploadid
ADPycdtsBW-FzsWHAQaItyzFwhb0bDt4kAKIPEdjeQOXugqU_jJk1iFTlnrGyDWZwy83905ZOzsqiMWEhSaQffaNYDaPdQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7927
last-modified
Thu, 27 May 2021 18:30:51 GMT
server
UploadServer
etag
"df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation
1622140251693895
x-goog-hash
crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type
application/javascript
cache-control
no-transform
x-goog-stored-content-length
7927
accept-ranges
bytes
expires
Tue, 26 Sep 2023 06:12:03 GMT
publishertag.ids.js
static.criteo.net/js/ld/
39 KB
13 KB
Script
General
Full URL
https://static.criteo.net/js/ld/publishertag.ids.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
d43a78c0afdaab62e85c43f804e0f994d57679d9a959a40686498c5ef6b4e6e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; preload;
last-modified
Sat, 01 Oct 2022 02:55:29 GMT
server
nginx
etag
W/"6337ac21-9c1f"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Sat, 22 Oct 2022 00:25:44 GMT
pubcid.min.js
id.sharedid.org/lib/
732 B
904 B
Script
General
Full URL
https://id.sharedid.org/lib/pubcid.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.36.23.219 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-36-23-219.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
cache-control
public, max-age=86400
last-modified
Thu, 20 Oct 2022 22:27:35 GMT
accept-ranges
bytes
content-length
732
vary
accept-encoding
content-type
application/javascript
esp.js
cdn.id5-sync.com/api/1.0/
57 KB
17 KB
Script
General
Full URL
https://cdn.id5-sync.com/api/1.0/esp.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9608ec4ea86f70691860daf1b477654e08357662b2fdc33568a376b0fcbdf5c
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:44 GMT
strict-transport-security
max-age=15552000; includeSubDomains; preload
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 22 Sep 2022 13:13:44 GMT
server
cloudflare
x-amz-request-id
ZXJVZG0471XD28Q9
age
708
etag
W/"52bb09fbb0a7c9360d68135b7668a1d7"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
cache-control
public, max-age=3600
cf-ray
75d5db974eddbbeb-FRA
x-amz-id-2
nT2szHlpTv9NWAYgaP0OCrKxQ38uGaWAktJkqLDuD8VR25hl3J9KrAbtD36GHs/SLUgoeJgZIio=
encrypted-tag-g.js
invstatic101.creativecdn.com/encrypted-signals/
1 KB
2 KB
Script
General
Full URL
https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
87.70.96.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:02:11 GMT
via
1.1 google
age
1413
x-guploader-uploadid
ADPycdsE2xrFBaruvNHno8dehbS4XI1Wenst8oNlE26ZCfUahuul1jg-y-fIYr1Jip_QxxLlRLC_uBmIyNIXcCcvAhEq9mGlaXws
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1258
last-modified
Fri, 29 Jul 2022 16:55:09 GMT
server
UploadServer
etag
"f5bc066f146e3dbb049aa6c86c7012e6"
x-goog-generation
1659113709880056
x-goog-hash
crc32c=6QojvA==, md5=9bwGbxRuPbsEmqbIbHAS5g==
content-type
text/javascript
cache-control
public, max-age=3600
x-goog-stored-content-length
1258
accept-ranges
bytes
expires
Fri, 21 Oct 2022 01:02:11 GMT
sync.min.js
tags.crwdcntrl.net/lt/c/16589/
29 KB
9 KB
Script
General
Full URL
https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-88.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
094b946adc39ade08f6d927ea066c8fef3ba6ee5c12919873172315ef7428e92

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 05:16:24 GMT
content-encoding
gzip
via
1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront)
last-modified
Tue, 19 Jul 2022 18:12:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P2
age
68961
etag
W/"2fa1275c04d6208db458c1ec8559f92d"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age: 86400
x-amz-cf-id
9v_ivjIr4SQ52s4U4-kDDAw3JA7IvRboOMJyeaMKHoAFGQ-OFG_z_Q==
uid2-sdk-0.0.1b.js
prod.uidapi.com/static/js/
4 KB
5 KB
Script
General
Full URL
https://prod.uidapi.com/static/js/uid2-sdk-0.0.1b.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.139.232.239 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-139-232-239.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
2a79d9d59e4c07752c78abc5f0243cecb939729e0728f347671fcd3a219e9b3f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
cache-control
public, max-age=86400
last-modified
Tue, 17 May 2022 17:30:07 GMT
accept-ranges
bytes
content-length
4559
vary
accept-encoding
content-type
application/javascript
container.html
4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A9BA
6 KB
3 KB
Document
General
Full URL
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202210171204/wrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 21 Oct 2022 00:25:44 GMT
expires
Sat, 21 Oct 2023 00:25:44 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
pagead2.googlesyndication.com/bg/ Frame F0B4
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba8af0d50d79678d5e9e6e68935c23511ff6ae811c880f6b0815855e696b023e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 18:38:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107262
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15900
x-xss-protection
0
last-modified
Tue, 18 Oct 2022 15:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 19 Oct 2023 18:38:02 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 1D08
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022101701&jk=3397757246618958&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

map
bcp.crwdcntrl.net/6/
20 B
308 B
XHR
General
Full URL
https://bcp.crwdcntrl.net/6/map
Requested by
Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.215.122.206 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-215-122-206.eu-west-1.compute.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

expires
0
pragma
no-cache
date
Fri, 21 Oct 2022 00:25:44 GMT
server
Jetty(9.4.38.v20210224)
content-type
application/json;charset=utf-8
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache
x-server
10.45.26.153
access-control-allow-credentials
true
content-length
20
x-consent
absent
increment
id5-sync.com/api/esp/
0
324 B
XHR
General
Full URL
https://id5-sync.com/api/esp/increment?counter=no-config
Requested by
Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216658.ip-141-95-98.eu
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:44 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
container.html
4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2F88
6 KB
3 KB
Document
General
Full URL
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202210171204/wrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 21 Oct 2022 00:25:44 GMT
expires
Sat, 21 Oct 2023 00:25:44 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame 7C0A
624 B
976 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPXmGRCTqoQCGPDzudMBMAE&v=APEucNUxgfRi7_GOb1bfaJlBIhcmh9oaYmvpzGsnA5Ichky4sq-DR4z9PvGuvauX9IzhV_lOrdQwxrb-59Au-7yGzAq4ZEbrZYsTXYnnxA-0WB9KbithNlSnlFeGpExBzrEIigHWJH_kfIEp1A5Ptg_HJy-7IYI1XNnHAawjswOItw3P1CFm6Ks
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 21 Oct 2022 00:25:45 GMT
expires
Fri, 21 Oct 2022 00:25:45 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame A9BA
79 KB
34 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-De5AbOm4UaFZCo3svTDHvILDhaY6bMCIz7UwJy4lL-kaJZf9ICW162XOR1rgjiXLEMZWrW2e56wP5sTma4njDVEnMIUA&cry=1&dbm_d=AKAmf-BIVvBEe-dQADitcksZidKDVH85A3sncXsrGIn2X6OmGg9-a5VBxrwAyHz38jmg8fWso7BZ9WThk7lmUqV--qqy9Xy2Ngd-h-OO8IfNoG08MEl_FXE4qh2AI0ZFduQj-LpBDH6gaP__oxy2T9VSSLdVQ9by-Ka0qIfkhxBaEdDAFNb7FoXeZqGv85wFCAJVUPM16zIqy2uZMHT3E6RZrPW7m4qiLkWGhFVkIyeMcny7mTU-ekg7vjL1o56MakEwNDmcm5_NOUN05j-ZVj-YXBpVXMsgVduYKYaQTROcwQJDmG8LydmAGNwGJJAiXkEArU0X3NGy7yTvbk0Il-PwJfVr8tZLFsp3MLov3bcdMPZvxiYQwZVbGWUuZGaqmmGGpRDyW3gwQZT9sr6c1kfwcHCPY6_-6VX47JUQf06eetguM-hn5_SaLt51iUX1TH844LrfRAOXe0Gspgruz3yz3tT9M0CTWnhjeJ_cYd9ZrIXswoiFpY17-qLXn8llynxtbBQKO0_R7QS3bha0M3bb9IYF_PISfGwJS6LfK6SHktuvpUpcRljLo-ObZMuhOpXXGmdWRKTXrhAl2S3YR_zNGH8qKvxJe68n_N7BkOnoIch4hpQiibSpC3PrOa0M1Jnsl14xfGwaPyxk7kllD4pp9BobMXLUq6K_wms344aUOPVFTHNBSbAEWKsy3Xwiz2kYqsnUC5AFy_3pKwC7Btk1mdPM9OcxgiaHvs2kSJgou6lxBz0Sn_zCo70N8arbdxj6PL7GTN0UIalai7Sx7lmOMUxumsPjwSf76efCmxpxt-fztKYQwtQOoIvYp7YCd2AkEiom0lBMQpF3tjmr2Srq67za26kV732RKc8R3ZiODDdQ9k_F6Jlb_DEN5StPlljmGdJRV5fptLWOhnFaJNLJ3gyALIYFN4qp4uWjFn2dC8G3yny7rReIPlPL3sVa4NWh4BZuteHxccO5LZ4eAtVLk3Xn-2B-zvEc1dIk4QhPoTQ82wzyOS6tYtXpkkWmye_aV6I8lACDW2c9wQ5gMV82qZz_qexRki6g8RaNRHgLpqWNSKaaSBs1QTcaZidgdphubArzSbPF4vRxSEjMwTwaEly9B-7D8_pQOoFREho_9t1ScgD1axhlyqgkuw-tQh0JKSs2kjQ-Q9hJTPbjTj_7R6mwTvl21dj43FO5QaORMhq-oRzFSm1xhXOnWh1sqIXf9mciA6Yr1mJcsqnle8nx3qc9546bIESqwSxu08b3BGyIZz6MAnKD4yXx1SKZclIiRfjpICyI0LTKejCReWDlF3yXnIqOCtPqlK-T8OBK2XzWSfOkgeV8ADLOqQxiZuFEfAF7arhVkuZB5gwppyRTCyjo1zkpQEw8yCCQ7Wapanb_u65fJMI8aeVVP8c_eDeCN77FNDbker3XBQPXG1au6ycZ6l_MH6pVcv72Qa0Er7khHt0JU5OlBHRdvnT3xPwOT-EKtRUS6r07fWMMowUjbR6jb1q_QOfFt2Mekb7pGvhoBOKqOqGXMadN3OkIPnSqiYfk3wXQpZMl4UbUeW5kpI8tfpv-8gi72LeWPkSjKHNFZwZZewz_-cO0T7iFsoPVjbOYo7goLLY-2sePFOcBL2XoWmJIkrvEjWGTbctGC8M4hDGZNaEAGkx6BDyWnzr8mn-gspuKE_vCMBA_aWRXaP0Z4ir0OBjcTh8YDGTnAnBm-qvYBeN_4sPmwtPFK3TVfu-faN85YfN2P744ODpxQELXPgjxZ4GpXEcjpvO3GgRcV5G0b8agmCO9a2Opffw0ErIABVcHWVcPS4udikrFTqbXslmYdQYBxhXJL6GJkZYOKtXw60eqprazsXcTf9-Ke5QxWFPj-FeGAfFqe8v28vb937bBGQp8qDMqVNGg3Uwn3C87F_LzCCQBw65jaIzF4gRpSICjExNsQBqBzVVXhHTsLcDXPeKvyGNY1wqrHs8D4xxrt10MhXSB5WSb4A6Ce-EDsk6S5qy5dHUWCCTc8Z0p7_xvTfgCmSD8RHnXM0V0xvQSnFnYkDJjyg4xd2HTOc-ofjASkyA5tLsi-bn0O6PBH2-GUxlYHeOD0-N6NKCYdZ-jkjfXxdOjUF9xsxSAvJfGc7DLt1qDzLSlDeWwOzkBvY-0Ao4CtOx-4SKGtXgOC0nZ--H1JOpwN1yCdZrK19DXk4T5S85QxnzjKHmP1yr2QgVMuYpxwdAR9lkCgisltvI68Tj5Ut3tnH1zAYl-mLQFHD5lN3RaMKQovORgP2JJrC8zVVyxd-i-XzgaqIL3WuXL973PlT2iANcmOswS3poIncRFZXkG9Tmub93b9yrICWT_i564HCDmLsgFUT5aO8-NWWdlKsNpHMJYWpL6KHxdO2810VLIv8SVE1H8X2gc2VArlO5-_Ie2Xjlojvk0tVWf4DDhS6-koTcqCq_Lbe37wtanECTYVrl7CPSyZbnfHMuQgBndejO28YRiWFhDzGIRTyfn5SUkWqOf9tUw0utcs2Jsqxy3397VbkIYVpsjbGp-AiieyN1RzSyn6t6wBm0thj6ptD_2bvyoiMKiQbaFcaGAEXrGboCSrvqoeKlLmV6eTO4MgYApOjbqnQ_A7k_8WwXDDIMMX1vuDvRsYXDy6DTLWvwBQEB9n-feQiWRRroowDTdbc1tFG8zVZKRbhyWH2ldSqZb3y_CQG2zPL_cy_TUJawr7ZxnjXMIXqXgC5AOkounQU2dzrOxn9bAKJeovnk2DAbWxwX3RQgv1nHpcux3ojuwODa9-hTGNv_VUARwZ9mXZJ-J-tCU1OhN_OCyZBdK6ecTiB-o7i_GKiCGvD9jgkyO-f3bhVlHHFFPEhaIdm72GhhBS1h79wGFZggowF1q7KRUG_70dmpjJ26yZehWHsAAlGkkLaOHt9xRKU9u5vq_UPOQj0pF-CgKp1QmaYnkaRcuQZtsEt_BcN7gryqfZ5ReIGpLzPZSMijZJRa0P0U86H1bIhZihndeY5eZzzLeO4-U5spuH4C8xHtiap0JJkl-xFoSbjon7BNcCUbcxqlDfPWSwwYox7BRUwVX5Q0Y8_9THTGiVSpfAT5qrB7IgUSdsWhBaQkUPNGO8r5heUYbvGiXmgBMxkMIE0_7MbdB6br7jmOOSRS-F_0ohOji_PQ56hscgTaEWWHjVGbs8IHtiOfKIyVjce2MKFBMuTQ&cid=CAQSPwDq26N9IJPS-mfHTgv5V8QqX_3BT7o-oFbwHsD8eXHkuUXwHMBC4_LcdS2vHRfLlPJ1ECxhZnaZgzxFH3tTkBgBIA4&rfl=1%2Chttps%253A%252F%252Fbearinsider.com%252F%240
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9258fdbb0135cef979e81e6a201a9712e44e850066949151b923bbb0e40c3db1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:44 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33986
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame A9BA
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Bg7pVNpUWHIz1nSj8ZATv-acyAfvL2FjJL-4OpukY4jbkB81duMnP9jHuu4NDnWCJCm1ymnG7-6hcRxISo6mAklwU1K-mRoOLeDcZc8CXs12c6anA
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:44 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/ Frame A9BA
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/window_focus_fy2021.js
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:34:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21084
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 18:34:20 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/ Frame A9BA
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:34:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21085
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7569
x-xss-protection
0
server
cafe
etag
4237063375490391177
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 18:34:19 GMT
l
www.google.com/ads/measurement/ Frame A9BA
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaTUSyJcTPUoyqIzEWZXUiz7CXAFT5oAglqb8P72frc6KeHqR66wiYAFbjLz85-gHlFQ5krymEghztwE7Fv5zPU6AVIAmA
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame A9BA
152 KB
46 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66acb48e5d896c024b5ce7003d0375794e4a6603e8454e902ea448db160884d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47476
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1666179788250400"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 21 Oct 2022 00:25:45 GMT
pixel
protected-by.clarium.io/ Frame A9BA
68 B
345 B
Image
General
Full URL
https://protected-by.clarium.io/pixel?tag=wt_TWJaVFFTNDk2RUI0U2QyN0lMVTRyYkhYbko4LzIxNTQ3NjU3NjE6NzI4eDkw&v=5&s=v31gfrusunj&id=eyJkZnAiOnsiYWQiOjQ0MDI0NTQwNjUsImMiOm51bGwsImwiOjAsIm8iOjIxNTQ3NjU3NjEsIkEiOiIvMTcwNzM3MDc2L3NwZ19kZWZhdWx0L2JlYXJpbnNpZGVyLzAwOF9kZXNrdG9wX2hvbWVfOTcweDkwXzEiLCJ5IjozOTEwODAsImNvIjowLCJzIjoiZGl2LWdhZC1MZWFkZXJib2FyZFRvcDIifSwidHBfY3JpZCI6bnVsbH0%3D&sb=undefined&cb=4128343&h=bearinsider.com&d=eyJ3aCI6IlRXSmFWRkZUTkRrMlJVSTBVMlF5TjBsTVZUUnlZa2hZYmtvNEx6SXhOVFEzTmpVM05qRTZOekk0ZURrdyIsIndkIjp7Im8iOjIxNTQ3NjU3NjEsInciOiI3MjgiLCJoIjoiOTAifSwid3IiOjJ9
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.79.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-79-34.eu-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:45 GMT
Server
nginx/1.14.0 (Ubuntu)
Content-Type
image/png
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
68
Expires
Sat, 26 Jul 1997 05:00:00 GMT
container.html
4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8F17
6 KB
3 KB
Document
General
Full URL
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202210171204/wrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 21 Oct 2022 00:25:44 GMT
expires
Sat, 21 Oct 2023 00:25:44 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
esp
oajs.openx.net/
Redirect Chain
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fbearinsider.com%2F&rid=esp
  • https://oajs.openx.net/esp?url=https%3A%2F%2Fbearinsider.com%2F&rid=esp&cc=1
85 B
103 B
Fetch
General
Full URL
https://oajs.openx.net/esp?url=https%3A%2F%2Fbearinsider.com%2F&rid=esp&cc=1
Protocol
H3
Server
34.120.107.143 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
143.107.120.34.bc.googleusercontent.com
Software
/ Express
Resource Hash
6db70efc22ebe658e7f7201546ed259b8408fc8238603d9a994f70e55a86a9f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
via
1.1 google
x-powered-by
Express
etag
W/"55-vrzdOhjCLtDsafnh4NcQIzzzX7M"
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85

Redirect headers

date
Fri, 21 Oct 2022 00:25:45 GMT
via
1.1 google
x-powered-by
Express
vary
Origin
access-control-allow-origin
https://bearinsider.com
location
/esp?url=https%3A%2F%2Fbearinsider.com%2F&rid=esp&cc=1
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
syncframe
gum.criteo.com/ Frame E65A
15 KB
6 KB
Document
General
Full URL
https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=bearinsider.com
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private, max-age=3600
content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 21 Oct 2022 00:25:44 GMT
server
Kestrel
server-processing-duration-in-ticks
926557
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
pixel
googleads.g.doubleclick.net/xbbe/ Frame DC23
624 B
297 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjCz-fJATAB&v=APEucNWCYTb8tATOKTFkhjkD8I0NnqUnhTDRRtZlMgaTv_v8xYaJ9KPa_ZIurTkMUyRl4qou_UkTxCuG9b8Lrnt1pwNver8DSOuSTSd2FYnOsU4zZlQQxXpJIDG7wHdaP69nPQGAVS931zj-EyEOe507Ejr2F64HojgCofk8POET8M3aT37i3Pg
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
276
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 21 Oct 2022 00:25:45 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 2F88
104 KB
36 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DGdmRdU50R_RTwRpirplpoX8Su0yBYXEIYXEAU9uBx4yII32pXpFBPgXgSfBy01dWr_pnLTjik3cOFlcd9Nje6vkzHvgrbUO_vYBliRvH1YzbF7g27biy-vCtH9vJZ27z5pceDEK_IKjhZR4Djf5T_0omel8UdxfeSiFCIFtrRCmNgUJ8&dbm_d=AKAmf-DJX_0dhXE_qA151njby6JvmzM5TKs7jBrspNrGNDdKKXOci-Nn84sILTK3PqF0rouq4W8fN6RxwK-dMtHYhPSLVgVEdsHTQ-4bmlPyyqhUtgrHy-Qbfbz5vRKzWMjrJ_x-hsUm2ZWSSTbmOhTD0qeLce9ediye--TUDK3Q86p540nnx9dGzMYpzsTqaM0fin-F8eLHKGiWuELy8AOhYHJPdR9h6I_4D_MhdHs9LcrongKRNL4s55s1Zs08bPzv44SifUBGRtIYFGRHv68WrJKKv3AIhayTl7n2olEIxjPZfYAXWajUTZpvOu7Mqq6An5PJI9ewnm-Xfz2FvJ0WfnMDcNAzJ4_gfL19NW-PyZgZQOP8kirpW6Nlx3z5C9JcWaZQzQ040JIgX9_FnINkpSnpXo84gbkX826u1BhR0j9WfpgrIHoSvNMtUJCfkINZH919viwWOgp5oGwI1zBx430_zE2CauZp4jWzdE9A5yh4r13X8XkZOeFkWHqah7N_knCl2TdfuhTQAU3JrLNGRKMh1P_icY9xeDw4qM5j4WswtW9qrR-WkfgnhyX_YVsbWzTNkEYIbuRyzb1YCZKe2uOt0d_uPudkjnYUR0XAf2g8hgCONG9ZhXFtOmL-NnLVwv_Cu_U31dzhKD1kFL17N-TcwY3s5GiueTCqB3Psr2EdomdJQ41QfbKSMMgl81Ig-MkyFX6UzdaxW1c1zAdkZi0W90PRqFwpMO5CozQph5T5JyAzlexoha0uP-gO14Yl_asUEn_QI-YuCsdL3ER6o99svftcdhgbIRaSfggNJ1ro7rV_zbfSiuoioPmB3HD67K4V0xnoMzUC9TPFmH-XF3QORTeipNGTxSba4gJQZEUXYTdq8qsrwREGtts9lLeYMkm3F_g70SrSIGaiE3aeFwwQh_gpbrHFMcnbBeCH_hjMI63qyI1eHld78ceeo-Kd6fh4cV4_NCmdKgx6RhbLIjVF4aSa91xjhH8rYPIdzih6siqt0LlLt23JBs9cPOTU8jNM8r14bM0nUajalYjOTRGNfU__WZWo6ZRqtcOHXU8-k07Bli-ix8Qrdqh2RXPWoMPlpH0tXpXVEeDdJMrq_9fNhKY9N7LAR_avxU18pF76Id1lrBc4_zug76JZCAvenO5ywlk6UtGloPPYXqigDqYwzoJYhpzoZ-BFu6oWLFbjqeaVG65Z0Sp9nhVgFFFadqUAGfo3SLCBYTPg7FfCa9G9TbDj1zt8BloYl-dPSLanGGKNG_Z0lr5hK5QMSLqHDNdWqotZAiTuC9K17_RrXGVwOunh8ZL0Zd93ur3QtxXD4zYAfZgYpcM5R0zAqUgU5n8yKS6kyu1xQYBYFRZ2l3GW0T1MGxVar0cvAKaFtjlY5abq-eAzUiyhbcDNzTnEMcReKoL0o2D8z2vVDYTksLFObHCkzDSp4dnmPEexZ3HKpkebH7uki_JLhRDb0IRhCm-NW8j0ifRpGka9GLh7rrOcxg-m3eJ0MM_lvAcCgvhjFWmxz2kJdFRUeIpZ-yVhh4H5ol94U02phWwyWS1TLlQEerJuBMjORoj1Xq2LPwLNfYh1bxoWlPVO28yA9_9POagHXVSL45w48M3raX--CD8q3aQgsokYm9IJstGrNmlC3oni01oyMxyil8sXsbxnheTXQ9Y404ihKE5QhNRPxfq7WCS4CWKba4Pz8kFUAoR1BxLAvPDlZ9CUrLyGpytGPltZ72Ks-FKCDUpYcMJiXQwi5TLd8nvcFQv0MalcPf4muCwSSx9KDY2mgm9W20RCVbwy7a-f5xjHPipEgjezvuoh0paY7mqaTC4WQt4t5P7AaBNjoD3e20LAEOntyWyf-4FhmI-IMxwrzWkcT9a7IQdu_5TzuLobj35ozaPHOmJPjd8nAt4rtwhXV67GHMbPmXowFH8Wyee0iQZqeBA6a9oby9UZJobF5B-syCHwLj9G72926229hPB2VmTPt4Uqbp1xYIDFzGmgm1H0Jjq5iMQLdM3ZTgTb1BkR4puSo6zidVHYfAvW2TKevt65eLj5G2a81WIEUQprTSaEOWYOd9HytrCqJrFeRlomtVZLskpmQH2KZ6Ihsa9TxvXxJ4MWRHXuQJzqVAamx9xtwQqMpNpQZrZFu3CthF1FlDMecJSdniJqwFwBcCrtlGJXq6NANGSf3fXiZYkB_m4Kw14SzASK2lHYQv3Sul1UZ17OZb2FOHSypuiiQQo-3KrhUXTOL4M5a7oy9ry_vLFagDKiBwpTDGr2fS48C_N_Tfw-Zj3D50B9FxJ9k9RgCs28Ilzl60PQlRibhDe8qreIaN9lQJ66-V5Grv-baNQSxPgbtv9imcmomfWcXjAF4Mhrp5R1GU-zEfajvNn6rcWSoEKhTrEgm_pWUiZ6_a60sbHhz4DdDEHSYW2AQXRha4JvYR5d4FMi5jW6iApbi_t2WKZdFarXKIyHL9O8BUeGNfVB1UqA_i8F9SPKrCbarM7GTauTrr7-zH-KLqW6qQPWogBJKO2Tigm0KIPi2rNGLraTGHxHpTFQdxJoKaauwzQu-9wzemQnZp9L_rXS51VI0cpcG_1mpxwHi6lb8U8sRRIMFhtKi618nQUgaXRf9m2JpsQS_eaJK20R81mLbJwTwQC6nlTNHcuvoAgDpegN82ny6xMlUSXJEtaOgG1iVRt5ey-b88I8iz4alug6gVgH4v7JzM5_UY9BIPfVGfMKjhszPvj4-qsL32ZW5TbpTtCc06nqPdAmQd0HV8z4k2FobqCx2c-43dZECWxtbuEEk2qfzQIltIdwaFJoEXg__PfQhWR71RN4fq2ud1Dg2ktOCcC-Kn6f8gH57lu2y3eLqtr9Z2HldKj6nKLpE79Q8wqDVhtLV67L64EpAnTJxItUiYtB3-0ujc-c9zxWQgRc4_52GkWn4UY86RqbiLrogyNK70Eiqx3b_nft1XGpJlgbgvHcdNdKkNnNibpbohKLYpvYwXthHQ9Q6in1LxUx2Cu59VO8SozUsjsMVFEID3N-c7wxY5Ql6OS-_anie0iFLJPJw-vHV4X_sIAOPSDUxsSrH2aJr-5mneqb1_AHiQGRqMX0CL08SrlEnLh6_1F2n9-jHlzeYCFjO3-2qa1UiItfazGJLAAsNZjllCL6QuTFbnhPPbgII_adqS690OD6obuX2YnxLB4b3Y0&cid=CAQSUADq26N9_FvbZxfQVmMq6YogrWIA5k68tDx9vQcSmQ-QIPNyGvvdYyyd4yEAtW9xt8wMMfZ028ne1MORSTWMO0HPb-fl_19L4BQsX6rknMkkGAEgDg&rfl=1%2Chttps%253A%252F%252Fbearinsider.com%252F%240
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
74abe41f5abe40ebb743346bad44853a9824092bc873cf6c26f470a876960aac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36383
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2F88
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BOPWemhn0EVJI8nUo2Ms44Us1EsyC892jiK3Dm1rYdGXiL8DkfEB07LOlgQR-dmf-WxRxUxuVsNAvPspPWlKlqxvZSyDYK2ynltAzsNajTlxp6U8I
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/ Frame 2F88
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/window_focus_fy2021.js
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:34:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21085
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 18:34:20 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/ Frame 2F88
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:34:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21086
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7569
x-xss-protection
0
server
cafe
etag
4237063375490391177
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 18:34:19 GMT
l
www.google.com/ads/measurement/ Frame 2F88
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQyn2Qk9JhR6oNEIlrAPOYryyR7qVc5FWQJMVEYyion-TuEwdkFyRy3h7eyhSSrifSvXQztJ0ppKXTmdpFiZHh1QJvOzQ
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 2F88
152 KB
46 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66acb48e5d896c024b5ce7003d0375794e4a6603e8454e902ea448db160884d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47476
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1666179788250400"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 21 Oct 2022 00:25:45 GMT
pixel
protected-by.clarium.io/ Frame 2F88
68 B
345 B
Image
General
Full URL
https://protected-by.clarium.io/pixel?tag=wt_RnNlZXpfLW5EeVdRWElKc2Jub0trS1RIWEM0LzI4OTYyMTcyNDA6MzAweDI1MA==&v=5&s=v31gfrusuqn&id=eyJkZnAiOnsiYWQiOjQ5NzM3Mzc2LCJjIjpudWxsLCJsIjowLCJvIjoyODk2MjE3MjQwLCJBIjoiLzI1MDcyNDYsMjI2MTEyODU0MjkvYmVhcmluc2lkZXIuY29tX1dlYl8zMDB4MjUwXzEiLCJ5IjowLCJjbyI6MCwicyI6ImRpdi1pbnN0aWNhdG9yLWFkLTEifSwidHBfY3JpZCI6bnVsbH0%3D&sb=undefined&cb=6232023&h=bearinsider.com&d=eyJ3aCI6IlJuTmxaWHBmTFc1RWVWZFJXRWxLYzJKdWIwdHJTMVJJV0VNMEx6STRPVFl5TVRjeU5EQTZNekF3ZURJMU1BPT0iLCJ3ZCI6eyJvIjoyODk2MjE3MjQwLCJ3IjoiMzAwIiwiaCI6IjI1MCJ9LCJ3ciI6Mn0=
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.79.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-79-34.eu-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:45 GMT
Server
nginx/1.14.0 (Ubuntu)
Content-Type
image/png
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
68
Expires
Sat, 26 Jul 1997 05:00:00 GMT
container.html
4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 55FE
6 KB
3 KB
Document
General
Full URL
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: cdn.confiant-integrations.net
URL: https://cdn.confiant-integrations.net/gptprebidnative/202210171204/wrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, immutable, max-age=31536000
content-encoding
gzip
content-length
3108
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 21 Oct 2022 00:25:44 GMT
expires
Sat, 21 Oct 2023 00:25:44 GMT
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
rum
dsum-sec.casalemedia.com/ Frame 7C0A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPXmGRCTqoQCGPDzudMBMAE&v=APEucNUxgfRi7_GOb1bfaJlBIhcmh9oaYmvpzGsnA5Ichky4sq-DR4z9PvGuvauX9IzhV_lOrdQwxrb-59Au-7yGzAq4ZEbrZYsTXYnnxA-0WB9KbithNlSnlFeGpExBzrEIigHWJH_kfIEp1A5Ptg_HJy-7IYI1XNnHAawjswOItw3P1CFm6Ks
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:45 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 7C0A
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y1HnCearnhTxNBDTDKoqQAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPXmGRCTqoQCGPDzudMBMAE&v=APEucNUxgfRi7_GOb1bfaJlBIhcmh9oaYmvpzGsnA5Ichky4sq-DR4z9PvGuvauX9IzhV_lOrdQwxrb-59Au-7yGzAq4ZEbrZYsTXYnnxA-0WB9KbithNlSnlFeGpExBzrEIigHWJH_kfIEp1A5Ptg_HJy-7IYI1XNnHAawjswOItw3P1CFm6Ks
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:45 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 7C0A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEB6muakVyB-iyH5ZxynKyWg&google_cver=1
43 B
1014 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEB6muakVyB-iyH5ZxynKyWg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPXmGRCTqoQCGPDzudMBMAE&v=APEucNUxgfRi7_GOb1bfaJlBIhcmh9oaYmvpzGsnA5Ichky4sq-DR4z9PvGuvauX9IzhV_lOrdQwxrb-59Au-7yGzAq4ZEbrZYsTXYnnxA-0WB9KbithNlSnlFeGpExBzrEIigHWJH_kfIEp1A5Ptg_HJy-7IYI1XNnHAawjswOItw3P1CFm6Ks
Protocol
HTTP/1.1
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:45 GMT
AN-X-Request-Uuid
5d02807d-7192-4e52-9623-b1d1e95b9a4c
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEB6muakVyB-iyH5ZxynKyWg&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 7C0A
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3OTE1MjEwMTc4Mjc5MjEzMw%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3OTE1MjEwMTc4Mjc5MjEzMw%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPXmGRCTqoQCGPDzudMBMAE&v=APEucNUxgfRi7_GOb1bfaJlBIhcmh9oaYmvpzGsnA5Ichky4sq-DR4z9PvGuvauX9IzhV_lOrdQwxrb-59Au-7yGzAq4ZEbrZYsTXYnnxA-0WB9KbithNlSnlFeGpExBzrEIigHWJH_kfIEp1A5Ptg_HJy-7IYI1XNnHAawjswOItw3P1CFm6Ks
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:45 GMT
AN-X-Request-Uuid
5a394a7b-a6cb-4ea4-9098-6fe90d2c527d
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3OTE1MjEwMTc4Mjc5MjEzMw%3D%3D
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
encrypt
esp.rtbhouse.com/
221 B
238 B
Fetch
General
Full URL
https://esp.rtbhouse.com/encrypt
Requested by
Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
111.39.190.35.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash
b89f2425b3a80a2e1861648a6b8b8c82d04b3f4efaca0ab5dbc9db90a3cb82a0

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
via
1.1 google
server
Google Frontend
content-type
application/json
access-control-allow-origin
*
x-cloud-trace-context
0fd73e02e14355d6b3ff7eec92b3fd71
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
221
encrypt
esp.rtbhouse.com/ Frame
0
0
Preflight
General
Full URL
https://esp.rtbhouse.com/encrypt
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.39.111 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
111.39.190.35.bc.googleusercontent.com
Software
Google Frontend /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://bearinsider.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
POST, GET
access-control-allow-origin
https://bearinsider.com
access-control-max-age
600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
content-type
text/plain; charset=utf-8
date
Fri, 21 Oct 2022 00:25:45 GMT
server
Google Frontend
vary
Origin
via
1.1 google
x-cloud-trace-context
7ec6d9b0037b5169d996196eed72294f
pixel
googleads.g.doubleclick.net/xbbe/ Frame B4E3
640 B
316 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQlL6EARi54tjQATAB&v=APEucNVPkQR7PZ2aifXxLrQUu9fC9mpG-3pBoijqvZVNS_0GKpmygRGXg8OsHoLwYksHo88WxhWgsxyK4NaspxGj3bSjSskk5HcXr7PPvU-h9GkMYvKoD4-XzDrOFlvLczdtt1Zt7txPdGYr4a0IAP-gIxgxk7NwN9gLRBcNs6cFEpZnT3Ghe5o
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
295
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 21 Oct 2022 00:25:45 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ad
googleads.g.doubleclick.net/dbm/ Frame 8F17
85 KB
34 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A4JS3e0Uc9rui6hsQ3lZzI9mqCGzEzmuMSKlB8T0G_NzrRgi3vYnXgSThXpJ75pirSyYYzlzGiUaHUtVzUTIC0RhylE4CdIyKWxglwC8jtRK4-aeaVxx4s2eeIV-ztevtImtbgkUB4NfFHtvYiy2kPAhiLJ_dq_dc7VOFnjbeshSg1UzE&dbm_d=AKAmf-APvewfQKMlu1TqKpuBQoKfuHs8I009SNvcPht4cRTnrI0D2XLhzBymOLuZ6t8DnJra66uVl7N9ny8FpnWH4Q5XWBe2Dxy_h8svlVsCHC2LGexh6Vuf2ZA9PWeYOPkawzNSPj-Rt6r0JjlRW6ENFFsT_-M1k1Q_5Kpln9dfLzBTX3qBWocVfxFkKKbKEMWhYP9KQ4yG8Y3WRCXJqhzgEGVkFWL3s2cjcFc9xSDRsaKd4FlRw-K_Ev7-hjYoRllQztIjZIP7r_6vQnbEmloxbewt_TxBvREPXMfjXXFhxd-KsDI9EXQ7o6BQTZXnNNdX66cENMhihH28OWTsRJNjRramj-nMGL8p2hYLdtrzrMzqx0MMwjW-meeLfpDnZH5WylYxQCHnvSqNUpmEum0nPtyhTRpbjWl1W57tknhfv3nEArRhtmwsKw7p8YFSAfzkNDAuv649V1j817JV0_INCUGQWtiQMKjhRVNGx5XrwVhBkcC20D0RbQLjKFjWa6E-VBamK2QF8NabXVB5Zohy61EckfQ-GiXb9iKO9Cm5SYHEHUnynalon9D2bu21qfta0184XxS7Ytq6ZFAsCNbwK8F9Q5eNhN5twprpqrA4P5Z1vRa99QABUnMHIOYdGjOpVeXcQDkDf2URg6YWlWZbupCFII4eKlIforHLAlDdR1UdtUR5G2JdbnV88spjnfJOBQZT73SSgXlQOQv9kwgOsOOrB4PxSqBnZXd1Z0-5PJiaj5wi9EK1RHfcV1jyD2xhwq1HRqxsVarXSlagyXpfJsp39hZ1FMEUoBiJ3tJttMGxsAfqzJCIYoTF0Ik7WE2hPuMhTEn86YtzRr5UWDuIwqTdxbB4PSaiCg6n6fAxS2nvjo_KZsw1K6Jk8fvcGvp0YWPuibAD3pYpsLav9907H8S9sjSQwjfo2yH3j1ZoKigjd-BUpUphwzfTuMunTIiLY1wEK4N6pomSxzoyq5uNw5q5itVB337EtnY6lbn52vK3_mQusBBx3tvu5j-BENS7B8SRbtQxjJBm0HdHnXiV5U2kib0C6cUz9e5-BC067g5CfU5jkvO5InM_o_dJhipsyFz6kYTPGjYfbAGTFhQfdtbV3S0rmFfpENGzwkfsNGOwVuRzaYZRoAPYTrLaNsgq0bqzenz6k-wl2y0FtgQW5mRzRpf2-dC-rBbnSEhi0lT2PqmRYjfb_3RoR5Q0t0MkqXnOBi-DycfiPzPh14dYfTv_HfxrBGbzDfI6SRLNKH_wokhK3n3xHQYGJt824ONICIzPOhN3kyHiJoPhM81wdb1oXSzEF4AXk_SwIvrELE1mZ55n_4orCwxVm_VA0OmpwdOvMnju3RKM6ZWpu3ZVPEYnfMHjjyMMelxvOPr4M0BExYK_GBW6AX7h2ygGRL27W-oQHrr_MkC3j5fPbJNWGuUJ1U29qHKlWbP7CLtlWbEu2UNjsDN3WEnLm5do5X_4prej_lGbnHcAGxkj77_G1yaakYDIaR93dWchsbIcJTvLSF4hIK63qdDwCmrmtez2Y5F8rmc3TW2vj3gPmGAv_Evotmnt9j6QmXL3-2TFuk7iT-nXdikK-cbFvtAtXtzXJ4MDNr-CupuIfJnSPP1Zkinp0eIq5SpXo6gqPtrNhlFUknfVrFvCqehIDTpoKUz7uYeLd81JUDW3DM0wAhF3B4D7A5CCqvawmxKaWYeLjJTvHda2Pw7Je6Bimf6cRkYy5ie32NRlR26-xy-edRRfEZTdo_QP92rXhLJe8uOiE_DB_RXC6HgFsZe12AtbNVVKo7EyUU9ALABlmm9Ubgs0vgAKKV3bx2laPdYdhngzJ3YKPV07jU8g4iW3aQ9D7lTICRpsBcbQzhTZ-wpyJxB78v1zhUUSYwjDMxLDL8_VHuQIv2lapjXdLHH1cKuEnXbFiS3fo4ocsuNC_DyRP-Pn2vPxhiPL45twWI4XPsyI9BJ1_ctJG8PS2jO5CwKniH3HkLfeLWqwFEbXs9W57lRYEHJxr0HBYF8t9aywTYnYl_psT7YPYPc2cuDO47YzaObfr70uovygPix2KpPai-00003miFA1hdJb1z3DedWPIaWSOrgAoXYz79lZC-85T1nBg3ZVUjlY8H7cfvrNZf8LwyZfYQn7BCG0VXU9cnr_QFpaxxVddNkHsbMM19qfJkElaPyrg5XW1TOo7TgEwEaZ36mFqpgIJQ8pCj2nUe30Hip6r9kRibwSlyJVH2yAM6ubLzWoFYSymb0HweCkYjMw82CEB5MIHBD55DtIXBbXzCcyfOV1gV8O5Uz08RfCgJYhXhC--OCJks5LhgVsRsrwKUW9XOjql8P10KhTzHlLAgGxTUOz0-mHxfRC80Ae_HtWcd_izpfXGPriSN8PsRcbPALK6rutWHI2Py_PXcVL3W0G2I_cVoH01P-Ki02d8aKM8L2-JI5_1mLaSA0GfjTLqSy-msgjT60Orkw572E0o4VGGjGMpd8u66w7Fw01ntZZJTDt8JJ9Shtcz0GzwlfHWRP_Bmiw0R6VCl-INoIuQS_XptmyXqvmhKvBwLRXbZ-r5yFKKSrfBZdyyNVE0r4q6BvSWWRd7zAyCmuNu4fJLasU12dKYBBXX26BY27h9qyTpOEBuMMPcBL6aVz0ROWy8Yw0Q0d0OTI5Ga8KO1DfUdW_wmgTrmy4cLMnhDnXQTeJEotJE-0IO9farkd2t9uisouFS30Oy9MostuaaEiep4LK7gi59g7b0eMH6lzEcGbbH-JXqF4whR_BdE3f_VJRDSdRFwMxOzHhMAuFkUsyMORGF976rywcqqCOTY8I1T-3KEvNhCuxd5k-_O_HpcEfw1DK0x5eRfWuyO2lI9e6526bYMEYldknY9wLIKrYVcS5VtTiZkyXyJKTPTX8CUwy-bObbaihUi-ea0fHJDddTYSlSsMx4s-wMk1-xyD2IwLWVzPGA7aIW3Xv0MLdQHL9WzdliQD-IJUyuCW_QGvNsTL0PsecTad4VFF9RIYZdzGdyue2K9_yuiJ7rmM59IV57Zw2MCC2dbCgFrEemko8tZNCZKAWFlwj5SUo72i7y4A7h1iqHJ539FPSHv2xq2M8Re5i-1hKHFWhcUbQcCqcaXBt-3dZJG5yP-EVfTeURNFdO8o3dYf4q9L7zOJBQP4c_-PNgclRjS4e9a5i5NyyddHyy0y2GHDfGrOtXbzBS97KJ5CfmIk0eBT0zt0IQlX9vFdx1Mrwg5UyQpjjIuzI1QhjnfZFHFs8kujjwdCL5FmPLwKmtRYM1S9d2Cw3sxFHZyRfpjQI-R_fkVdFaWvbgdGOcuzqRQfwBICmw2h0_hAPxrEa61eW876tU3R5C3Ayh2FwsedH-Q&cid=CAQSPgDq26N9cMM4_G9LBZuB5XRK2bsMY3bHvN_kUHdPL3DEh7-r1Pu86ywGMdKOUJ7wQsNmktkhevRft6-Gm4TzGAEgDg&rfl=1%2Chttps%253A%252F%252Fbearinsider.com%252F%240
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
410082b276bd6e81b76227c4ba9799e819b96e53e1efd26327fdd428f69b33bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35160
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8F17
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D_ljfkCgGZb5w_dFiak61K_S8jNjNtmpopprOU9cpSIcWPIJdoTmt0IYFHTb5rsORtshHCV80mLv4wbY4yC91EOLWeDbvzurRMXR1oKrdKwVA6rZs
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/ Frame 8F17
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/window_focus_fy2021.js
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:34:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21085
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 18:34:20 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/ Frame 8F17
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:34:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21086
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7569
x-xss-protection
0
server
cafe
etag
4237063375490391177
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 18:34:19 GMT
l
www.google.com/ads/measurement/ Frame 8F17
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaSGsVef21bd-CNxUh_WSG0ifEMVo3HaZcX9VhOfaeonpaOp6dSdp2rbpsEy_5o5OL5O87liORr6MjQXiBi52vQUfsjlRA
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 8F17
152 KB
46 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66acb48e5d896c024b5ce7003d0375794e4a6603e8454e902ea448db160884d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47476
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1666179788250400"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 21 Oct 2022 00:25:45 GMT
pixel
protected-by.clarium.io/ Frame 8F17
68 B
345 B
Image
General
Full URL
https://protected-by.clarium.io/pixel?tag=wt_TWJaVFFTNDk2RUI0U2QyN0lMVTRyYkhYbko4LzIxNTQ3NjU3NjE6NzI4eDkw&v=5&s=v31gfrusutd&id=eyJkZnAiOnsiYWQiOjQ0MDI0NTQwNjUsImMiOm51bGwsImwiOjAsIm8iOjIxNTQ3NjU3NjEsIkEiOiIvMTcwNzM3MDc2L3NwZ19kZWZhdWx0L2JlYXJpbnNpZGVyLzAwOF9kZXNrdG9wXzk3MHg5MCIsInkiOjM5MTA4MCwiY28iOjAsInMiOiJkaXYtZ2FkLWhvbWUtbWlkIn0sInRwX2NyaWQiOm51bGx9&sb=undefined&cb=8909928&h=bearinsider.com&d=eyJ3aCI6IlRXSmFWRkZUTkRrMlJVSTBVMlF5TjBsTVZUUnlZa2hZYmtvNEx6SXhOVFEzTmpVM05qRTZOekk0ZURrdyIsIndkIjp7Im8iOjIxNTQ3NjU3NjEsInciOiI3MjgiLCJoIjoiOTAifSwid3IiOjJ9
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.79.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-79-34.eu-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:45 GMT
Server
nginx/1.14.0 (Ubuntu)
Content-Type
image/png
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
68
Expires
Sat, 26 Jul 1997 05:00:00 GMT
express_html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame A9BA
106 KB
38 KB
Script
General
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Origin
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 10:24:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50463
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37872
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 21 Oct 2022 10:24:42 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/elements/html/ Frame A9BA
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/elements/html/omrhp.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 17:50:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23705
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
10699485926258732851
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 17:50:40 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/ Frame A9BA
30 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/abg_lite.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06da16002b06a44b36022933c8aa72978db6661c4491e40f81ab16ac9b9833d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:34:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21088
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11726
x-xss-protection
0
server
cafe
etag
11376305771055881226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 18:34:17 GMT
rum
dsum-sec.casalemedia.com/ Frame DC23
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjCz-fJATAB&v=APEucNWCYTb8tATOKTFkhjkD8I0NnqUnhTDRRtZlMgaTv_v8xYaJ9KPa_ZIurTkMUyRl4qou_UkTxCuG9b8Lrnt1pwNver8DSOuSTSd2FYnOsU4zZlQQxXpJIDG7wHdaP69nPQGAVS931zj-EyEOe507Ejr2F64HojgCofk8POET8M3aT37i3Pg
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:45 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=496
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame DC23
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y1HnCearnhTxNBDTDKoqQAAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjCz-fJATAB&v=APEucNWCYTb8tATOKTFkhjkD8I0NnqUnhTDRRtZlMgaTv_v8xYaJ9KPa_ZIurTkMUyRl4qou_UkTxCuG9b8Lrnt1pwNver8DSOuSTSd2FYnOsU4zZlQQxXpJIDG7wHdaP69nPQGAVS931zj-EyEOe507Ejr2F64HojgCofk8POET8M3aT37i3Pg
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:45 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEM0jD5U5dLsz7fzZHT1o-qA&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame DC23
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEB6muakVyB-iyH5ZxynKyWg&google_cver=1
43 B
1014 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEB6muakVyB-iyH5ZxynKyWg&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjCz-fJATAB&v=APEucNWCYTb8tATOKTFkhjkD8I0NnqUnhTDRRtZlMgaTv_v8xYaJ9KPa_ZIurTkMUyRl4qou_UkTxCuG9b8Lrnt1pwNver8DSOuSTSd2FYnOsU4zZlQQxXpJIDG7wHdaP69nPQGAVS931zj-EyEOe507Ejr2F64HojgCofk8POET8M3aT37i3Pg
Protocol
HTTP/1.1
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:45 GMT
AN-X-Request-Uuid
8ddaef2d-0061-4562-9e04-32e227c9b0f4
Server
nginx/1.21.3
Content-Type
image/gif
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEB6muakVyB-iyH5ZxynKyWg&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame DC23
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3OTE1MjEwMTc4Mjc5MjEzMw%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3OTE1MjEwMTc4Mjc5MjEzMw%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjCz-fJATAB&v=APEucNWCYTb8tATOKTFkhjkD8I0NnqUnhTDRRtZlMgaTv_v8xYaJ9KPa_ZIurTkMUyRl4qou_UkTxCuG9b8Lrnt1pwNver8DSOuSTSd2FYnOsU4zZlQQxXpJIDG7wHdaP69nPQGAVS931zj-EyEOe507Ejr2F64HojgCofk8POET8M3aT37i3Pg
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:45 GMT
AN-X-Request-Uuid
fed404df-e3ad-4bd4-876e-8ef2c8a38ca4
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MjM3OTE1MjEwMTc4Mjc5MjEzMw%3D%3D
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=bearinsider.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=bearinsider.com
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/javascript; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
21 KB
10 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3397757246618958&correlator=1393878917792759&eid=31068457%2C31068500%2C31069596%2C31069682&output=ldjh&gdfp_req=1&vrg=2022101701&ptt=17&impl=fifs&iu_parts=170737076%2Cspg_default%2Cbearinsider%2C008_desktop_direct_300x250&enc_prev_ius=%2F0%2F1%2F2%2F3&prev_iu_szs=300x250&ifi=5&adks=3948478152&sfv=1-0-38&prev_scp=adLocation%3Datf%26didnaRef%3Ddiv-gad-home_300x250_1%26didna_vis%3Dtrue%26hb_format%3Dbanner%26hb_size%3D300x250%26hb_pb%3D0.01%26hb_adid%3D7703fbcd909cc09%26hb_bidder%3Donemobile%26didna_refr%3Dfalse&eri=1&cust_params=url%3D%252F%26sub%3Dnone%26pub%3Dbearinsider.com%26path%3D%252F%26didna_version%3D4%26ip%3D0%26he%3D0&ppid=601adfec-afed-46f8-9c63-bb7470283c16&sc=1&cookie=ID%3Dec38125e851960d1-22723bf650ce00e9%3AT%3D1666311944%3AS%3DALNI_MYyVkqQAbho_dZHD4BCwcVzic7_NA&gpic=UID%3D00000b75d06c9ced%3AT%3D1666311944%3ART%3D1666311944%3AS%3DALNI_MZoLP__JILQ9tZiWndAgw-Grh_aiw&abxe=1&dt=1666311945215&lmt=1666311945&dlt=1666311940633&idt=2496&adxs=990&adys=628&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=5&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fbearinsider.com%2F&frm=20&vis=1&psz=300x598&msz=300x250&fws=0&ohw=0&ga_vid=1410227624.1666311945&ga_sid=1666311945&ga_hid=412033631&ga_fc=false&a3p=EhwKDWNyd2RjbnRybC5uZXQY7_S5v78wSABSAghkEhkKCnB1YmNpZC5vcmcY7_S5v78wSABSAghkEh0KDmVzcC5jcml0ZW8uY29tGO_0ub-_MEgAUgIIZBIUCgVvcGVueBjv9Lm_vzBIAFICCGQSGQoKdWlkYXBpLmNvbRjv9Lm_vzBIAFICCGQSFwoIcnRiaG91c2UY7_S5v78wSABSAghkEhsKDGlkNS1zeW5jLmNvbRiX9rm_vzBIAFICCGo.
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022101701.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9aa3d43134d1f1dfeb282288ab9a891513edc029fcb5689f71fad912ec15b549
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
br
x-content-type-options
nosniff
google-mediationgroup-id
-2
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9732
x-xss-protection
0
google-lineitem-id
5536972961
pragma
no-cache
server
cafe
google-mediationtag-id
-2
google-creative-id
138330831775
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
sid
mug.criteo.com/ Frame E65A
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=publishertagids&domain=bearinsider.com&sn=ChromeSyncframe&so=0&topUrl=bearinsider.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
  • https://mug.criteo.com/sid?cpp=9bCOY3x6U0VLN1J1bFFLWm13NzlXQk85bSt3QUc4Vis3Z0JNazJXRWF0Y1Npc2xmczdScmF4QkVpaHVpMGJnMnFIazJ0NU9ISmFaSU5FRWtqOUZqeUorV3Z3a0YvdzVBTDhUaDBBeGRxY3h5SElHc1E0VEFFQngwOGVYWT...
422 B
653 B
Fetch
General
Full URL
https://mug.criteo.com/sid?cpp=9bCOY3x6U0VLN1J1bFFLWm13NzlXQk85bSt3QUc4Vis3Z0JNazJXRWF0Y1Npc2xmczdScmF4QkVpaHVpMGJnMnFIazJ0NU9ISmFaSU5FRWtqOUZqeUorV3Z3a0YvdzVBTDhUaDBBeGRxY3h5SElHc1E0VEFFQngwOGVYWThUVnFIWDYzeC90cGVxaEFJajNvSGMzbWFvVzMzdUpmajE0TlorNXhkOEs2WlhSQm5pL0NYSkh1OEtBb0VyLzQvM1pxK2ZMaTgrcm01SGJWaEFleGJ1YVNiU1lCdXEyWmNxVnNaMHF1bWJRWDd2b3ljSGtocXV2T2ZrZFR0MEFZSjNUNkhoUEJ5akNSaU9vUzZENkJyYm4xdE84THY4T2EraUQ5N0FJSXdNbk5ZeFFWYk9RND18&cppv=2
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
e2abaab52c00991eaa68af9b739a0d6ff6f36317d6d05458ea794e5a7f319f5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
strict-transport-security
max-age=31536000; preload;
content-encoding
gzip
server
Kestrel
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
2006932
expires
0

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:44 GMT
strict-transport-security
max-age=31536000; preload;
server
Kestrel
location
https://mug.criteo.com/sid?cpp=9bCOY3x6U0VLN1J1bFFLWm13NzlXQk85bSt3QUc4Vis3Z0JNazJXRWF0Y1Npc2xmczdScmF4QkVpaHVpMGJnMnFIazJ0NU9ISmFaSU5FRWtqOUZqeUorV3Z3a0YvdzVBTDhUaDBBeGRxY3h5SElHc1E0VEFFQngwOGVYWThUVnFIWDYzeC90cGVxaEFJajNvSGMzbWFvVzMzdUpmajE0TlorNXhkOEs2WlhSQm5pL0NYSkh1OEtBb0VyLzQvM1pxK2ZMaTgrcm01SGJWaEFleGJ1YVNiU1lCdXEyWmNxVnNaMHF1bWJRWDd2b3ljSGtocXV2T2ZrZFR0MEFZSjNUNkhoUEJ5akNSaU9vUzZENkJyYm4xdE84THY4T2EraUQ5N0FJSXdNbk5ZeFFWYk9RND18&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
519315
content-length
0
expires
0
pixel
googleads.g.doubleclick.net/xbbe/ Frame 7962
466 B
301 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOHQmqMDGLW5kdQBMAE&v=APEucNUHfWCSYkbHGju5PtYuKnaE6VfDv2qhApZR4Wy15Q1Ht6n8VIluOlfd_79d7eEDx68fr1vWLxxM4paXIGBq2q-_6RrWDItXiZqgJi_zsN4uwklfhYRz58PfyUGjb6YKqxnOC8ITUJO91zjP4DXc8PslhGqYXl68mdn6G7D1DWsgJK8TSGA
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
private
content-encoding
gzip
content-length
280
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 21 Oct 2022 00:25:45 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
dv3.js
pagead2.googlesyndication.com/pagead/js/ Frame 55FE
76 KB
27 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/dv3.js
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ac1b986bc2148aa06ad10ef94546eed99de4a9c2eae242b9e97f78e3fe2bb6ee
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27147
x-xss-protection
0
server
cafe
etag
5291931307091096204
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=600
timing-allow-origin
*
expires
Fri, 21 Oct 2022 00:25:45 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 55FE
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Cz2OVdbn3Td0v4-lD-eb8HvIpXSxoBpkc7FtGHi2tEbtLjcDuCxTwnwTuXmygrfbolAOUFAviSxuAZO1TDNr8P5snXEf2DTSsbjarG13KBFQ3YMCk
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 55FE
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=3937164023530862263&x=1&ct=76
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/ Frame 55FE
3 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/window_focus_fy2021.js
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:34:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21085
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1359
x-xss-protection
0
server
cafe
etag
1484984001845508991
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 18:34:20 GMT
qs_click_protection_fy2021.js
tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/ Frame 55FE
17 KB
7 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20221019/r20110914/client/qs_click_protection_fy2021.js
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:34:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21086
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7569
x-xss-protection
0
server
cafe
etag
4237063375490391177
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 18:34:19 GMT
l
www.google.com/ads/measurement/ Frame 55FE
0
0
Image
General
Full URL
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQhI8dwHrK-gLxKxs24N1rgWqjwBBH5YovABGMS2f-7C9EJqJUj0xw65STn83YHjtqJ9KlBmf7UNTRd_E33gC8DYtajPA
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 55FE
152 KB
46 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66acb48e5d896c024b5ce7003d0375794e4a6603e8454e902ea448db160884d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47476
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1666179788250400"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 21 Oct 2022 00:25:45 GMT
pixel
protected-by.clarium.io/ Frame 55FE
68 B
345 B
Image
General
Full URL
https://protected-by.clarium.io/pixel?tag=wt_RnNlZXpfLW5EeVdRWElKc2Jub0trS1RIWEM0LzI4OTYyMTcyNDA6MzAweDI1MA==&v=5&s=v31gfrusv0q&id=eyJkZnAiOnsiYWQiOjQ5NzM3Mzc2LCJjIjpudWxsLCJsIjowLCJvIjoyODk2MjE3MjQwLCJBIjoiLzI1MDcyNDYsMjI2MTEyODU0MjkvYmVhcmluc2lkZXIuY29tX1dlYl8zMDB4MjUwXzIiLCJ5IjowLCJjbyI6MCwicyI6ImRpdi1pbnN0aWNhdG9yLWFkLTIifSwidHBfY3JpZCI6bnVsbH0%3D&sb=undefined&cb=9555234&h=bearinsider.com&d=eyJ3aCI6IlJuTmxaWHBmTFc1RWVWZFJXRWxLYzJKdWIwdHJTMVJJV0VNMEx6STRPVFl5TVRjeU5EQTZNekF3ZURJMU1BPT0iLCJ3ZCI6eyJvIjoyODk2MjE3MjQwLCJ3IjoiMzAwIiwiaCI6IjI1MCJ9LCJ3ciI6Mn0=
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.194.79.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-194-79-34.eu-west-1.compute.amazonaws.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:45 GMT
Server
nginx/1.14.0 (Ubuntu)
Content-Type
image/png
Cache-Control
no-store, no-cache, must-revalidate, max-age=0
Connection
keep-alive
Content-Length
68
Expires
Sat, 26 Jul 1997 05:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 55FE
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=dbg&cor=3937164023530862263&x=1&ct=76&dl=0&ds=0
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame B4E3
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBvbgsylu3gBjzuIoutAQ6U&google_cver=1
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBvbgsylu3gBjzuIoutAQ6U&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQlL6EARi54tjQATAB&v=APEucNVPkQR7PZ2aifXxLrQUu9fC9mpG-3pBoijqvZVNS_0GKpmygRGXg8OsHoLwYksHo88WxhWgsxyK4NaspxGj3bSjSskk5HcXr7PPvU-h9GkMYvKoD4-XzDrOFlvLczdtt1Zt7txPdGYr4a0IAP-gIxgxk7NwN9gLRBcNs6cFEpZnT3Ghe5o
Protocol
H3
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
via
1.1 google
server
OXGW/0.0.0
vary
Accept
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEBvbgsylu3gBjzuIoutAQ6U&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cm
us-u.openx.net/w/1.0/ Frame B4E3
43 B
131 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQlL6EARi54tjQATAB&v=APEucNVPkQR7PZ2aifXxLrQUu9fC9mpG-3pBoijqvZVNS_0GKpmygRGXg8OsHoLwYksHo88WxhWgsxyK4NaspxGj3bSjSskk5HcXr7PPvU-h9GkMYvKoD4-XzDrOFlvLczdtt1Zt7txPdGYr4a0IAP-gIxgxk7NwN9gLRBcNs6cFEpZnT3Ghe5o
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
um
sync.teads.tv/ Frame B4E3
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
  • https://sync.teads.tv/um?eid=3&uid=CAESEFTqWDngn-GNV9GH8uVbD9Q&google_cver=1
23 B
172 B
Image
General
Full URL
https://sync.teads.tv/um?eid=3&uid=CAESEFTqWDngn-GNV9GH8uVbD9Q&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQlL6EARi54tjQATAB&v=APEucNVPkQR7PZ2aifXxLrQUu9fC9mpG-3pBoijqvZVNS_0GKpmygRGXg8OsHoLwYksHo88WxhWgsxyK4NaspxGj3bSjSskk5HcXr7PPvU-h9GkMYvKoD4-XzDrOFlvLczdtt1Zt7txPdGYr4a0IAP-gIxgxk7NwN9gLRBcNs6cFEpZnT3Ghe5o
Protocol
H2
Server
104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-89-75.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.9 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Fri, 21 Oct 2022 00:25:45 GMT
pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
cache-control
max-age=0, no-cache, no-store
server
akka-http/10.2.9
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://sync.teads.tv/um?eid=3&uid=CAESEFTqWDngn-GNV9GH8uVbD9Q&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
um
sync.teads.tv/ Frame B4E3
23 B
172 B
Image
General
Full URL
https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQlL6EARi54tjQATAB&v=APEucNVPkQR7PZ2aifXxLrQUu9fC9mpG-3pBoijqvZVNS_0GKpmygRGXg8OsHoLwYksHo88WxhWgsxyK4NaspxGj3bSjSskk5HcXr7PPvU-h9GkMYvKoD4-XzDrOFlvLczdtt1Zt7txPdGYr4a0IAP-gIxgxk7NwN9gLRBcNs6cFEpZnT3Ghe5o
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.75.89.75 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-75-89-75.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.9 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Fri, 21 Oct 2022 00:25:45 GMT
pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
cache-control
max-age=0, no-cache, no-store
server
akka-http/10.2.9
content-length
23
content-type
image/gif
html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame 2F88
170 KB
59 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Origin
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 16:47:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27508
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60311
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 21 Oct 2022 16:47:17 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/elements/html/ Frame 2F88
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/elements/html/omrhp.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 17:50:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23705
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
10699485926258732851
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 17:50:40 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/ Frame 2F88
30 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/abg_lite.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06da16002b06a44b36022933c8aa72978db6661c4491e40f81ab16ac9b9833d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:34:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21088
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11726
x-xss-protection
0
server
cafe
etag
11376305771055881226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 18:34:17 GMT
html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame 8F17
170 KB
59 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Origin
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 16:47:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
27508
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60311
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:25 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 21 Oct 2022 16:47:17 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/elements/html/ Frame 8F17
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/elements/html/omrhp.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 17:50:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23705
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
10699485926258732851
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 17:50:40 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/ Frame 8F17
30 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/abg_lite.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06da16002b06a44b36022933c8aa72978db6661c4491e40f81ab16ac9b9833d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:34:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21088
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11726
x-xss-protection
0
server
cafe
etag
11376305771055881226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 18:34:17 GMT
partner
sync.search.spotxchange.com/ Frame 7962
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
  • https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGwEWeROiZAOZFFgRe0QE1Q&google_cver=1
  • https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGwEWeROiZAOZFFgRe0QE1Q&google_cver=1&__user_check__=1&sync_id=e773ccfe-50d6-11ed-8fdd-1984e64b0206
43 B
548 B
Image
General
Full URL
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGwEWeROiZAOZFFgRe0QE1Q&google_cver=1&__user_check__=1&sync_id=e773ccfe-50d6-11ed-8fdd-1984e64b0206
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOHQmqMDGLW5kdQBMAE&v=APEucNUHfWCSYkbHGju5PtYuKnaE6VfDv2qhApZR4Wy15Q1Ht6n8VIluOlfd_79d7eEDx68fr1vWLxxM4paXIGBq2q-_6RrWDItXiZqgJi_zsN4uwklfhYRz58PfyUGjb6YKqxnOC8ITUJO91zjP4DXc8PslhGqYXl68mdn6G7D1DWsgJK8TSGA
Protocol
HTTP/1.1
Server
185.94.180.125 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software
nginx /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 21 Oct 2022 00:25:45 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
35
Connection
keep-alive
Content-Length
43

Redirect headers

Date
Fri, 21 Oct 2022 00:25:45 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Location
/partner?adv_id=7025&uid=CAESEGwEWeROiZAOZFFgRe0QE1Q&google_cver=1&__user_check__=1&sync_id=e773ccfe-50d6-11ed-8fdd-1984e64b0206
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
114
Connection
keep-alive
Content-Length
0
pixel
cm.g.doubleclick.net/ Frame 7962
Redirect Chain
  • https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
  • https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
  • https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZTc3M2NjY2EtNTBkNi0xMWVkLThmZGQtMTk4NGU2NGIwMjA2
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZTc3M2NjY2EtNTBkNi0xMWVkLThmZGQtMTk4NGU2NGIwMjA2
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOHQmqMDGLW5kdQBMAE&v=APEucNUHfWCSYkbHGju5PtYuKnaE6VfDv2qhApZR4Wy15Q1Ht6n8VIluOlfd_79d7eEDx68fr1vWLxxM4paXIGBq2q-_6RrWDItXiZqgJi_zsN4uwklfhYRz58PfyUGjb6YKqxnOC8ITUJO91zjP4DXc8PslhGqYXl68mdn6G7D1DWsgJK8TSGA
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Fri, 21 Oct 2022 00:25:45 GMT
Server
nginx
Access-Control-Allow-Methods
GET, POST, OPTIONS
Content-Type
text/plain
Location
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=ZTc3M2NjY2EtNTBkNi0xMWVkLThmZGQtMTk4NGU2NGIwMjA2
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials
false
X-fe
49
Connection
keep-alive
Content-Length
0
pixel
cm.g.doubleclick.net/ Frame 7962
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
  • https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
  • https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1XSkRwNDVGRTJ1SFNlMWNQd3J5SDYubnpfMm1HVGR1aX5B
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1XSkRwNDVGRTJ1SFNlMWNQd3J5SDYubnpfMm1HVGR1aX5B
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNKo89UCEOHQmqMDGLW5kdQBMAE&v=APEucNUHfWCSYkbHGju5PtYuKnaE6VfDv2qhApZR4Wy15Q1Ht6n8VIluOlfd_79d7eEDx68fr1vWLxxM4paXIGBq2q-_6RrWDItXiZqgJi_zsN4uwklfhYRz58PfyUGjb6YKqxnOC8ITUJO91zjP4DXc8PslhGqYXl68mdn6G7D1DWsgJK8TSGA
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS1XSkRwNDVGRTJ1SFNlMWNQd3J5SDYubnpfMm1HVGR1aX5B
date
Fri, 21 Oct 2022 00:25:45 GMT
strict-transport-security
max-age=31536000
server
ATS/9.1.10.25
age
0
content-length
0
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
WHRGermany-Deutsch-728x90-637987462014180196-72a168c9-377a-4ca1-a46a-2db3f8c0b239.html
s0.2mdn.net/sadbundle/16633326591040028672/ Frame B336
4 KB
1 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/16633326591040028672/WHRGermany-Deutsch-728x90-637987462014180196-72a168c9-377a-4ca1-a46a-2db3f8c0b239.html
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc8455926faa2115bb49e10a9f2352d4630f06e1f10873f86d2fd073b2c2f89f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
293843
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
1427
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Mon, 17 Oct 2022 14:48:22 GMT
expires
Tue, 17 Oct 2023 14:48:22 GMT
last-modified
Wed, 14 Sep 2022 09:57:12 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame A9BA
0
622 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuxBBfIGRkqnuwg2Aj5d3jXWIj0sSfsd1O5itZEhADCo3IgoZB-ukFLN3y54KlJw_ncRIpQJVdvUmIi_EMvE5DsvjN5GufbhLp7hJN3WYC4vFPhwbe2xiZooPob6A4XN9dJZNNIejsgVMHEt4E6-LmuAb418k9GCJ1KCSSljEzRF7xNEWJ3zCuxjmMGW9FwoJ0Y4myKU0qY3DgpghYBl9CejBqzhRtSY6LBdQN5pL7JslE3qRM-Emc1CQoGltgo8ANY2GLyXa-U0SIq3CnENM_TCTZNXwIAXOsFpvUXRKUqevMQpyeI0YcURF3jEoTvQhSxVhxEk3BtEq_hchdHEPbNXD4VfrGwq9UmfjeOhtUI76Iw95RtgjylXF58YjXxJqz3BDeQQo-vgEvgjh7OAhzYfiIh4T51kWBmsNtlWpJWxRo9XzOeL6DGKJOzF9DPdzGnO654HC2q_slhGVs4bj3-U7NMbIkclefY3Vems5d0OeJgXsqv9k6I-VyLgc-_3D-s2fuFzN3E2gvCEeDeRAU-ULJECIA-0nZrIqopmTTu_i1URTA9LQAWLhV1aTNUHupHQYQ7BcdEYsBPpo_m6tLg16fYQ6pqgFVSfsZ0G9yCeWsUYof66JkAX0TdpjZUjVFIfgXc1PcJKlxSMlZU4mCVYbW0nAa0F1y_vEpOJi6yE3ouPzVHEZnyaa1cUeKNEEpIMlSiGN1HHF1aY6KEo97zKXb05QeGP5fvJvSFvKfnbzuz5OcGvWGI9klvXovaW1l6rv6QA8DanpOBhJ6Kp2-Bu8YI3fK_9uzGOnL1HCpRRVFwb62P7pcZ54Z6FmvolBJiXZ6BOt6bK75tNnpdxMFUuUhLuawIcJDN86hgPNz-gpNbP-WjeV6AlqtARSgu2A2qP9csa49Sa3_w9lKIgA24IRmJ6qEY_nYN-oGRKioZA0NZl8zJpJXk2umFCsZKuo2yZ7YSebv2dmjazTkKkYiutlLKnx1f1YNOyIOY2P59V36QVo-eqbtMdQ4zOHVg7NmwV_A7iEg3UPlWhB6TWDT6VVs-APH299RCQMZxZOAYRcSEqAHwaptJ_vdU176p-ZhMt5OsDsfDDO6FsuSEiKOtgvd0D_rksvW4LPKtVrHySRfLPptU30GV3wzZ65v-jFsKOCQJZmnEtln33PoSoKnTXQy_zgs4Ma2ht_M&sai=AMfl-YQ_3X6Wyvo0xtJUc5WMLJczbw7nuPtNGrm0PXeF9kCdEivME1gTML3HExGn7wP-dywPmVbU4QdgYZ0yoOs3TfJWMgmphxrlfB9iaFqCWHB66gSABYNWwQ5-sHH1ph0R-CPU2VezdL9hik_5fEs60JDo1HGZL7b8sLDzDOicg8HskEPxYqTm6R-DiZa5kX_VfOTFg8IjIxVvbYYzV8R_0z7Oy2M0eZSUWU3IqJS4wgWCgNyZU5qrhyYtYXBAk2sgFPSS7NpOxYORq9RgLE1JoZ0&sig=Cg0ArKJSzAQaJc6ckwCXEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=205&cbvp=1&cstd=203&cisv=r20221019.87905&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/ Frame 55FE
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2635413403539&version=m202209210101
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 55FE
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2635413403539&version=m202209210101&ct=76&x=1&cor=3937164023530862000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ad
googleads.g.doubleclick.net/dbm/ Frame 55FE
98 KB
37 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CQAub9wts41TUp9cjffHaTYolLNc_4h21IT82OvsrtwtB7IOcefhWbNb5WhqzslGWvTVpWhHVtbBtepD9l-fOAoArM3w&cry=1&dbm_d=AKAmf-C6fGOPCvhYN_BGM-u9VWmMxjVuzcGyULaxITfOPGfplwybWXApsCAvEqQh-yFRUSpRizoWqjQ0K8rH3xcN_nbl_H6IY6rvgY4c7ovt7phR9UgUK-mhMbf8vXDCX3LZYprf1sokfwzDchB83PSYF7MIJSJufJ_7vRV8bD2CCoelnSFfXKUYhpW0XHbAnvJUjGcpi1MPKKMOYoeZ4iOSM0dfTnr4bhIieDOtyiXXhhtZuivsHyGR9Zzt525QOVPM0F86t2kv3Mzz1_YyFnP_laRyAGRakFLLy6Dtj3hPwX-dFm3zID62pK1d1s13oZ-9smSRWo7tkDbZBDb18RSB3x5obRNM6hi0Hknkm1uqug7CEBRJ8q3rnh30SA5Eo6SvtAdg4Rshd1bF6BdBV5VRHa8F_AuWI65FNqqGtF4wj-WVn-BOzSIl7oWD5IfNWME74-G8ffzT2eIY77oVjd9YgfX3c9e3DUG7tm-upaDBWzR1HnDnYR4TL9KDTiLc2qKo7dFt2UrxOGHXU35IafgyoLGIbZ-mzaZBq9tjrPCN7nC9S1O5Q6Mf6LMKwRg3Pmf03_bOT4uepw__BPAymbM0zJGNpTrAIv4wyg7SVWZLCsuefdaFPU2As4CNQwoF6yHkgKgTnFSUl5b2RJYSGOrW8H-KexQu6n9ElQ0Kar7E_tgVqTaDH41qj7avuQpraLD-88lcuxi4dJJ33FOWMfQ4f7zRBJx1qWTBDZU6ekVlqo4m0BMKlIUvfyM8GdqVx5RCW5csPCGETCBXu0tfWTZIUnaI7NmiHsrns631pIP2L0FN6YTWP81Y9C6KaeBYyxVXycshgi6wxIes0y-WhfORwA-VnJ680OOxiP5rFpPMTtqy24NHQflU-AaljD1K9bxoxkmlTUhxcgnl6xtkhb_plcK6nR2bGguVm_w_27yvRyQlFKQM6ST97jPniCsX_Ux0aSTmlzaPVgIZdUOF9iWMMQ2dHp2x-rcRyARMoir_qSCb1Mz8Rbbtn1g0bCMcmngdtRWs1sylFcFJ2j__bN5O9fUpkAzZhwYesAxKwFLmexwPowVVkIgX7VMw8Ws2jPRVhZbiXX2_f6XaiywYykVo5y5EwW_KLpn0bwN6vn2kn1TE7PzDPDfV0qBHX67SiRy6Gr1VLJt_YmDLHeU036iJ_u9EyXQQSFc-oxRPtSWsvSWqE_qi9gst2i-LJvjAcRc0A5iutHGlDi6P5oWxt53-MHVYTDXz_94rx2bC6PIAwPeNZ9IhlsuZNS5pgCDrbzPJJ3aBcXca9vJlCZA84dAdr4fjszLID3GfVe6mJKtf-oFLeEFwIlKMll3jNwDLAgZCVHnhfXLRcnx0G3ys6UBqnzKYqnpu8xOq6wu2PNBDhSMIXkSj6xXdp38auWt1BD5P6JXxPsByPIeesm2vIdUBLgpc3CK6w4aCpIujKvZD7jQAn_BLnkVlBukWrpIkGEaAOmvgilGaoxdCLpk4ikbxZtNt14GH3kCsjYPKh9gbBLHw5TP0RFEMaveHZBdvhJ3Mm4JOXc8pqmkkszV6QkQRDAAL8sCmDTce8KtJFBVPtd-KMYcg_gb3Fa6gVZPlOP3nuTR7v3McY2_fWLrTbOZpV_Dzve7gXRLp4xGGyFef29PQQBu_cGHsHHgc6SOjmBSHtxjpeaqylI6CeyOB7tTdzbSTEp7UCE6crnX_vzpoNHg6G3a-mLe16c-j_uJzBJLRqlbTFvfiTQ7URb4UIr5OphzopOBSSG5KHih4a7ZICCgnlg91X57WfPqHsgQscfPUYrpGgDrXbCGboC9zaVnBM2UXfKjGAYvAu_uRE1-R05MgW_6zz1qAAJf9dn5eyPdJHbe6dE7oUT3bRNl1m8l5TTqylWqaAezyOK-xc9_AqNH-TNgU0efOiCcSrlXPcmE_dczm1kQhwIDYM9uIJvY9lvVEz8F3yuaEJ3RFaiciaeNbxMwrhjkMA6DomVDaOj3J3CrgOmUEIIyBfjM4cxXDjykQBARxqmJMvhchULq88ykl38RWsOMa5pbdbGJiMxk46SymMpxqr5W89nVzNUqgQOaM2lyMYTPgXQXMdoHXwALRxKC6qxQ9l6Gy9gUprTaCTJMIzSY8uRtrCIMct7U36GLqALToVDQAMlsLk-7fzXXV1PJw4PQiMyjCmg4UY0bi2PbpBNZ8un50FpWSD6OxHl_dhmEOPEnsBgMp2kebhHVM-2f56aIkUU_HPpsaZM6ImkaLjIICYRqg6q9tNRQwjd0kTzRU6XMNGaIvnmfGSPv1rCeYUqbztkFiqV4g_tll2krv9nZj1cP6HiqQdLPGlutatzNFjlosl_3KdcrMFhdWLUn8lUb5iDvi3eBoDDczLB0hQfHxVQTLFc59C66W8UZNT0FONe8trsvygFTfWSmSMx1M9eoGoNlykBA5iBlpvA2HTzZ6zcO28ILD1ignz3gSL817EMuoNovB-8FDl2mqRHtO5W_d2SG-DYGmDFwAmuNzH89LyXyhFc5SoRac0n0ISS4gtfbMCMnEl9Dgh842ZTeNHPg54LyABuPH391rCpsUqDbTDr1b2GJRO5qavox_cmcBPicSwVzaLwl4bl39dPERe3M0R6Q7jifir3nPNV1qH3Jmo4FOHs3gPxkn27Pr8OEZay4kQXXEyfW_mdK9-roBdA_k4_SBYViLG4ckY7F5nJPg-PF9HIUqoUqDVLk_p997lyhUHLadSpnlb3I3woPDmeEVQ4owEKYisgBBgHW4BCs4iQzoM6Iw_-9HmcZ0TMko_J31kTIBRuPlBGfU95BjGf4RX-0sqemFAXbwXh7y4o5W8tH7gXdEK3Php_phynMQL0krovLTr_TfY8DRT0p49ZJ7BzXm9CYMY1SyTQCK3nqqF3BhHqPfU9yQMDzVqwzN_wcNnapr3QJPVcV--yZbq2uJeHwFY3cYhI6sWbdnFQApVGQkK8ycYnUeG3p1LInPpm1O0iHqSLxypsQ88Z70llafdSg5ly5BExNf-J1jkIcuSc5yDEW_tB6QHMZvTYYSgSFvEgjzBXBfkO3ZwjhZDv6GwJ2jsZp3uMoHCpOcwCBWrQ9cnbNefD_gQCVBQQobL7cJ7w-00IYiHFJnAUiOjq1aLtalHTpCagoVZDjcqhqf7aMPqKYtHTJbHXBQ29euADMv7nkLhGkredX-OruYCuBHRXbm4nZZCm3aMwWw7bn7wNQuDgxu7QFgAMl_AHwVnKNVk8l7CT_fDYbyEIM_JNRF9Qy97pRXzT4XcLfYMSJmE1LIR3LUrBTtmoRpMd6_lE0F1YlO3BbwO9wo4DAesU7APEPTIswQJdtvQ_qRLnKq8i75T9T8arTVP-fuk2N2hzslDbiaXNj38-9CCFOUN4lVFdnSbjcLwkct6mLF6EZZY2W3QYZzrvOWA8xr0EJHjEVTLDt54P_3ccTX6PnQkv8&cid=CAQSUQDq26N9dxqAY23YX2GiJbnD7E4mo6T7FdkVFp3xhQcl9WVfrSq1gCW7B_q-UWS0euyzAuunuDbhuK9Je72Dopx0W7-yILiPHrMRKZeQYu1kqBgBIA4&dv3_ver=m202209210101&rfl=https%3A%2F%2Fbearinsider.com%2F&ds=l&xdt=1&iif=1&cor=3937164023530862000&adk=3037181500&idt=33&cac=0&dtd=5
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ae778eff86703b09baa4bc89ba09b2a3ba0462d611f5a40f40e5155417a0665d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37593
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame A9BA
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 08:38:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143264
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 19 Oct 2023 08:38:01 GMT
truncated
/ Frame A9BA
215 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1f1a5a2ed0d8459d6359475a13a5625c141506fd51e87d07109a6acac7ad103c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
pd
google-bidout-d.openx.net/w/1.0/ Frame 85EE
0
91 B
Document
General
Full URL
https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by
Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Fri, 21 Oct 2022 00:25:45 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
728x090.html
s0.2mdn.net/sadbundle/1263487268815896576/ Frame 698C
44 KB
10 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/1263487268815896576/728x090.html?e=69&leftOffset=0&topOffset=0&c=gzrokCslzm&t=1&renderingType=2&ev=01_247
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4351a82e34ba7ad1e6ac887e293cdc37fd3a0bc9b1782a0f57be05518b677a4c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Fri, 21 Oct 2022 00:25:45 GMT
expires
Sat, 21 Oct 2023 00:25:45 GMT
last-modified
Mon, 07 Feb 2022 09:04:36 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 8F17
0
64 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu-pDpfio4Cb0ynuV-81XyxUVZtthItGFvhzx6_Ps1rV413LQjXcWiLgbBYWMWBulQ1sFkqjfp4gJ7jAwcJ6_THDfG1bdW7yQC8MIfno2JcD21AR3cgxLFKtT8m3u5uAgU4Z3HCQq4xOzJHvKL7CU8g5-4xW7R0TMc_TVPKpUeIW3al54cPx0dwMBvzPECIujz7K4Lwn6RPR5nR89WcKkWX4ceSn8W9LZtLFpIn12whgxMmsgXD15hAXbKdpo32Bq7ZWbFvN2Sg0tuKRLupRC1bF2r_eOWQKg2EN6JxFAnYeJabIJgUN-GhU_V3vfUD5U_jAYZaiYsSMqOTfZ9iS2GQWGGr0_Pq_0udyRhrFvrkB29agxhodR3AVOBoo4d8JNw2GButlxVd7bbmywzs3j2qZ2_i3PLCyQ_oG7GqPh7jm0c9mztM4SfsaYY4weh1JrvCZJleqVgGLkpCDvLwPHFwqi1CdJv8_V-zh8TIuJHBfl5xJCa_lktAiJxggb6zxEQFKg3NHBeq_gF7gW6kMCpLMJNg7fB56Wgy0T5brTBwu4ZcrI6WfZsBO_V577zqO5XtTeB_wtg6QKgCQq5iMlaNjJ2eH9N2jgUoVLrMjinH13865laQVL8XjPS5cASfMXuOZgkAKWAFpMBdkoCRdDFq5XE1famfnZ5lCgBoaxnCRvmNu44DX54JZ0SaSMhW_m-bu0-Vc0tLqNI6B8haoC_46ltNzHH_8oj_Lh_Mp1y60COQrQQIMsh5pizpq7KomP7IwTWXRmueQ-pe6Nh7DLqr24e-04d5azg7dqjvaUjtr-jNXiTrMuOJcwHMQ1NgjKxzidAyvfpdNNORBP4BeYaUckC0jAEceZO3d8OXaeeOsv6sMnCJjYuQPdtw0J0-l2rYOOFkY-IMpi4APPkTq0h1VtXKB9q4GFhLmYbaYNuTVf-JFXnfj6A_OZnhaKfzmuEjqaxTWW3R0d1GfQDR9Bz4aib8FyEDVBrO1JiGtrSoHZu7CShNKD0nda1PqdO7MqDqV82zVn2KFvL1_Das7NnVJxXe516EVFRstrGjYXjn_-haoSs5vi6azmYrCum8wyXGoo7tUkC42Rjr23K6yB-crj0rzNnbHpLNfhbrQXmDoVR86CMITsCF4GaO8ePGeiELDxZSn8TxrpwtEiXIAHvIGSjAgaX4ZtvGjabGePH1qZki1XOpLXYTbU8cUpzlo3T9ONcjtm1I&sai=AMfl-YRl1XhcdcVbpWdujuaQe762rUS7elSV6VCWd0qFLpRTWyAGBnkhmV1WovQcGnFOKrQuU2m5_vxlH18Z71hPQz5Ppk6QoqHsLvtm6gwMWP8o-yQQM1ORxEdt0ooctO1ZDxbqd-XGSsrpc5IlUFA4qVToCF_jWl1bRGi5y6hVqaqQi3KDHcCBwNNleVB02B6QGTd-tHEbUrn2STNild6SbrONsTNFbvJHJyw9yr8DTr9PBiTkC6Kqva5ExcU_1vcCw_2FyiY6RZAihpK_MZpr&sig=Cg0ArKJSzF4c5z_v84OCEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=121&cbvp=1&cstd=115&cisv=r20221019.20015&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
index.html
s0.2mdn.net/sadbundle/14773911925729263616/ Frame BD4A
87 KB
15 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/14773911925729263616/index.html?e=69&leftOffset=0&topOffset=0&c=LO0Xe9EFxI&t=1&renderingType=2&ev=01_247
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4bb5956b8dbe7c7996feca74a169eea9ae4e6130831c3ed3c22d0db8830dcac4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Fri, 21 Oct 2022 00:25:45 GMT
expires
Sat, 21 Oct 2023 00:25:45 GMT
last-modified
Fri, 05 Nov 2021 12:40:53 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 2F88
0
64 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssyp0lNQYaEWdEzMZPn3uHMUoS4WnYL9WBuCZKeCKctJ-2r3lqIRsr5t-_6ipfBIWe4D7kLE9m3YFpd1GKeXTSuouuqm1pXZ50syd_OcHv5Tpz3UrULojBqKAlwFd-Vr2Rq-DaTmskkWUaEczH6vEOKS9mBaG0__dzryBateqSt4KY15i2Snpm1nFTOC3B9G_ABCrW6DJ2Iv1C61PPqwpld25o-Q-kIsrvJpdBZWkeJv-KnlBWkMCwCEinoXBmU0Vth_QTVcPaVb1tOMTtsuxT_tPLIkS5Wc_O5xSUzBjOY_yKr7aO4KpXHaHGRUXdxAUGC3nsDn8MJvAUaGMGlYbb2tDpvIwBgjG6IFll3frbVKObDad95RFSA6qw_DN6qHF2l0K-_-3au_hXSNh9FdrI8VeuWNFmPAcPKPoLFLPA_jYFdriOzfc6qMse_CUK96K0l4FlwG2sQFsHsdE3-bMYLBjeLJSGDLyo4f5xEuwUCOEyFxICHWj3KiAPBKwzlRaVjRdp1zqb1ZL6Mbfg4z9XsZ4rrpf94S38HB1f65tAvhulp1N7zGGl2auMnvJplXQY1J6fb-kayvTL0RnETZ5BRLLZQlaKHmEmO9OiEX_8xBx4C-ibx-CUFojt8pxWdT9w3QEAp6vSVggRivK0spR7n_-3wNAjxEL2TSOHcfnPGvn1LLObL60jXEFCjjTMahsQaFV2JHY_5SlHJoUm7ewVv_iMSGKZiN3WTa3IpNl0HAPvSqlHxFk_qxO2lx3FKFUpRtHe0rUtkcnns40TFmyHnxPbcpjYyBlUxwu8LBHd9gt9p4fs2Fm2WluBfoHbRzePAyLfo-MAuEZ26BhGHdafaTHfO_voD1T7A9gvybvN4ytMoFKHZdGKD9nGgOzfmoPgxVebvROZsXHNWx_godhoQ6j5efAfGIM5pZjgeIohIfZXA3WEzU6hsDCnOQegyQ5cNvbZMTB4JmUHcTcI6xHOjQ9YqWvOZL0oRLOdtSIy2A1dY96xtHs6Il_Hk7hg_OZLt7tzaVJsSMk9NM6bS8zTX9LrHmFqFnfj5eJkJjlCm2jG1eamPhr2t2sZCzslpSxb__mLKqNrFOIiAqippk42jWA1Za75rvh2tjgGKraEnjHM4iVR8S8MLBtYIjCbTywkIQthLVPyNFDW2JpxYPEM7md3loY9ndI2zOC3a_sWWAGjH-f9kadOn1c5HMH7rtHsWKlt-pZI4&sai=AMfl-YSZRkoPnUdKCr4m5QUhXUbgwbp3U7xrOPVjxDgX4fUKr5xy53HKMlzXDpx7fs2XHx3-nfcwsuKhWhWJarUA-F3rbROEfROkTsXJBIFUDqbPITKQo4j-UJb2NR1qS8y4FyW1NwJKehUD_fWYW7xaTkuyRQ3Xh58ZLWkHiT10z9TCuMZZMUJvD_X1vVmCGsYls5aA-sW5DT0P6ewaiC64wXpyKIdcLzpsoEMiboKOb3Y7L7aenSthnHIWQWqJOWub1qyiP0yVWo25onYLUYKeeBKhlL-BRbk7jWQRH9GuvJu4chSlQfHS04Tnl_uBm4Mr2sPj5FKz3TaHtg&sig=Cg0ArKJSzHHj6tMvQI12EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=168&cbvp=1&cstd=164&cisv=r20221019.73072&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
generate_204
tpc.googlesyndication.com/ Frame F0B4
0
10 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?v4kzdg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 2F88
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 08:38:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143264
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 19 Oct 2023 08:38:01 GMT
truncated
/ Frame 2F88
217 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
51c94bb53e9a69aa441ddd93c5874e0e9d5edccd2aa31d8377753726cb137b8a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 8F17
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 08:38:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143264
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 19 Oct 2023 08:38:01 GMT
truncated
/ Frame 8F17
218 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a1a154110cdb83e6c861b4c5d8a1c51882f119639e91a9ca4adf7c70748a4e5b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
Enabler_01_247.js
s0.2mdn.net/879366/ Frame 698C
118 KB
40 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1263487268815896576/728x090.html?e=69&leftOffset=0&topOffset=0&c=gzrokCslzm&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/1263487268815896576/728x090.html?e=69&leftOffset=0&topOffset=0&c=gzrokCslzm&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 11:10:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
47728
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 21 Oct 2022 11:10:17 GMT
gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 698C
60 KB
24 KB
Script
General
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/1263487268815896576/728x090.html?e=69&leftOffset=0&topOffset=0&c=gzrokCslzm&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/1263487268815896576/728x090.html?e=69&leftOffset=0&topOffset=0&c=gzrokCslzm&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24155
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 21:23:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 21 Oct 2022 00:25:45 GMT
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame F4E6
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
143264
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Oct 2022 08:38:01 GMT
expires
Thu, 19 Oct 2023 08:38:01 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
skeleton.js
fw.adsafeprotected.com/rjss/st/1190398/65997902/ Frame 55FE
236 KB
71 KB
Script
General
Full URL
https://fw.adsafeprotected.com/rjss/st/1190398/65997902/skeleton.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.16.17.93 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-16-17-93.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
bf6c9da6cd516bbb79ea18f42c1450a5624e1c8d7608c4292f8b02d6702e31de

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
gzip
vary
accept-encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
fw.adsafeprotected.com
cache-control
no-cache
access-control-allow-credentials
true
expires
Wed, 31 Dec 1969 23:59:59 GMT
express_html_inpage_rendering_lib_200_276.js
s0.2mdn.net/879366/ Frame 55FE
106 KB
37 KB
Script
General
Full URL
https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Origin
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 10:24:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
50463
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37872
x-xss-protection
0
last-modified
Wed, 02 Mar 2022 23:07:26 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 21 Oct 2022 10:24:42 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/elements/html/ Frame 55FE
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/elements/html/omrhp.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 17:50:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
23705
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3181
x-xss-protection
0
server
cafe
etag
10699485926258732851
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 17:50:40 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/ Frame 55FE
30 KB
11 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20221019/r20110914/abg_lite.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06da16002b06a44b36022933c8aa72978db6661c4491e40f81ab16ac9b9833d5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:34:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
21088
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11726
x-xss-protection
0
server
cafe
etag
11376305771055881226
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Thu, 03 Nov 2022 18:34:17 GMT
Enabler_01_247.js
s0.2mdn.net/879366/ Frame BD4A
118 KB
40 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_247.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/14773911925729263616/index.html?e=69&leftOffset=0&topOffset=0&c=LO0Xe9EFxI&t=1&renderingType=2&ev=01_247
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14773911925729263616/index.html?e=69&leftOffset=0&topOffset=0&c=LO0Xe9EFxI&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 11:10:17 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
47728
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41099
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:45:07 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 21 Oct 2022 11:10:17 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame A9BA
0
26 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuxBBfIGRkqnuwg2Aj5d3jXWIj0sSfsd1O5itZEhADCo3IgoZB-ukFLN3y54KlJw_ncRIpQJVdvUmIi_EMvE5DsvjN5GufbhLp7hJN3WYC4vFPhwbe2xiZooPob6A4XN9dJZNNIejsgVMHEt4E6-LmuAb418k9GCJ1KCSSljEzRF7xNEWJ3zCuxjmMGW9FwoJ0Y4myKU0qY3DgpghYBl9CejBqzhRtSY6LBdQN5pL7JslE3qRM-Emc1CQoGltgo8ANY2GLyXa-U0SIq3CnENM_TCTZNXwIAXOsFpvUXRKUqevMQpyeI0YcURF3jEoTvQhSxVhxEk3BtEq_hchdHEPbNXD4VfrGwq9UmfjeOhtUI76Iw95RtgjylXF58YjXxJqz3BDeQQo-vgEvgjh7OAhzYfiIh4T51kWBmsNtlWpJWxRo9XzOeL6DGKJOzF9DPdzGnO654HC2q_slhGVs4bj3-U7NMbIkclefY3Vems5d0OeJgXsqv9k6I-VyLgc-_3D-s2fuFzN3E2gvCEeDeRAU-ULJECIA-0nZrIqopmTTu_i1URTA9LQAWLhV1aTNUHupHQYQ7BcdEYsBPpo_m6tLg16fYQ6pqgFVSfsZ0G9yCeWsUYof66JkAX0TdpjZUjVFIfgXc1PcJKlxSMlZU4mCVYbW0nAa0F1y_vEpOJi6yE3ouPzVHEZnyaa1cUeKNEEpIMlSiGN1HHF1aY6KEo97zKXb05QeGP5fvJvSFvKfnbzuz5OcGvWGI9klvXovaW1l6rv6QA8DanpOBhJ6Kp2-Bu8YI3fK_9uzGOnL1HCpRRVFwb62P7pcZ54Z6FmvolBJiXZ6BOt6bK75tNnpdxMFUuUhLuawIcJDN86hgPNz-gpNbP-WjeV6AlqtARSgu2A2qP9csa49Sa3_w9lKIgA24IRmJ6qEY_nYN-oGRKioZA0NZl8zJpJXk2umFCsZKuo2yZ7YSebv2dmjazTkKkYiutlLKnx1f1YNOyIOY2P59V36QVo-eqbtMdQ4zOHVg7NmwV_A7iEg3UPlWhB6TWDT6VVs-APH299RCQMZxZOAYRcSEqAHwaptJ_vdU176p-ZhMt5OsDsfDDO6FsuSEiKOtgvd0D_rksvW4LPKtVrHySRfLPptU30GV3wzZ65v-jFsKOCQJZmnEtln33PoSoKnTXQy_zgs4Ma2ht_M&sai=AMfl-YQ_3X6Wyvo0xtJUc5WMLJczbw7nuPtNGrm0PXeF9kCdEivME1gTML3HExGn7wP-dywPmVbU4QdgYZ0yoOs3TfJWMgmphxrlfB9iaFqCWHB66gSABYNWwQ5-sHH1ph0R-CPU2VezdL9hik_5fEs60JDo1HGZL7b8sLDzDOicg8HskEPxYqTm6R-DiZa5kX_VfOTFg8IjIxVvbYYzV8R_0z7Oy2M0eZSUWU3IqJS4wgWCgNyZU5qrhyYtYXBAk2sgFPSS7NpOxYORq9RgLE1JoZ0&sig=Cg0ArKJSzAQaJc6ckwCXEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=433&vt=11&dtpt=228&dett=3&cstd=203&cisv=r20221019.87905&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame FC4F
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
143264
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Oct 2022 08:38:01 GMT
expires
Thu, 19 Oct 2023 08:38:01 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 8B0E
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
143264
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Oct 2022 08:38:01 GMT
expires
Thu, 19 Oct 2023 08:38:01 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 8F17
0
26 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu-pDpfio4Cb0ynuV-81XyxUVZtthItGFvhzx6_Ps1rV413LQjXcWiLgbBYWMWBulQ1sFkqjfp4gJ7jAwcJ6_THDfG1bdW7yQC8MIfno2JcD21AR3cgxLFKtT8m3u5uAgU4Z3HCQq4xOzJHvKL7CU8g5-4xW7R0TMc_TVPKpUeIW3al54cPx0dwMBvzPECIujz7K4Lwn6RPR5nR89WcKkWX4ceSn8W9LZtLFpIn12whgxMmsgXD15hAXbKdpo32Bq7ZWbFvN2Sg0tuKRLupRC1bF2r_eOWQKg2EN6JxFAnYeJabIJgUN-GhU_V3vfUD5U_jAYZaiYsSMqOTfZ9iS2GQWGGr0_Pq_0udyRhrFvrkB29agxhodR3AVOBoo4d8JNw2GButlxVd7bbmywzs3j2qZ2_i3PLCyQ_oG7GqPh7jm0c9mztM4SfsaYY4weh1JrvCZJleqVgGLkpCDvLwPHFwqi1CdJv8_V-zh8TIuJHBfl5xJCa_lktAiJxggb6zxEQFKg3NHBeq_gF7gW6kMCpLMJNg7fB56Wgy0T5brTBwu4ZcrI6WfZsBO_V577zqO5XtTeB_wtg6QKgCQq5iMlaNjJ2eH9N2jgUoVLrMjinH13865laQVL8XjPS5cASfMXuOZgkAKWAFpMBdkoCRdDFq5XE1famfnZ5lCgBoaxnCRvmNu44DX54JZ0SaSMhW_m-bu0-Vc0tLqNI6B8haoC_46ltNzHH_8oj_Lh_Mp1y60COQrQQIMsh5pizpq7KomP7IwTWXRmueQ-pe6Nh7DLqr24e-04d5azg7dqjvaUjtr-jNXiTrMuOJcwHMQ1NgjKxzidAyvfpdNNORBP4BeYaUckC0jAEceZO3d8OXaeeOsv6sMnCJjYuQPdtw0J0-l2rYOOFkY-IMpi4APPkTq0h1VtXKB9q4GFhLmYbaYNuTVf-JFXnfj6A_OZnhaKfzmuEjqaxTWW3R0d1GfQDR9Bz4aib8FyEDVBrO1JiGtrSoHZu7CShNKD0nda1PqdO7MqDqV82zVn2KFvL1_Das7NnVJxXe516EVFRstrGjYXjn_-haoSs5vi6azmYrCum8wyXGoo7tUkC42Rjr23K6yB-crj0rzNnbHpLNfhbrQXmDoVR86CMITsCF4GaO8ePGeiELDxZSn8TxrpwtEiXIAHvIGSjAgaX4ZtvGjabGePH1qZki1XOpLXYTbU8cUpzlo3T9ONcjtm1I&sai=AMfl-YRl1XhcdcVbpWdujuaQe762rUS7elSV6VCWd0qFLpRTWyAGBnkhmV1WovQcGnFOKrQuU2m5_vxlH18Z71hPQz5Ppk6QoqHsLvtm6gwMWP8o-yQQM1ORxEdt0ooctO1ZDxbqd-XGSsrpc5IlUFA4qVToCF_jWl1bRGi5y6hVqaqQi3KDHcCBwNNleVB02B6QGTd-tHEbUrn2STNild6SbrONsTNFbvJHJyw9yr8DTr9PBiTkC6Kqva5ExcU_1vcCw_2FyiY6RZAihpK_MZpr&sig=Cg0ArKJSzF4c5z_v84OCEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=321&vt=11&dtpt=200&dett=3&cstd=115&cisv=r20221019.20015&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
pagead2.googlesyndication.com/bg/ Frame F4E6
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba8af0d50d79678d5e9e6e68935c23511ff6ae811c880f6b0815855e696b023e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 18:38:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107263
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15900
x-xss-protection
0
last-modified
Tue, 18 Oct 2022 15:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 19 Oct 2023 18:38:02 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 55FE
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 08:38:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143264
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 19 Oct 2023 08:38:01 GMT
truncated
/ Frame 55FE
218 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
711e66708e1264e96b0a0a07d958c999573fa6105a48ac136bb96ef6b3ce84f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
index.html
s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/ Frame 0148
19 KB
4 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
27cee90d41dec7907b22a3fb792fbb745242aed3c6a9ce57f7e1236fbbb2aa2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
132660
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
4129
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Oct 2022 11:34:45 GMT
expires
Thu, 19 Oct 2023 11:34:45 GMT
last-modified
Wed, 12 Oct 2022 09:53:03 GMT
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-xss-protection
0
view
googleads4.g.doubleclick.net/pcs/ Frame 55FE
0
27 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuFnhH35_kI363asaBWNOQdY4JYbFD7S9vEcYvlRlqAPz4V4KFvdoYqbona5mvzPQTQcIAa8fndErg_PT3uCIA3cszA8XAxETbz3E_ru0Baq0wL5SvCOx6kPXjjM53OkNRR957w8tsWax5cJMXgnlKlqo1qTwCM5kL510hgviKm4EOEOsEi5reV5FU2nns4misSMVG2KZ-N36hg5R6RTQP7O9jRjEJyaFPMoY0FhhaB6FftS3KHpo07_ulwX6sucycPJBAXzwWQdKrHxaK5oRKouZewRRsPkgV--QtttR_kZZSRdVWweswxIdb_bDUeWrQET_KuVnqAMnROXv1jPneBn5bLT4K_r5Q5wyYPlmMpK75EKvdjqa0tItUf2CIfbgtIrRZOR6a1SHXK5udo8ji5TD-Hs2iLYnNXHpHwCYc_CAyS3ru7mcQ3PZV1QTHfLVPL1YspSpMKXiFBCX8i_5QGewY3rZ10SNV_cmJa-phZ6Z6Fy3rr1R3xhYtnglmZxol29BGhhjKJx0f8ONgUormDIYM5n3WcHb3NMR1qEK8ij49WTYDtREPffMOGDrXAjF4PzKuHbIdMK4ek12U2C9fa-UDzhT3rhDa9Lt5SZsnoBHVsp-tnZ2aM1usvAaCnl8ttPjy7vOdreofKZ9NAiNmJgHZMFwlzdGHPjbjIZx98QlMaI6jI5oXX5MkP4RAbe8ta-1la9ksOFQy2oBoswMxPcfeFLPcd9SmchYMS-SQ3QGvUjs45vGhfCrfMfkuMs7Qb6iA_50B3sdbvlUjW7JXtzYDs_8sRP5g-X7buXw-Aq3sSNCoyRZoZkuJz9LE3drs5V3_-sHSfq3JC9vpO7XEEyuUqypZZ92JHkz7NXafIRejN77_DmHWgvdkUcL19mP9iQ3PioYZTJGuwT7LI5h40Dq1Cw3j1ve930WAxENjV7LfFiM8E4_VPM_1ToL881Itwy1GdSicRgYI1ylI3Fzo-bkMAoYKLxQUWN5lIhP5pNkskICFFV7wPcEg6TJi9I29o1r928GdjiELsowZy39Z-TVv5IXdHAl6LZcTO6Ysq3n3evhDbrUjPWmWs3LoeDbNKMjePD1thlZbUdi5N_M1nohO758YFk3M3wvO8A7HjWL7Ku1Pd8p5ZGHhjCVO1Lt6zbcZQuGenoNPflRC06ZdFpCdc-dB3YjuY1R_S7qQokuCLC5ddFI4oVf9kw2i-2r-cz_XoI15GS-y-dKisPPk93-LlfrI&sai=AMfl-YSko1sVhz2qqzZX3yImBEhuQlXBmGzwjKphheH5dwmcEXc6h7c5WdD6756KzFtU_-Bubj77gpRFPKiURXHa78I7rQmcDJcFqLv7T_DGOF7LyCPGWeDzKO_PxO_slQJ3FirCUK3gUHSHAaeBoO8QqKxhV0AnGV3SGuSmgfFIW7IFC3IWfL4GIkiUz28-u3Hh66fSLP1a49gEsVjHFeNisJt17vEMligK1AQz4fzqDmjOWkFSs9lKJTJQojH5gsKHKPDaTbxy5PRnlNDKyCTrUGthpYsdYO-A2k8-yPwLQc0hk7Ij9ai5GIIhJXg_bUwYi8ok4z7FvcbOhvne&sig=Cg0ArKJSzA9wsvgeiPYIEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=114&cbvp=1&cstd=113&cisv=r20221019.57562&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy
script-src 'none'; object-src 'none'
date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
sodar
pagead2.googlesyndication.com/getconfig/ Frame 698C
7 KB
6 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ff473fdc2276fe4760eb499f944460c4219b6639676288d7709e5cdb9e6b70bb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5781
x-xss-protection
0
6321a5312e3a572c4684eff4
c.bannerflow.net/a/ Frame B336
66 KB
23 KB
Script
General
Full URL
https://c.bannerflow.net/a/6321a5312e3a572c4684eff4?did=5ced17d285b1c200019c3fe1&deeplink=on&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvWUtkPFGGC0kZV4WI89SUOg3ZcRztrFlS-wo0hvwuZwFEGfgQyO-fANlCOHd7i8mrQIN5uGnO0J5BrGljzirqKxfpK1kb8lWVST8yVN_DKFd7q2a4OFC6olY0KgxlQ2DTszcALFH3-EqIJNq3IXCcXJZ8pLv_8M6CawcAmWS3MLmGsK2VGR2TVnmTaF2uuvE-DEYp7xNLB26wMQHadbGmut8WlfctnkolbHJSlklHQJ56rABdnJG0scxeL83s8xvKQZI5jSf6TKy5SYg6_Gmql8CDmnq7_C8fUhcRoHE-nid7KFk8jH-Vm4-qcWuGtz-24eivIYWsilB3XSyYrXEq5iW2lR99FzFF750Cbdyx7fwhF4bOEe1MHa4cNiC35nNSISouY9LxgT7M-VazxAL7L8YA02t0gvBj6kHm6HBsWmGOgDkEV0KOdGWZg-V2fYfJkAT0StaIqqlIyppuIeKBuuKNXf--OzBIsro5hvinD8NVrv0a665KV9ov8ZWqKjls-YGdTh6yaQTb9T_h7so4hzjX_ORBk5lDbS-hDd4_f1UXaiHTlIiAMWjG8cjjkNNyGGBUbugkfejlOjVHHqBfynm1_lq51VAPRX9J7Sv09JRIg-Z7W319fZdvF7240XWjgUWmMMYSQGe1Q6s8UJeIQk6O08YpKfRSLXeaMhL0og0kw8LxxCq2P0hV50zXuIqhgO5x1uv8CreNaTX9Sc0SJPSLdcC-UCEyG-G6wW5Qh59IcgwqjA4Z9y97JzlnNyBsLLYq_nL9hMode7jt3AS_WSoIKFttAQmyMkJIxnbyAXj1mXY_0eIcd_5JMROT5VCjwcNpPrq1xTVt2QK2thSCsXZBLNnI3wqdye2pybmaNVt17PpCV07D75ur-xUwPndSOLvK25e6_wmlbVlBlN8nYgfZce7Jqk7VEpbm5yGps6bLWBVFIy4RszP7BaNAPS6xHK0TAHkRbqq9yc8jHUGPpMOObPWguDwe1lQmCpd8nBSYxNP0mYdgJ4LwpDs14cMTqhBHt-89KkNWjGf8kEykKhkIJ__jKZ5XbHFnFTlju_8dUz_BpodkoFRIHRfOOwQlcGgi5XWdnnID-ZOTRx1p4XDSuNMfZVHDnkgo7bHnFs6W4rPupJOJo0keDv2Blv-Mlw8tXFYs7TY8USJoqLZQOZz1ihtwx9GOu%26sai%3DAMfl-YTtbrKE1ffwymFKEwuItwLp-bSl4QcthBfLm8KVB3g5pYdtE-OK6onUop9RN9hEM6WZF3bGST8ur4GxE9BM4NPE9sjg3Ct-Fak_0ueWLAHB4-XFr_SeEEBxmXimBrkgdylKhWuKMZIW_huuPL7EF9q4_V9TyR0lHGeydAoo1WSxahvuoWb181zWUQiTEx6B_7x_LEwBnvHh-XdVUBA-PLlgQQPv0yDvfO1xfhlvdhE9QRWAebDG7iAdY7cM7jGN0dF2X3HgztIm7zjXsykmqnn-wRj7xK4Q-g%26sig%3DCg0ArKJSzFiir897fq2REAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D6653327%26adurl%3Dhttps%253A%252F%252Fwww.wyndhamhotels.com%252Fde-de%252Fhotel-deals%252Fsave-now-stay-later%253Fcid%253DDP%253Aiyg0g76hdpq4yhz%2526dclid%253D%2525edclid!
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16633326591040028672/WHRGermany-Deutsch-728x90-637987462014180196-72a168c9-377a-4ca1-a46a-2db3f8c0b239.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1be8248f466945478b4e2d7438cb1e81068549f6785d08c8d25121159c1d71cf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

request-context
appId=cid-v1:1a5f66bd-0229-467a-a946-b3753e659ecb
date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
br
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
75d5db9d0acb906d-FRA
content-type
application/javascript
view
googleads4.g.doubleclick.net/pcs/ Frame 2F88
0
26 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssyp0lNQYaEWdEzMZPn3uHMUoS4WnYL9WBuCZKeCKctJ-2r3lqIRsr5t-_6ipfBIWe4D7kLE9m3YFpd1GKeXTSuouuqm1pXZ50syd_OcHv5Tpz3UrULojBqKAlwFd-Vr2Rq-DaTmskkWUaEczH6vEOKS9mBaG0__dzryBateqSt4KY15i2Snpm1nFTOC3B9G_ABCrW6DJ2Iv1C61PPqwpld25o-Q-kIsrvJpdBZWkeJv-KnlBWkMCwCEinoXBmU0Vth_QTVcPaVb1tOMTtsuxT_tPLIkS5Wc_O5xSUzBjOY_yKr7aO4KpXHaHGRUXdxAUGC3nsDn8MJvAUaGMGlYbb2tDpvIwBgjG6IFll3frbVKObDad95RFSA6qw_DN6qHF2l0K-_-3au_hXSNh9FdrI8VeuWNFmPAcPKPoLFLPA_jYFdriOzfc6qMse_CUK96K0l4FlwG2sQFsHsdE3-bMYLBjeLJSGDLyo4f5xEuwUCOEyFxICHWj3KiAPBKwzlRaVjRdp1zqb1ZL6Mbfg4z9XsZ4rrpf94S38HB1f65tAvhulp1N7zGGl2auMnvJplXQY1J6fb-kayvTL0RnETZ5BRLLZQlaKHmEmO9OiEX_8xBx4C-ibx-CUFojt8pxWdT9w3QEAp6vSVggRivK0spR7n_-3wNAjxEL2TSOHcfnPGvn1LLObL60jXEFCjjTMahsQaFV2JHY_5SlHJoUm7ewVv_iMSGKZiN3WTa3IpNl0HAPvSqlHxFk_qxO2lx3FKFUpRtHe0rUtkcnns40TFmyHnxPbcpjYyBlUxwu8LBHd9gt9p4fs2Fm2WluBfoHbRzePAyLfo-MAuEZ26BhGHdafaTHfO_voD1T7A9gvybvN4ytMoFKHZdGKD9nGgOzfmoPgxVebvROZsXHNWx_godhoQ6j5efAfGIM5pZjgeIohIfZXA3WEzU6hsDCnOQegyQ5cNvbZMTB4JmUHcTcI6xHOjQ9YqWvOZL0oRLOdtSIy2A1dY96xtHs6Il_Hk7hg_OZLt7tzaVJsSMk9NM6bS8zTX9LrHmFqFnfj5eJkJjlCm2jG1eamPhr2t2sZCzslpSxb__mLKqNrFOIiAqippk42jWA1Za75rvh2tjgGKraEnjHM4iVR8S8MLBtYIjCbTywkIQthLVPyNFDW2JpxYPEM7md3loY9ndI2zOC3a_sWWAGjH-f9kadOn1c5HMH7rtHsWKlt-pZI4&sai=AMfl-YSZRkoPnUdKCr4m5QUhXUbgwbp3U7xrOPVjxDgX4fUKr5xy53HKMlzXDpx7fs2XHx3-nfcwsuKhWhWJarUA-F3rbROEfROkTsXJBIFUDqbPITKQo4j-UJb2NR1qS8y4FyW1NwJKehUD_fWYW7xaTkuyRQ3Xh58ZLWkHiT10z9TCuMZZMUJvD_X1vVmCGsYls5aA-sW5DT0P6ewaiC64wXpyKIdcLzpsoEMiboKOb3Y7L7aenSthnHIWQWqJOWub1qyiP0yVWo25onYLUYKeeBKhlL-BRbk7jWQRH9GuvJu4chSlQfHS04Tnl_uBm4Mr2sPj5FKz3TaHtg&sig=Cg0ArKJSzHHj6tMvQI12EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=416&vt=11&dtpt=248&dett=3&cstd=164&cisv=r20221019.73072&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
pagead2.googlesyndication.com/bg/ Frame FC4F
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba8af0d50d79678d5e9e6e68935c23511ff6ae811c880f6b0815855e696b023e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 18:38:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107263
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15900
x-xss-protection
0
last-modified
Tue, 18 Oct 2022 15:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 19 Oct 2023 18:38:02 GMT
uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
pagead2.googlesyndication.com/bg/ Frame 8B0E
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba8af0d50d79678d5e9e6e68935c23511ff6ae811c880f6b0815855e696b023e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 18:38:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107263
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15900
x-xss-protection
0
last-modified
Tue, 18 Oct 2022 15:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 19 Oct 2023 18:38:02 GMT
CodeProLCW05-Regular.woff
s0.2mdn.net/creatives/assets/2560291/ Frame 698C
52 KB
52 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/2560291/CodeProLCW05-Regular.woff
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
65ec5e0481c4ceacde8c5e8fab9d5305fc68496b8c75d7d58fb0e91feaf7f598
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1263487268815896576/728x090.html?e=69&leftOffset=0&topOffset=0&c=gzrokCslzm&t=1&renderingType=2&ev=01_247
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:16:55 GMT
x-content-type-options
nosniff
age
530
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
52901
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 12:12:00 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 21 Oct 2022 00:31:55 GMT
CodeProBoldLCW05-Regular.woff
s0.2mdn.net/creatives/assets/2560291/ Frame 698C
48 KB
48 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/2560291/CodeProBoldLCW05-Regular.woff
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92426eb5437b357b9046670556ba89baa8384edcc8734f56b813745bdb9e1cc6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/1263487268815896576/728x090.html?e=69&leftOffset=0&topOffset=0&c=gzrokCslzm&t=1&renderingType=2&ev=01_247
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:18:21 GMT
x-content-type-options
nosniff
age
444
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
49198
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 12:11:57 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 21 Oct 2022 00:33:21 GMT
60005582_20220906232153429_Intro_728x090.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 698C
4 KB
4 KB
Image
General
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220906232153429_Intro_728x090.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33cba9eeba7005d93b750ec376f71bf0cb042e7dd0669081bdbe055426cc2924
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/1263487268815896576/728x090.html?e=69&leftOffset=0&topOffset=0&c=gzrokCslzm&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 16:26:40 GMT
x-content-type-options
nosniff
age
28745
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3946
x-xss-protection
0
last-modified
Wed, 07 Sep 2022 06:21:53 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 21 Oct 2022 16:26:40 GMT
60005582_20220908052226611_Galaxy_A53.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 698C
35 KB
35 KB
Image
General
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220908052226611_Galaxy_A53.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c4256232b7d938af44cde8123f79ce9dd6acfc2302ccaf0168abd16ae8c833ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/1263487268815896576/728x090.html?e=69&leftOffset=0&topOffset=0&c=gzrokCslzm&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 19:11:22 GMT
x-content-type-options
nosniff
age
18863
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35985
x-xss-protection
0
last-modified
Thu, 08 Sep 2022 12:22:26 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 21 Oct 2022 19:11:22 GMT
postview.gif
portal.blau.de/nws/img/ Frame 698C
43 B
632 B
Image
General
Full URL
https://portal.blau.de/nws/img/postview.gif?partnerId=BLU_DSP_TRA_HAV_34114_PV&mediacode=26952485_4307561_342686903_154735167_PO2703A20220908&ref=26952485_4307561_342686903_154735167_PO2703A20220908
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
82.113.101.236 , Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS
portal.blau.de
Software
Apache /
Resource Hash
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 21 Oct 2022 00:25:45 GMT
Last-Modified
Wed, 26 Aug 2020 10:11:24 GMT
Server
Apache
ETag
"2b-5adc50abeeb00"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type
image/gif
Connection
close
Accept-Ranges
bytes
Content-Length
43
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame BB94
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
143264
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8395
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 19 Oct 2022 08:38:01 GMT
expires
Thu, 19 Oct 2023 08:38:01 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 8735
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstffQzcExhasCuuBYDqLSNveREMIqEGPFwG42DlrsmAVm--cm4jXyKMe_dpqlxEOqSWAtt9zBt9Ph_pIsEk4nG0kiiMx89L5iFDSZMF99oC575-ibPhrCxPrh-q2FZu7Pe-MFUWvEOCNAmb1e0U5GmICSo0hn9f0tQqb57uRaisCFvo3129PjjLhmoGqW-DsFPtwutYgJIF2uaW0h_nGPjMVt7TTkow2rmrbYPlYLjf8M-CAHDNlgFwAmBgt02k_wArwZcwziYTxgDV7WMIBPcGh180N80BmrpZfjazQ8ARbeVjwazCG3dJtLSpjM8DUBcVJKa7EE0sdFRjg-3hFAckVgx7InLr1_TINE-N0F7t5m5N_pwFDbHcewDQ63_g-m2jqk8Y-pb1Bw&sai=AMfl-YQUjhySZFbCkbpC3rRgn3CrcPKjf2LR7Tiq4SCJ-xAGl9hZs36tycVt5EipoBRv5GOsI0HBpmgk34XmUKvyWim_jYyJsQ0I1OXie5AEjWkWFOYmgPrFCalt9q_2IBO44A&sig=Cg0ArKJSzBqVPRbY_QzWEAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
client
ssl.connextra.com/DiDNAGroup/selector/ Frame 2CD4
407 B
951 B
Document
General
Full URL
https://ssl.connextra.com/DiDNAGroup/selector/client?client=DiDNAGroup&placement=didna_didna_300x250_placement5
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.203.66.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-66-225.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e6f4da7f89a69ed052f1dc36dbde4293db5ee32640b75a93a1360dc0a6afbd46

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=0, no-cache, no-store
content-length
407
content-type
text/html;charset=utf-8
date
Fri, 21 Oct 2022 00:25:45 GMT
expires
Fri, 21 Oct 2022 00:25:45 GMT
p3p
CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
pragma
no-cache
vary
*
x-served-by
vlp-cxtadsrv02.connextra.net
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 8735
152 KB
46 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
66acb48e5d896c024b5ce7003d0375794e4a6603e8454e902ea448db160884d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47476
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1666179788250400"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 21 Oct 2022 00:25:45 GMT
handler.svg
s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/ Frame 0148
859 B
421 B
Image
General
Full URL
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/handler.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9e391f70821c1f3c49a2d9a9a2e1b6085fcd1f5aafe404258adbd024a9bef517
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 11:34:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
132660
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
392
x-xss-protection
0
last-modified
Wed, 12 Oct 2022 09:53:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 19 Oct 2023 11:34:45 GMT
bg-1.jpg
s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/ Frame 0148
74 KB
74 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/bg-1.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
23cbabdd9fd6d02ad40ec899f459710c56579f1d5ca5c55bae43b67c557c0dfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 11:34:45 GMT
x-content-type-options
nosniff
age
132660
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
75352
x-xss-protection
0
last-modified
Wed, 12 Oct 2022 09:53:03 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 19 Oct 2023 11:34:45 GMT
bg-2.jpg
s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/ Frame 0148
100 KB
100 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/bg-2.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
570f78d728c94a7c5310b1e8d9e819a5f799a1014fe338c5fa4dc426a5fde7dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 11:34:45 GMT
x-content-type-options
nosniff
age
132660
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
102259
x-xss-protection
0
last-modified
Wed, 12 Oct 2022 09:53:03 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 19 Oct 2023 11:34:45 GMT
bg-3.jpg
s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/ Frame 0148
79 KB
79 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/bg-3.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2d86a1b94fed3b4569650a6a3df0f3ea675076948b6309e05a09ef7ae7e83b97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 11:34:45 GMT
x-content-type-options
nosniff
age
132660
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
80986
x-xss-protection
0
last-modified
Wed, 12 Oct 2022 09:53:03 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 19 Oct 2023 11:34:45 GMT
bg-4.jpg
s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/ Frame 0148
71 KB
71 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/bg-4.jpg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
2a477f97429c3535ffe5572338afc5d303547f2902153f1ebccaa76d0d5d6034
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 11:34:45 GMT
x-content-type-options
nosniff
age
132660
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
72621
x-xss-protection
0
last-modified
Wed, 12 Oct 2022 09:53:03 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 19 Oct 2023 11:34:45 GMT
button.svg
s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/ Frame 0148
669 B
376 B
Image
General
Full URL
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/button.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3d89de2962a7a9582283b1d1ab5bb1138b1ddbb3c36865bb5860912f13c2dd7c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 11:34:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
132660
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
347
x-xss-protection
0
last-modified
Wed, 12 Oct 2022 09:53:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 19 Oct 2023 11:34:45 GMT
logo.svg
s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/ Frame 0148
13 KB
6 KB
Image
General
Full URL
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/logo.svg
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
748735a831b31b735e397d4928ecf548aa9583136644b8989f5897db1f97e18d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 11:34:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
132660
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5994
x-xss-protection
0
last-modified
Wed, 12 Oct 2022 09:53:03 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 19 Oct 2023 11:34:45 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 698C
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 21 Oct 2022 00:25:45 GMT
sequel-55.woff
s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/ Frame 0148
23 KB
23 KB
Font
General
Full URL
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/sequel-55.woff
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b79969bfe5205648c47230516c4f7da363bbc37cfcf56057abb24c8fbc34d747
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/4176737249040192593/CD~Alfa%20Romeo%20PAC_LG~DE_TA-Jetzt%20leasen_PR-Giulia_SZ~300x250_FF~None/index.html
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 11:34:45 GMT
x-content-type-options
nosniff
age
132660
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23924
x-xss-protection
0
last-modified
Wed, 12 Oct 2022 09:53:03 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Thu, 19 Oct 2023 11:34:45 GMT
4a.js
static.adsafeprotected.com/ Frame 55FE
Redirect Chain
  • https://fw.adsafeprotected.com/rfw/st/1190398/65997902/4.js?adContainerId=brand_safety_CedRY-n_GdqY-gajyrfACg&cbFunctionName=goog_wrapCb_CedRY-n_GdqY-gajyrfACg&true_pb=&adsafe_pb=https%3A%2F%2Fstat...
  • https://static.adsafeprotected.com/4a.js
2 KB
2 KB
Script
General
Full URL
https://static.adsafeprotected.com/4a.js
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Server
2600:9000:223f:9a00:8:48e:53c0:93a1 , United States, ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Tue, 18 Oct 2022 17:04:56 GMT
x-amz-version-id
V52HQBK4XV3qaSHm0FfopKl09Kk4Y8eU
content-encoding
gzip
via
1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
199250
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Tue, 18 Oct 2022 17:04:53 GMT
server
AmazonS3
etag
W/"589d8955c4906ab1b8e63a2f92d932d3"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=604800
x-amz-cf-id
7dTJhG763OXQDcudCDk6XBlvU6uIy7XirH0yTrCa1fPKdzFR0Q6czA==

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:45 GMT
server
nginx
x-server-name
app06.ie.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
location
https://static.adsafeprotected.com/4a.js
cache-control
no-cache
content-length
0
sca.17.6.2.js
static.adsafeprotected.com/ Frame 72F7
91 KB
23 KB
Script
General
Full URL
https://static.adsafeprotected.com/sca.17.6.2.js
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223f:9a00:8:48e:53c0:93a1 , United States, ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 21 Sep 2022 15:36:17 GMT
x-amz-version-id
go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding
gzip
via
1.1 ee6745944298a5956e13c939ebdcf8f2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
age
2537369
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Sep 2022 19:21:34 GMT
server
AmazonS3
etag
W/"1f3488247c90bb5de253d3d0cb3b7458"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=315360000
x-amz-cf-id
Zl8SNO9mabnYjRQpnLrrOj-fL9j029wMY4RKjoziqtKcnFS1_W57ig==
dt
dt.adsafeprotected.com/ Frame 55FE
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1190398&asId=c613b7f3-da12-4b71-2587-35252b664e8a&tv=%7Bc:rDku7O,pingTime:-3,time:93,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:19%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:93,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B85~0%5D,as:%5B85~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tkQX6Sr+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b1%7C1b2%7C1b31%7C1c1%7C1c2%7C1c3%7C1d1%7C1d2%7C1d3%7C1e%7C1f*.1190398-65997902%7C1f1%7C1f2%7C1f3%7C1g%7C1h1,idMap:1f*,rmeas:1,rend:0,renddet:na,siq:20%7D&br=c
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7780:69dc:792d:e369:44d1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:46 GMT
server
nginx
x-server-name
dt03.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
dt
dt.adsafeprotected.com/ Frame 55FE
43 B
216 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1190398&asId=c613b7f3-da12-4b71-2587-35252b664e8a&tv=%7Bc:rDku7P,pingTime:-6,time:94,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:94,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B87~0%5D,as:%5B87~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tkQX6Sr+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b1%7C1b2%7C1b31%7C1c1%7C1c2%7C1c3%7C1d1%7C1d2%7C1d3%7C1e%7C1f*.1190398-65997902%7C1f1%7C1f2%7C1f3%7C1g%7C1h1,idMap:1f*,rmeas:1,rend:0,renddet:na,siq:20%7D&tpiLookup=ao:bearinsider.com*&br=c
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7780:69dc:792d:e369:44d1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:46 GMT
server
nginx
x-server-name
dt04.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
sodar
pagead2.googlesyndication.com/getconfig/ Frame BD4A
8 KB
6 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
35658f036bb7be1e7d5552e952754e1b915f75c26440945c8e0e9569659a4aca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5874
x-xss-protection
0
1027770080_1652362602.png_1652382255334_1027770080_1652362602.png
s0.2mdn.net/dynamic/2/10856761/hyundai.creatives.myseamless.io/proviewimg/template/ Frame BD4A
9 KB
9 KB
Image
General
Full URL
https://s0.2mdn.net/dynamic/2/10856761/hyundai.creatives.myseamless.io/proviewimg/template/1027770080_1652362602.png_1652382255334_1027770080_1652362602.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c41355972b53b5b1ca3a40a568d819b877abb8b60c45db4c80f82ef274868189
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/14773911925729263616/index.html?e=69&leftOffset=0&topOffset=0&c=LO0Xe9EFxI&t=1&renderingType=2&ev=01_247
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 14 Oct 2022 15:15:29 GMT
x-content-type-options
nosniff
age
551416
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8726
x-xss-protection
0
last-modified
Thu, 12 May 2022 19:05:22 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-programmable"
report-to
{"group":"ads-programmable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-programmable"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 14 Oct 2023 15:15:29 GMT
widget.b830f81785a336af5623.js
c.bannerflow.net/scripts/ Frame B336
20 KB
8 KB
Script
General
Full URL
https://c.bannerflow.net/scripts/widget.b830f81785a336af5623.js
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/6321a5312e3a572c4684eff4?did=5ced17d285b1c200019c3fe1&deeplink=on&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvWUtkPFGGC0kZV4WI89SUOg3ZcRztrFlS-wo0hvwuZwFEGfgQyO-fANlCOHd7i8mrQIN5uGnO0J5BrGljzirqKxfpK1kb8lWVST8yVN_DKFd7q2a4OFC6olY0KgxlQ2DTszcALFH3-EqIJNq3IXCcXJZ8pLv_8M6CawcAmWS3MLmGsK2VGR2TVnmTaF2uuvE-DEYp7xNLB26wMQHadbGmut8WlfctnkolbHJSlklHQJ56rABdnJG0scxeL83s8xvKQZI5jSf6TKy5SYg6_Gmql8CDmnq7_C8fUhcRoHE-nid7KFk8jH-Vm4-qcWuGtz-24eivIYWsilB3XSyYrXEq5iW2lR99FzFF750Cbdyx7fwhF4bOEe1MHa4cNiC35nNSISouY9LxgT7M-VazxAL7L8YA02t0gvBj6kHm6HBsWmGOgDkEV0KOdGWZg-V2fYfJkAT0StaIqqlIyppuIeKBuuKNXf--OzBIsro5hvinD8NVrv0a665KV9ov8ZWqKjls-YGdTh6yaQTb9T_h7so4hzjX_ORBk5lDbS-hDd4_f1UXaiHTlIiAMWjG8cjjkNNyGGBUbugkfejlOjVHHqBfynm1_lq51VAPRX9J7Sv09JRIg-Z7W319fZdvF7240XWjgUWmMMYSQGe1Q6s8UJeIQk6O08YpKfRSLXeaMhL0og0kw8LxxCq2P0hV50zXuIqhgO5x1uv8CreNaTX9Sc0SJPSLdcC-UCEyG-G6wW5Qh59IcgwqjA4Z9y97JzlnNyBsLLYq_nL9hMode7jt3AS_WSoIKFttAQmyMkJIxnbyAXj1mXY_0eIcd_5JMROT5VCjwcNpPrq1xTVt2QK2thSCsXZBLNnI3wqdye2pybmaNVt17PpCV07D75ur-xUwPndSOLvK25e6_wmlbVlBlN8nYgfZce7Jqk7VEpbm5yGps6bLWBVFIy4RszP7BaNAPS6xHK0TAHkRbqq9yc8jHUGPpMOObPWguDwe1lQmCpd8nBSYxNP0mYdgJ4LwpDs14cMTqhBHt-89KkNWjGf8kEykKhkIJ__jKZ5XbHFnFTlju_8dUz_BpodkoFRIHRfOOwQlcGgi5XWdnnID-ZOTRx1p4XDSuNMfZVHDnkgo7bHnFs6W4rPupJOJo0keDv2Blv-Mlw8tXFYs7TY8USJoqLZQOZz1ihtwx9GOu%26sai%3DAMfl-YTtbrKE1ffwymFKEwuItwLp-bSl4QcthBfLm8KVB3g5pYdtE-OK6onUop9RN9hEM6WZF3bGST8ur4GxE9BM4NPE9sjg3Ct-Fak_0ueWLAHB4-XFr_SeEEBxmXimBrkgdylKhWuKMZIW_huuPL7EF9q4_V9TyR0lHGeydAoo1WSxahvuoWb181zWUQiTEx6B_7x_LEwBnvHh-XdVUBA-PLlgQQPv0yDvfO1xfhlvdhE9QRWAebDG7iAdY7cM7jGN0dF2X3HgztIm7zjXsykmqnn-wRj7xK4Q-g%26sig%3DCg0ArKJSzFiir897fq2REAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D6653327%26adurl%3Dhttps%253A%252F%252Fwww.wyndhamhotels.com%252Fde-de%252Fhotel-deals%252Fsave-now-stay-later%253Fcid%253DDP%253Aiyg0g76hdpq4yhz%2526dclid%253D%2525edclid!
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cb56a0c70ad7edd7731131e2271712f6e6f5ebf32256618bcbf563ebe650231

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
r09/PHcVMP5N/QsTzjXiFg==
age
3237152
cf-polished
origSize=20270
x-ms-lease-status
unlocked
cf-bgj
minify
last-modified
Fri, 09 Sep 2022 10:19:21 GMT
server
cloudflare
etag
W/"0x8DA924CC327B2BA"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
3c51e176-d01e-004e-7572-c7c3ae000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control
public,max-age=31536000,immutable
x-ms-version
2011-08-18
cf-ray
75d5db9e2bf9906d-FRA
document.edb7d8e848.js
c.bannerflow.net/accounts/wyndham/5ca76276e534b182c4576ce4/published/2859268/3283539/ Frame B336
62 KB
16 KB
Script
General
Full URL
https://c.bannerflow.net/accounts/wyndham/5ca76276e534b182c4576ce4/published/2859268/3283539/document.edb7d8e848.js
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/6321a5312e3a572c4684eff4?did=5ced17d285b1c200019c3fe1&deeplink=on&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvWUtkPFGGC0kZV4WI89SUOg3ZcRztrFlS-wo0hvwuZwFEGfgQyO-fANlCOHd7i8mrQIN5uGnO0J5BrGljzirqKxfpK1kb8lWVST8yVN_DKFd7q2a4OFC6olY0KgxlQ2DTszcALFH3-EqIJNq3IXCcXJZ8pLv_8M6CawcAmWS3MLmGsK2VGR2TVnmTaF2uuvE-DEYp7xNLB26wMQHadbGmut8WlfctnkolbHJSlklHQJ56rABdnJG0scxeL83s8xvKQZI5jSf6TKy5SYg6_Gmql8CDmnq7_C8fUhcRoHE-nid7KFk8jH-Vm4-qcWuGtz-24eivIYWsilB3XSyYrXEq5iW2lR99FzFF750Cbdyx7fwhF4bOEe1MHa4cNiC35nNSISouY9LxgT7M-VazxAL7L8YA02t0gvBj6kHm6HBsWmGOgDkEV0KOdGWZg-V2fYfJkAT0StaIqqlIyppuIeKBuuKNXf--OzBIsro5hvinD8NVrv0a665KV9ov8ZWqKjls-YGdTh6yaQTb9T_h7so4hzjX_ORBk5lDbS-hDd4_f1UXaiHTlIiAMWjG8cjjkNNyGGBUbugkfejlOjVHHqBfynm1_lq51VAPRX9J7Sv09JRIg-Z7W319fZdvF7240XWjgUWmMMYSQGe1Q6s8UJeIQk6O08YpKfRSLXeaMhL0og0kw8LxxCq2P0hV50zXuIqhgO5x1uv8CreNaTX9Sc0SJPSLdcC-UCEyG-G6wW5Qh59IcgwqjA4Z9y97JzlnNyBsLLYq_nL9hMode7jt3AS_WSoIKFttAQmyMkJIxnbyAXj1mXY_0eIcd_5JMROT5VCjwcNpPrq1xTVt2QK2thSCsXZBLNnI3wqdye2pybmaNVt17PpCV07D75ur-xUwPndSOLvK25e6_wmlbVlBlN8nYgfZce7Jqk7VEpbm5yGps6bLWBVFIy4RszP7BaNAPS6xHK0TAHkRbqq9yc8jHUGPpMOObPWguDwe1lQmCpd8nBSYxNP0mYdgJ4LwpDs14cMTqhBHt-89KkNWjGf8kEykKhkIJ__jKZ5XbHFnFTlju_8dUz_BpodkoFRIHRfOOwQlcGgi5XWdnnID-ZOTRx1p4XDSuNMfZVHDnkgo7bHnFs6W4rPupJOJo0keDv2Blv-Mlw8tXFYs7TY8USJoqLZQOZz1ihtwx9GOu%26sai%3DAMfl-YTtbrKE1ffwymFKEwuItwLp-bSl4QcthBfLm8KVB3g5pYdtE-OK6onUop9RN9hEM6WZF3bGST8ur4GxE9BM4NPE9sjg3Ct-Fak_0ueWLAHB4-XFr_SeEEBxmXimBrkgdylKhWuKMZIW_huuPL7EF9q4_V9TyR0lHGeydAoo1WSxahvuoWb181zWUQiTEx6B_7x_LEwBnvHh-XdVUBA-PLlgQQPv0yDvfO1xfhlvdhE9QRWAebDG7iAdY7cM7jGN0dF2X3HgztIm7zjXsykmqnn-wRj7xK4Q-g%26sig%3DCg0ArKJSzFiir897fq2REAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D6653327%26adurl%3Dhttps%253A%252F%252Fwww.wyndhamhotels.com%252Fde-de%252Fhotel-deals%252Fsave-now-stay-later%253Fcid%253DDP%253Aiyg0g76hdpq4yhz%2526dclid%253D%2525edclid!
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ec1cb55d9bd3d88ea23c52278f6d73fd7310abdf3587a702fd60f4fe2f997266

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
7bfY6EhkNxBD/ikCWlyqxQ==
age
2458007
cf-polished
origSize=65943
x-ms-lease-status
unlocked
cf-bgj
minify
last-modified
Wed, 14 Sep 2022 09:56:20 GMT
server
cloudflare
etag
W/"0x8DA96376030D8E2"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
16bf5092-901e-002d-4588-ce5e55000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control
public,max-age=31536000,immutable
x-ms-version
2011-08-18
cf-ray
75d5db9e2bfb906d-FRA
animated-creative.d9e35bd038abbd73732c.js
c.bannerflow.net/scripts/ Frame B336
144 KB
49 KB
Script
General
Full URL
https://c.bannerflow.net/scripts/animated-creative.d9e35bd038abbd73732c.js
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/6321a5312e3a572c4684eff4?did=5ced17d285b1c200019c3fe1&deeplink=on&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvWUtkPFGGC0kZV4WI89SUOg3ZcRztrFlS-wo0hvwuZwFEGfgQyO-fANlCOHd7i8mrQIN5uGnO0J5BrGljzirqKxfpK1kb8lWVST8yVN_DKFd7q2a4OFC6olY0KgxlQ2DTszcALFH3-EqIJNq3IXCcXJZ8pLv_8M6CawcAmWS3MLmGsK2VGR2TVnmTaF2uuvE-DEYp7xNLB26wMQHadbGmut8WlfctnkolbHJSlklHQJ56rABdnJG0scxeL83s8xvKQZI5jSf6TKy5SYg6_Gmql8CDmnq7_C8fUhcRoHE-nid7KFk8jH-Vm4-qcWuGtz-24eivIYWsilB3XSyYrXEq5iW2lR99FzFF750Cbdyx7fwhF4bOEe1MHa4cNiC35nNSISouY9LxgT7M-VazxAL7L8YA02t0gvBj6kHm6HBsWmGOgDkEV0KOdGWZg-V2fYfJkAT0StaIqqlIyppuIeKBuuKNXf--OzBIsro5hvinD8NVrv0a665KV9ov8ZWqKjls-YGdTh6yaQTb9T_h7so4hzjX_ORBk5lDbS-hDd4_f1UXaiHTlIiAMWjG8cjjkNNyGGBUbugkfejlOjVHHqBfynm1_lq51VAPRX9J7Sv09JRIg-Z7W319fZdvF7240XWjgUWmMMYSQGe1Q6s8UJeIQk6O08YpKfRSLXeaMhL0og0kw8LxxCq2P0hV50zXuIqhgO5x1uv8CreNaTX9Sc0SJPSLdcC-UCEyG-G6wW5Qh59IcgwqjA4Z9y97JzlnNyBsLLYq_nL9hMode7jt3AS_WSoIKFttAQmyMkJIxnbyAXj1mXY_0eIcd_5JMROT5VCjwcNpPrq1xTVt2QK2thSCsXZBLNnI3wqdye2pybmaNVt17PpCV07D75ur-xUwPndSOLvK25e6_wmlbVlBlN8nYgfZce7Jqk7VEpbm5yGps6bLWBVFIy4RszP7BaNAPS6xHK0TAHkRbqq9yc8jHUGPpMOObPWguDwe1lQmCpd8nBSYxNP0mYdgJ4LwpDs14cMTqhBHt-89KkNWjGf8kEykKhkIJ__jKZ5XbHFnFTlju_8dUz_BpodkoFRIHRfOOwQlcGgi5XWdnnID-ZOTRx1p4XDSuNMfZVHDnkgo7bHnFs6W4rPupJOJo0keDv2Blv-Mlw8tXFYs7TY8USJoqLZQOZz1ihtwx9GOu%26sai%3DAMfl-YTtbrKE1ffwymFKEwuItwLp-bSl4QcthBfLm8KVB3g5pYdtE-OK6onUop9RN9hEM6WZF3bGST8ur4GxE9BM4NPE9sjg3Ct-Fak_0ueWLAHB4-XFr_SeEEBxmXimBrkgdylKhWuKMZIW_huuPL7EF9q4_V9TyR0lHGeydAoo1WSxahvuoWb181zWUQiTEx6B_7x_LEwBnvHh-XdVUBA-PLlgQQPv0yDvfO1xfhlvdhE9QRWAebDG7iAdY7cM7jGN0dF2X3HgztIm7zjXsykmqnn-wRj7xK4Q-g%26sig%3DCg0ArKJSzFiir897fq2REAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D6653327%26adurl%3Dhttps%253A%252F%252Fwww.wyndhamhotels.com%252Fde-de%252Fhotel-deals%252Fsave-now-stay-later%253Fcid%253DDP%253Aiyg0g76hdpq4yhz%2526dclid%253D%2525edclid!
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1283790d9ba35e73ff419fb0ed214fdb7c6bc29ca9ee630aca2d17820b2cd4d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:45 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
AS/8838PTgl366vahKPrTQ==
age
3237152
cf-polished
origSize=147466
x-ms-lease-status
unlocked
cf-bgj
minify
last-modified
Tue, 13 Sep 2022 11:44:57 GMT
server
cloudflare
etag
W/"0x8DA957D61C62F19"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
bf272ef6-701e-0068-4272-c78bb6000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control
public,max-age=31536000,immutable
x-ms-version
2011-08-18
cf-ray
75d5db9e2bfc906d-FRA
view
googleads4.g.doubleclick.net/pcs/ Frame 55FE
0
26 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuFnhH35_kI363asaBWNOQdY4JYbFD7S9vEcYvlRlqAPz4V4KFvdoYqbona5mvzPQTQcIAa8fndErg_PT3uCIA3cszA8XAxETbz3E_ru0Baq0wL5SvCOx6kPXjjM53OkNRR957w8tsWax5cJMXgnlKlqo1qTwCM5kL510hgviKm4EOEOsEi5reV5FU2nns4misSMVG2KZ-N36hg5R6RTQP7O9jRjEJyaFPMoY0FhhaB6FftS3KHpo07_ulwX6sucycPJBAXzwWQdKrHxaK5oRKouZewRRsPkgV--QtttR_kZZSRdVWweswxIdb_bDUeWrQET_KuVnqAMnROXv1jPneBn5bLT4K_r5Q5wyYPlmMpK75EKvdjqa0tItUf2CIfbgtIrRZOR6a1SHXK5udo8ji5TD-Hs2iLYnNXHpHwCYc_CAyS3ru7mcQ3PZV1QTHfLVPL1YspSpMKXiFBCX8i_5QGewY3rZ10SNV_cmJa-phZ6Z6Fy3rr1R3xhYtnglmZxol29BGhhjKJx0f8ONgUormDIYM5n3WcHb3NMR1qEK8ij49WTYDtREPffMOGDrXAjF4PzKuHbIdMK4ek12U2C9fa-UDzhT3rhDa9Lt5SZsnoBHVsp-tnZ2aM1usvAaCnl8ttPjy7vOdreofKZ9NAiNmJgHZMFwlzdGHPjbjIZx98QlMaI6jI5oXX5MkP4RAbe8ta-1la9ksOFQy2oBoswMxPcfeFLPcd9SmchYMS-SQ3QGvUjs45vGhfCrfMfkuMs7Qb6iA_50B3sdbvlUjW7JXtzYDs_8sRP5g-X7buXw-Aq3sSNCoyRZoZkuJz9LE3drs5V3_-sHSfq3JC9vpO7XEEyuUqypZZ92JHkz7NXafIRejN77_DmHWgvdkUcL19mP9iQ3PioYZTJGuwT7LI5h40Dq1Cw3j1ve930WAxENjV7LfFiM8E4_VPM_1ToL881Itwy1GdSicRgYI1ylI3Fzo-bkMAoYKLxQUWN5lIhP5pNkskICFFV7wPcEg6TJi9I29o1r928GdjiELsowZy39Z-TVv5IXdHAl6LZcTO6Ysq3n3evhDbrUjPWmWs3LoeDbNKMjePD1thlZbUdi5N_M1nohO758YFk3M3wvO8A7HjWL7Ku1Pd8p5ZGHhjCVO1Lt6zbcZQuGenoNPflRC06ZdFpCdc-dB3YjuY1R_S7qQokuCLC5ddFI4oVf9kw2i-2r-cz_XoI15GS-y-dKisPPk93-LlfrI&sai=AMfl-YSko1sVhz2qqzZX3yImBEhuQlXBmGzwjKphheH5dwmcEXc6h7c5WdD6756KzFtU_-Bubj77gpRFPKiURXHa78I7rQmcDJcFqLv7T_DGOF7LyCPGWeDzKO_PxO_slQJ3FirCUK3gUHSHAaeBoO8QqKxhV0AnGV3SGuSmgfFIW7IFC3IWfL4GIkiUz28-u3Hh66fSLP1a49gEsVjHFeNisJt17vEMligK1AQz4fzqDmjOWkFSs9lKJTJQojH5gsKHKPDaTbxy5PRnlNDKyCTrUGthpYsdYO-A2k8-yPwLQc0hk7Ij9ai5GIIhJXg_bUwYi8ok4z7FvcbOhvne&sig=Cg0ArKJSzA9wsvgeiPYIEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=372&vt=11&dtpt=258&dett=3&cstd=113&cisv=r20221019.57562&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&adurl=
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
dt
dt.adsafeprotected.com/ Frame 55FE
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1190398&asId=c613b7f3-da12-4b71-2587-35252b664e8a&tv=%7Bc:rDku8D,pingTime:-2,time:144,type:a,im:%7Bsf:0,pci:%7Btdr:125%7D,pom:1,prf:%7BmdA:539,mdZ:715,beA:775,beZ:777,mfA:780,cmA:781,inA:782,inZ:785,prA:785,prZ:792,si:796,poA:797,poZ:813,cmZ:813,mfZ:813,loA:870,loZ:872,ltA:919,ltZ:919%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:19%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:144,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:19,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B136~0%5D,as:%5B136~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tkQX6Sr+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b1%7C1b2%7C1b31%7C1c1%7C1c2%7C1c3%7C1d1%7C1d2%7C1d3%7C1e%7C1f*.1190398-65997902%7C1f1%7C1f2%7C1f3%7C1g%7C1h1,idMap:1f*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,siq:20,sinceFw:122,readyFired:true%7D&br=c
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7780:69dc:792d:e369:44d1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:46 GMT
server
nginx
x-server-name
dt05.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
view
securepubads.g.doubleclick.net/pcs/ Frame 8735
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstoWG-JcQZ254SZwvF9qctHMk8669hLjkll7OaN0EeKL8LBmjjrQg2gFCEVEv80XSKDO09NL8KaTqL3U4ky4V3hOhwyJzmAvS7sF7pUBEPL-aWTtlzrDslf10lvNQbU-C4M7gXyuCJ_MWjLUZwL3rKHkRFB_2CBlFVcEWBl7rklaoWfBdmFya-t-qrLat8YiLNmpyn6ZDuRS66y0yABS1YHL8k-yCRCHOmErZL_qa56UJKEUY7WsbzXnpD-TsuxGA4sSSW9DTl-dvm1xZkUJFJeFwQZ0StwiIqBZpo9HdErog7KOmqX2-HedSFM3r9OrY7TXXuZpv1aaoE2ICE_dYi2GrXuayIUkNRMRr-O3CsgYYV4nJUjC1CcKXtSbA&sai=AMfl-YSpw3nFdQqhaSc33laWf1JuA8uZcnxeyCQoGPWzCFWZp-uPHN8fZrGbhH2_LIJrqZtQa3JFIwnHvMlmApezAyJ8OdD3U4WBjLTEGE02c2Jqu0gOHpol2U8CxqLwH1ILUg&sig=Cg0ArKJSzIBfA_1sKfG4EAE&uach_m=[UACH]&urlfix=1&adurl=
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 21 Oct 2022 00:25:46 GMT
truncated
/ Frame 8735
211 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2dc1f1b8e21a7e85f0be782731a130fc669099d490749e39d309b87bf72b6375

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/png
uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
pagead2.googlesyndication.com/bg/ Frame BB94
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba8af0d50d79678d5e9e6e68935c23511ff6ae811c880f6b0815855e696b023e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 18:38:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107264
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15900
x-xss-protection
0
last-modified
Tue, 18 Oct 2022 15:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 19 Oct 2023 18:38:02 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame BD4A
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 21 Oct 2022 00:25:46 GMT
uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
pagead2.googlesyndication.com/bg/ Frame F0E3
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba8af0d50d79678d5e9e6e68935c23511ff6ae811c880f6b0815855e696b023e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 18:38:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107264
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15900
x-xss-protection
0
last-modified
Tue, 18 Oct 2022 15:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 19 Oct 2023 18:38:02 GMT
controller
ssl.connextra.com/servlet/ Frame A919
2 KB
1 KB
Document
General
Full URL
https://ssl.connextra.com/servlet/controller?service=DiDNA_predictedscorewidget_300x250_widget&pubhost=bearinsider.com&client=DiDNAGroup&placement=didna_didna_300x250_placement5
Requested by
Host: ssl.connextra.com
URL: https://ssl.connextra.com/DiDNAGroup/selector/client?client=DiDNAGroup&placement=didna_didna_300x250_placement5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.203.66.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-66-225.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a15f8849232335289b054b7a5a997cc1f7df707cdc6c9492b029359555d13bb5

Request headers

Referer
https://ssl.connextra.com/DiDNAGroup/selector/client?client=DiDNAGroup&placement=didna_didna_300x250_placement5
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-length
917
content-type
text/html;charset=UTF-8
date
Fri, 21 Oct 2022 00:25:46 GMT
expires
Fri, 21 Oct 2022 00:31:50 GMT
vary
Accept-Encoding
x-served-by
vlp-cxtadsrv02.connextra.net
view
googleads4.g.doubleclick.net/pcs/ Frame 55FE
0
26 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssDcrGWIusPT9jnWk1xP9t6VJnhDh6NqotaXohXvrCWNMnOUC5vZp7a7raqV2DTRhUXVsvZJ_d_64qqR0w6b-xJ1WolzxO5iIt6gzXrxbNEnrDIRXAiTITDSAOs6kGeAqIrzNixqjY3e7Oqzxj4mQ_ADaK6&sai=AMfl-YTLtHJyL4cQDJ_C7iUDSbRyV3ZLOcDtRVtUp8WLHS50dRwbLabfdpeunnVfGOHmYaq-3A2voii75ck-q1n2hFDjr7HWJmtgpgOB6TVp9-t8rSaVaUY2kuHJhpoYo2awAPDj6pUD0f_N2vWrj8Y2UlkEgZas8w&sig=Cg0ArKJSzI1Xdr2LQs7OEAE&uach_m=[UACH]&urlfix=1&vt=13&adurl=
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
pagead2.googlesyndication.com/bg/ Frame 2B57
36 KB
16 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/uorw1Q15Z41enm5ok1wjUR_2roEciA9rCBWFXmlrAj4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ba8af0d50d79678d5e9e6e68935c23511ff6ae811c880f6b0815855e696b023e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Wed, 19 Oct 2022 18:38:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
107264
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15900
x-xss-protection
0
last-modified
Tue, 18 Oct 2022 15:58:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 19 Oct 2023 18:38:02 GMT
Advert_v2.css
ssl.connextra.com/services/ActiveAd/ Frame A919
412 B
565 B
Stylesheet
General
Full URL
https://ssl.connextra.com/services/ActiveAd/Advert_v2.css
Requested by
Host: ssl.connextra.com
URL: https://ssl.connextra.com/servlet/controller?service=DiDNA_predictedscorewidget_300x250_widget&pubhost=bearinsider.com&client=DiDNAGroup&placement=didna_didna_300x250_placement5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.203.66.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-66-225.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
243ffb98099f4879764870b76b08cf1d85731b18d05c1b84fd4068af8af780c6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssl.connextra.com/servlet/controller?service=DiDNA_predictedscorewidget_300x250_widget&pubhost=bearinsider.com&client=DiDNAGroup&placement=didna_didna_300x250_placement5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
last-modified
Tue, 31 Jul 2012 15:34:33 GMT
server
AkamaiNetStorage
accept-ranges
bytes
etag
"48e322b48aeb3e54d346a6c2a0f81a7a:1343748890"
content-length
412
content-type
text/css
Utils_v9-long.js
ssl.connextra.com/services/ActiveAd/ Frame A919
4 KB
2 KB
Script
General
Full URL
https://ssl.connextra.com/services/ActiveAd/Utils_v9-long.js
Requested by
Host: ssl.connextra.com
URL: https://ssl.connextra.com/servlet/controller?service=DiDNA_predictedscorewidget_300x250_widget&pubhost=bearinsider.com&client=DiDNAGroup&placement=didna_didna_300x250_placement5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.203.66.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-66-225.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
93e6639c3f07cb77467754907778fc49a74b1194368a93923c824ebec4d78298

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssl.connextra.com/servlet/controller?service=DiDNA_predictedscorewidget_300x250_widget&pubhost=bearinsider.com&client=DiDNAGroup&placement=didna_didna_300x250_placement5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
content-encoding
gzip
last-modified
Mon, 07 Jun 2010 11:57:50 GMT
server
AkamaiNetStorage
etag
"159f636ee9f642a0c8c12354adf10d7c:1275911870"
vary
Accept-Encoding
content-type
application/x-javascript
accept-ranges
bytes
content-length
1742
Flipper_v1-long.js
ssl.connextra.com/services/ActiveAd/ Frame A919
918 B
610 B
Script
General
Full URL
https://ssl.connextra.com/services/ActiveAd/Flipper_v1-long.js
Requested by
Host: ssl.connextra.com
URL: https://ssl.connextra.com/servlet/controller?service=DiDNA_predictedscorewidget_300x250_widget&pubhost=bearinsider.com&client=DiDNAGroup&placement=didna_didna_300x250_placement5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.203.66.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-66-225.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
7879b6a7897077d50bf41c9afd92664e4b47b3751a0ed2121a5bdc3a10baddec

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssl.connextra.com/servlet/controller?service=DiDNA_predictedscorewidget_300x250_widget&pubhost=bearinsider.com&client=DiDNAGroup&placement=didna_didna_300x250_placement5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
content-encoding
gzip
last-modified
Mon, 07 Jun 2010 11:57:41 GMT
server
AkamaiNetStorage
etag
"0dbe272b8ed7fdbb6ca0e797396869ae:1275911861"
vary
Accept-Encoding
content-type
application/x-javascript
accept-ranges
bytes
content-length
425
gen_204
pagead2.googlesyndication.com/pagead/ Frame F4E6
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BRL_pCedRY6Eo4rHH8A_UvaLICQAAAAA4AeAEAg&bg=!ODulO3_NAAaaxvStusY7ACkAdvg8WsBV26Wg2QeVojN-FDCMEgVFCoTP7f4WOP5elF5bnvtcbHMpPAIAAAFkUgAAAARoAQeZAva3q6bs-GyTCSY_fVSTCOUk1JDW-CRLI9g4dPdxQeN6hsKSXHW4yJV4MQUumw4PM1HvX7pQp7uGS8SBsFGijzeq7wnBXvuAaygz6PwR_FakZXmR7WrpyiSuu8WY7Z79ygLRFNkti7dOf8tYKPmUQZ5F5jPUgqx4hufJsC9jbwWsHAHgBIccVisRc_fQxCJyhHHMq7MHS1ZArHIjKAESkNQgZR1OpNgLa0GStfTWoT2wL2mBvVa787Wvh1yNttUJtfXGDsz2a_BtpwjJC3hgOSE4pIw-6Xj2w2AZtBZfAk81ueG8B-Y4xT_42gdUFPjNkU-KxN1K6JUyevMnjWZ61qYrWd65gnzt-JJliGM1NWPHGnQ-IaSWLsNp3qBJW7HNeAsYHlcpS70j2dTaMFmUUVwbBZIXiSS68furgoESs0_2JziyddzdyljBH2eArPRDMu9FjS1mPTIxqX5hA-jSI0sEc9JjNiZT7yojIhzp6odmVyrSBClcW2LFbjCRzAiBX4_CgqeF6w3bul5dqm3-Z-1IyemtmjGZe2c73DBFaCotQAbBYYubB1Rym48XfvmmgTspFPEDpgyQcwRdRaAqUvDqFDhMN0VMag88f6cm305oKu_IjVT5VBXItNj9ih4a8fmstj_NyzKAHR_iQNO9h7h2uBtOE1rIFXCeDSIpldPLnbctsJbO29kbPCmMSbvPBZGRFYCA9p0pZOHRugc5Ch1_qcqX_P_e2yi-OPm0DebVJqfeY3kK6L8qhzZGU8JLKc3Z0lrG2XdtnTJqn03NYMopVEBGSrmvzz5ZTZiDVcu2bkjHz9LJEKmYjTMFLu0vstbuWqgJzDyEfYirToj71cgtjNJmtODgnNEeBv_bE8kNFhX1CpLJwxmekiBQpbkn4aS61Iaidz2QnXA0JEhwzI5iVSr54loU0vY6t0QyWilXnLstcraBgoB3KY_OrYK-2dUtWKeqey7yZlrS1BDJaEJbxSevsemZNCeHDl5FLKbDSHfQ-T0-Rw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:46 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022101701&jk=3397757246618958&bg=!urmluf3NAAaaxvStusY7ACkAdvg8WnROnZPEF63OIScPBiNg4eDjDaFmPZ8x4ZMbtb0cKsYLD-C70QIAAAKBUgAAAANoAQeZAqTunl5ZO0Z_b1URIJHlJBp-bhLEsy_QPZZvjyV_D_EA-0rTBL6N63xNqBityxLTXuOO1kDLYjt3m4xLcGxdUwAViWC4pHnp7ctsoOPUPAwMmopxbXpFZbZtB__ULjHS7DFksPChy2loWSMBlZmiR9iSGlnmjTh9ghgJPJyP3v9SEO6FbQdLPtTKPCABhGnv2vAOVVo2PtrZoNwW231a72n243BhctrCLRtHbZhT0D2kXjnoDKFuhaC_AWtU7HogcXrXddGhSICSUbvq4IefJ9FT7ya1ukYs8LtA7-6Wep1n9dICFX0L2l99weMBVt8Z7iY5l150Gbhe4Vgk1qIOnqaCGoCKFRGgMHe31--9tzoXOuce2KWLRePTx5-MNxgc_92zCLypcpxcgUlKNOhJVpKaX0UYnwNprmY89Md7thqtGpc2LxpDNgRWJC6i01dRx8rS8ihZJTIKOvWNhh30BdUzuPaLmKz5_SPyKuouJMm5aa_pUJZLmGwGHMBmp0zO-aIr3Lpfw_-JQoM7iOHZbuvTDbcPGMaOnADazkXFt4pKarmZh_fV06LkXwNnwkgoTrGOOKdcETUvjpPlMOB6avQ5fyDf8H7IkJ6rwyBLyvchICHSeAkrQ5ic1yd5BtI-4uxZgc5GpENaFfycZqfzFX1npqIwpY3vDzrbfR9QxTdrsMZ-VH6zPXk0p0tXkxglEpwmB3aHaLV1NO358Fca_Ke-_3z9jM_N7cqDgdALb4xjpl4pk0SasjcQxfnNCaD6s4iYKC6z93b3YHOHCAC1s5hXPOlh22Ro8ubg4vRM6AGFNE5JTDH5H35mvmpe3nxarz6UwRTLiwYA_MEQpEv7m_Lq1Ah-O-awOh7upnDZLk8RBQmwd0osC1kvdj6d4H3hg_ucpiv6
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

truncated
/ Frame B336
66 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/webp
f207b8d3-84cf-4762-b36f-835422fd5e4e
https://s0.2mdn.net/ Frame 66D6
668 B
0
Script
General
Full URL
blob:https://s0.2mdn.net/f207b8d3-84cf-4762-b36f-835422fd5e4e
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/scripts/animated-creative.d9e35bd038abbd73732c.js
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Length
668
gen_204
pagead2.googlesyndication.com/pagead/ Frame FC4F
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=ByAzmCedRY_2zCbm6x_APi4-R6AgAAAAAOAHgBAI&bg=!UVKlUhbNAAaaxvStusY7ACkAdvg8WpoUVIjPANId4Am_K4cizxsFzrA8XK-X933ffFDYM3RKkbfl7QIAAAFHUgAAAAJoAQeZAuibr-rnPysqxytXeculGhVBGXEgDH-X0VeoLuQxIKLUXxAbIFqEqse5RJkOmY3dd4mjwpeu2D_JFSpklGtC24N02x3o4DOdrvipAUfDX1DB0IgCGekIa2WrCpjx_0vza8Kmsgp4gAM-Q_pQt8pezRGRTS0WOC4ZRoFrME0kW8LNKj_WU9hIcZzLvjb1k0XYuxEPtv31mpo22-tC9b-JaZpGcVDLLAnu_OVGSAsc31ORAW-JB51ZRIK8Cza6ohiAAAZBTd4wgp2uuq_MAjQFpOibVw_ZD1gfchX4MRZW8r3YbYnLQ9pqf_X260UEYEQG7CeOkhpGn9gHAEv8710OAfA9kTEDXND6-91faBe-5xSyb5ooEZ93n1Wv2-c5H4mLzst5TwDxGg85H9XXjNXgd9yUnSqsfb4pSa7p2hI_6l7JF8YSx9__MwRId0j7ge35_vgdM2styCSt9j9P19HWZaPP5rGdJ4SuodEFbbmKpuDOd4J3hsx5m-ArU5SwtaqW2acuguLAr-2QOLmK7edQgm1Woa0tnu2A7h9X2jiHc2YMeCLFGziKv8oPH_dyA6mrvi_GCeA1xk_vDxGQonD3kJdJ9OxrWvY7xSOdZqUysYgYsOT6-cgYDk2Vjxhvq7CTH4QzQVl0l0QAAX9bGXuUv6v3GNVXODp4SSIfPnNkazG0KWf0DS3KUqUzGPhGTOl-Z4fF7a0iQsWeLNfIurp5GDFMNYLmC0td_o-C79L0Qc1U9XH0OTafQt3To60hm3DG6fX3HMByuEy_L6R7Y3dagsxM2DR8vwAAjwWT-sl94tQMBpIRG7hm-Kl40lxI_oR0rMEF8rGzD45RzW-L4XtMr6cdnyCjoq7n36A5KXCpEw5OaLZG9KSppHmilS1jlWoDwRmrEU5_hHEPj1EjFcUSWJzL0THdLlfI2DX3R609RYdtmb25sMLSH4XWxiSKp0UB8zbisHdDOTgQCFP_SVUJdfq2V8ubC1qPaEE
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:46 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
predictedscore
gsm-widgets.betstream.betgenius.com/ Frame C6E3
82 KB
19 KB
Document
General
Full URL
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Requested by
Host: ssl.connextra.com
URL: https://ssl.connextra.com/servlet/controller?service=DiDNA_predictedscorewidget_300x250_widget&pubhost=bearinsider.com&client=DiDNAGroup&placement=didna_didna_300x250_placement5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e4f4dde2aec3c26a8bd2af8bbd0690467531d6abb632ec5433b0ff5f2fefdf8d

Request headers

Referer
https://ssl.connextra.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
max-age=120
content-encoding
gzip
content-length
19349
content-type
text/html
date
Fri, 21 Oct 2022 00:25:47 GMT
etag
"a28acdc304ff5f080acb2883003229bb:1663780056.346353"
server
AkamaiNetStorage
vary
Accept-Encoding
controller
ssl.connextra.com/servlet/ Frame A919
2 KB
2 KB
Image
General
Full URL
https://ssl.connextra.com/servlet/controller?service=DiDNA_predictedscorewidget_300x250_widget&pubhost=bearinsider.com&client=DiDNAGroup&placement=didna_didna_300x250_placement5
Requested by
Host: ssl.connextra.com
URL: https://ssl.connextra.com/servlet/controller?service=DiDNA_predictedscorewidget_300x250_widget&pubhost=bearinsider.com&client=DiDNAGroup&placement=didna_didna_300x250_placement5
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.203.66.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-66-225.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssl.connextra.com/servlet/controller?service=DiDNA_predictedscorewidget_300x250_widget&pubhost=bearinsider.com&client=DiDNAGroup&placement=didna_didna_300x250_placement5
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

expires
Fri, 21 Oct 2022 00:31:50 GMT
date
Fri, 21 Oct 2022 00:25:46 GMT
content-encoding
gzip
content-type
text/html;charset=UTF-8
content-length
917
vary
Accept-Encoding
x-served-by
vlp-cxtadsrv02.connextra.net
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8B0E
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BqtEZCedRY4jDCZKfgAfBpIrQDAAAAAA4AeAEAg&bg=!ra6lrurNAAaaxvStusY7ACkAdvg8WqZzOUwWHcehMW1UNCw93iKagQ450GHQ9pVwF_ivAGrLuxEmGAIAAAE8UgAAAAFoAQcKAIPnSKLlEDV4Lx9M5pkOR4UGokZ6lvu-DHy4-l3ccX54LSfoswgARo0io7P6p9X67KhqxRyAenUJPZ_gb5w8SNoW1nm4jAAFiLYnX7_DL-84VihmZWtuIq2DwftVr7MvyUT0fIf4PZ1H0F6dJVj43rO6h3kxn-k_SOyYzzoHag_ckOjP8ZkC9PnRVXD3vdDeftDwt7p6wgbPzEfwvm5UgWzrNPwSf_KsKXX9ztZ72Fx13xU0ifXvTcSi6aqJR2NX8KL4L0UXjkgqZVT6U9Wlr0sK8N2syoiTtSvkYzvR4DGqxptlQYR-8y7Wd_DM1Smj0snyfj2sBwybtDajlqB1fzTmkVfsAAVcWW-2UWclY2yGkAC9JFVRfcznc9D4c_MP-hZ6ARZABL_JfTM7nG6-TqNI67qM3L8JdSeAGBJmuqrm7Qzt4lR4vSUaaBXLTmMMnpC6s964fHsCaWY5pEbLSkpsrqeLIf7cHp0M9Qbs3O2WYHk3f_gtUSuWpe85kmDBPJvScClIut9T7SyskWyfqgomfp4Tiz3UCLmcZ_uU0IlIL6i_54y8qeknXhYBJRwrPwxXaTlWbv0Ph0uemxMB3h-nathiNOoCFc4k1se-V5lJ3hWAoWl2qDzUmivU-CHHQeh76XPFZaBR8jwYt8y81TcyFFAwUPsP_A0ezeFwjC2H0s1kbfwaJNQWwYD7CDXi7TnrHWRHLI6x1OguyHGpYaZpULBrxO3Ue5rJAb3fD8mz2OC8xIJaE377PbwnNjMfZl74ovnmo4MPHhh3HREfimnC6fuqUUJQLEzfXpxecwVHdk5H44ku9B592tenAmOj51_hPl2AzFoQbyHj1PDuRetRtA7Znw8_SlRP_xUFe1-Gw1Df4h3Pos4wSSVst60pQriKvzHBmildSapzLY0FKaMLytLT7bQJNo3mBgQZMKKMkO_SvQjnG3ud8SLXsSL02KHkSw7MByA4RpA1qJd3rdF1alie7wEGZ1Wq1wc3icVK6Pu5nzLTcogNHcko4fjN4oijyOuy1I3ii0BtkN-s4hFcC1pXJ9YHsMzyPtIMVn7rVYrminr-OhRQ5yZB6XeM4f0I2vwckR11MxU4TXiZQxE2Kk_XZlWWlEEiM3Mv9MuJPYKw53vUFeQeiG1kbl7JzL-ZEAmYUTBfasmS0jnxjcwq3SiQOnysr5U4Ig
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:46 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
font
c.bannerflow.net/fs/api/v2/ Frame B336
3 KB
4 KB
Font
General
Full URL
https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F5b7b0cad6817397694e95d66%2F5ca76276e534b182c4576ce4%2F9626af95-9ebc-43f2-a701-a0b25ab65e2b.woff&t=%20%2a-AFIJSabcdefghiklmnoprstuxz%C3%9C%C3%B6
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16633326591040028672/WHRGermany-Deutsch-728x90-637987462014180196-72a168c9-377a-4ca1-a46a-2db3f8c0b239.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c33e7ccf75562431b2535679241b95165dbe2d461198be913f212c20f3e8cfab

Request headers

Referer
https://s0.2mdn.net/
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
cf-cache-status
HIT
last-modified
Mon, 03 Oct 2022 20:22:02 GMT
server
cloudflare
age
1483424
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition
attachment; filename=9626af95-9ebc-43f2-a701-a0b25ab65e2b-subset.woff
cf-ray
75d5dba09e4a90dd-FRA
expires
Tue, 03 Oct 2023 20:22:02 GMT
dt
dt.adsafeprotected.com/ Frame 55FE
43 B
215 B
Image
General
Full URL
https://dt.adsafeprotected.com/dt?advEntityId=1190398&asId=c613b7f3-da12-4b71-2587-35252b664e8a&tv=%7Bc:rDkueF,pingTime:-10,time:518,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTA2LjAuNTI0OS4xMTkgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222222222222222202222222220222202000022000220222222220000022202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1666311946356%7C%7C5ebad159ea5d2b135b5cf0d049b8b9d3%7C%7C11b89db74b56b4ba918674d36e95a672%7C%7Caff47e63e345ed9c803b9377f624c065%7C%7C6a32df61c7d1f616026dcb52fe0ee0fb%7C%7C574b6bc354cf82ac011f1a6ce99dd484%7C%7Cea16ac27b7afe9dabc43fcc863b0bf2c%7C%7Cee54f867ec8ccdff214189cca76b51c4%7C%7C1663701684,im:%7Bimprf:%7Bttecl:463,ecd:100,tsecr:106%7D%7D%7D
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f13:800:7780:69dc:792d:e369:44d1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:46 GMT
server
nginx
x-server-name
dt06.or.303net.net
p3p
CP="COM NAV INT STA NID OUR IND NOI"
content-type
image/gif
cache-control
no-cache
content-length
43
font
c.bannerflow.net/fs/api/v2/ Frame B336
2 KB
3 KB
Font
General
Full URL
https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F5b7b0cad6817397694e95d66%2F5ca76276e534b182c4576ce4%2F29c0309b-a3a5-4224-9ed7-49654d8c3841.woff&t=%20%2525CEHLNOSTUafu
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16633326591040028672/WHRGermany-Deutsch-728x90-637987462014180196-72a168c9-377a-4ca1-a46a-2db3f8c0b239.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c58a44616fcbb45feda723913b750be827cc05f526642e9ff52e36ffab9a414

Request headers

Referer
https://s0.2mdn.net/
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
cf-cache-status
HIT
last-modified
Thu, 22 Sep 2022 08:49:34 GMT
server
cloudflare
age
2475372
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition
attachment; filename=29c0309b-a3a5-4224-9ed7-49654d8c3841-subset.woff
cf-ray
75d5dba10eab90dd-FRA
expires
Fri, 22 Sep 2023 08:49:34 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame BB94
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BlkobCedRY-n_GdqY-gajyrfACgAAAAA4AeAEAg&bg=!dXaldjLNAAaaxvStusY7ACkAdvg8Wmaa-A1mRvWShC4fZCHAw543-b1E9jIe7LYj33lUDlm6ZCvw3wIAAAE6UgAAAAJoAQeZAvTSaOLZHKDuE-LRwo9xIpTc5lduuAp8trYgFHYkLBhRuf9QMOt2XJWYttS8AzfHppPjprKsWkqn8EwbsA5n7dgJjjzWIrLlYk7hOGCyAUN7lxCzjYQOs_bqYrxRMtNeMNTo7LutsYsqa-ChVqOexriU1x3IRQ09-K0F3976UplCrmq8yWj3_vfSUSM5_lNGh3EHwqXNlg7pmMYQTZR6cv3wF4mvjLeNCP2C3P0W-wfj2dPyqw7GrdF3mRL0egounjyQ7DSF0I5I5o3RLp6aKgTTawzvkpTe3qohTFnCh67QCHik2vbWDhJgsM2WnYwtduPmLvrolTtSXQwlwtxhFuN_IbQ-35s0NYDdrjHEjQ5-OjozadVWIDuEB_OQeGZiYfsLbyqgn7Eyb58-UbiiRzbv6zhrDazcjwHx_Y_ENTtN7peDjM95Ou8ppcotZ0G0I3X8Y9-ee6gyqJwhYYroHB6K6IUaAo3cBGWfD4KmezFMT6PMdDfjtww5iJYgswzXC3DTu1DHLIdeMTUCn_tJEHE3fdkdcsVq7KIMk8PMaOLmeCd9GACTJqU_Xeasitf1HMQDSS1m7xLO2e0ErnAUald2sDkXEro2_Wj1rnHvdH4O-FCcsuoyPMmoAs7LQIpcLopW29kPxVDHI4bddBzD8tVJ-lvtte2LHhJTiiwyI1UaUDE6e4j_QoKTv7q35JX5fkbvOiIcR65mT4PsoYEN6GvFB0U_uDYVRgthbgpwDwv1-HdUAm2s77d0mKBsgw7fiFNPhcJIqV0Txn33c6sKxXog4uAM6wleD904hJVyPoHmzNU9BZcvO7C8fXYJhvNFLgaZqwHD3iBf4WIYuPtg_IBMpzmB33kHxiRqnWTpe9KbhMpgdWC79LPMd--HVEuzkyMkrvsrkD2-ekUDClK32fLs7Cbnjc23ic30RapHE4SyplqJwqUdpX49JxWMw9xs4PeSlxkVTVT38c0BVQCtAC1lI6bTux2yRLLA14g7CbFtX2D3Xw0
Requested by
Host: 4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
URL: https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:46 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
font
c.bannerflow.net/fs/api/v2/ Frame B336
2 KB
2 KB
Font
General
Full URL
https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F5b7b0cad6817397694e95d66%2F5ca76276e534b182c4576ce4%2F10aabab5-6f90-4747-b758-81c7d1ca65ae.woff&t=%20%2aBGdegilntu
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16633326591040028672/WHRGermany-Deutsch-728x90-637987462014180196-72a168c9-377a-4ca1-a46a-2db3f8c0b239.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43e70276f3c10173468a6483148f11460b5ac423d25f01ad918246b116faa8e4

Request headers

Referer
https://s0.2mdn.net/
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
cf-cache-status
HIT
last-modified
Thu, 22 Sep 2022 08:49:34 GMT
server
cloudflare
age
2475372
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition
attachment; filename=10aabab5-6f90-4747-b758-81c7d1ca65ae-subset.woff
cf-ray
75d5dba11ebf90dd-FRA
expires
Fri, 22 Sep 2023 08:49:34 GMT
c13bd3f7-a76f-4588-9375-31c27e179bb1.svg
c.bannerflow.net/accounts/wyndham/5ca76276e534b182c4576ce4/images/ Frame CEE8
822 B
734 B
Image
General
Full URL
https://c.bannerflow.net/accounts/wyndham/5ca76276e534b182c4576ce4/images/c13bd3f7-a76f-4588-9375-31c27e179bb1.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
236910ee51f041c8b421955b1b149250536436b2732372e2279a43816d3b109b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:46 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
OrZXxTWoIlrG/00Gooh3tg==
age
4201
x-ms-lease-status
unlocked
last-modified
Mon, 14 Dec 2020 14:48:38 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
c79c7669-801e-006c-70fc-5806b1000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
cf-ray
75d5dba16f2d906d-FRA
optimize
c.bannerflow.net/io/api/image/ Frame CEE8
5 KB
5 KB
Image
General
Full URL
https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fwyndham%2F5ca76276e534b182c4576ce4%2Fimages%2Ffaeb8a2f-c277-4f65-9d52-ab0322ebd38e.png&w=148&h=82&q=85&f=webp&rt=contain
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
060cf77e632908fa1df556b671306619e734d4ba15e1e05eaaa38c92352cb93e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
cf-cache-status
HIT
last-modified
Thu, 20 Oct 2022 09:04:37 GMT
api-supported-versions
2.0
server
cloudflare
age
55269
vary
Accept-Encoding
content-type
image/webp
cache-control
public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges
bytes
cf-ray
75d5dba17f37906d-FRA
content-length
4710
request-context
appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1
optimize
c.bannerflow.net/io/api/image/ Frame FEB7
17 KB
17 KB
Image
General
Full URL
https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fwyndham%2F5ca76276e534b182c4576ce4%2Fimages%2F682f24a3-ac1d-4c30-b264-5c37a0aebf15.jpg&w=250&h=250&q=90&f=webp&rt=contain
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6fa8f77f210d5e1fa81d8825b606051df79dcbf7ff0b639ab3536ca4158ea6f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
cf-cache-status
HIT
last-modified
Thu, 20 Oct 2022 09:06:38 GMT
api-supported-versions
2.0
server
cloudflare
age
55148
vary
Accept-Encoding
content-type
image/webp
cache-control
public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges
bytes
cf-ray
75d5dba18f4b906d-FRA
content-length
17668
request-context
appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1
gsap.min.js
c.bannerflow.net/misc/libs/gsap/3.5.1/ Frame AB0A
60 KB
24 KB
Script
General
Full URL
https://c.bannerflow.net/misc/libs/gsap/3.5.1/gsap.min.js
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/scripts/widget.b830f81785a336af5623.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:46 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
WyDhubHD6tBc1sDDhRKFJg==
age
5191
x-ms-lease-status
unlocked
last-modified
Thu, 22 Oct 2020 09:07:10 GMT
server
cloudflare
etag
W/"0x8D87669DBE25D7E"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
81cac077-b01e-0067-7c57-dafdda000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2011-08-18
cf-ray
75d5dba18f4d906d-FRA
TextPlugin.min.js
c.bannerflow.net/misc/libs/gsap/3.5.1/ Frame AB0A
10 KB
4 KB
Script
General
Full URL
https://c.bannerflow.net/misc/libs/gsap/3.5.1/TextPlugin.min.js
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/scripts/widget.b830f81785a336af5623.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3169b2726b5c785026813413eb505d88cb3b8d95f899b66153624266a9ef503

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:46 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
DOn//7fLVTPV/pYjKJokUQ==
age
2028
x-ms-lease-status
unlocked
last-modified
Tue, 26 Apr 2022 11:12:28 GMT
server
cloudflare
etag
W/"0x8DA2775A64AD9B9"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
a387e2e2-101e-0041-5f89-c4b5c2000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2011-08-18
cf-ray
75d5dba18f4e906d-FRA
MotionPathPlugin.min.js
c.bannerflow.net/misc/libs/gsap/3.5.1/ Frame AB0A
20 KB
9 KB
Script
General
Full URL
https://c.bannerflow.net/misc/libs/gsap/3.5.1/MotionPathPlugin.min.js
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/scripts/widget.b830f81785a336af5623.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
670b4574ac00792fb78909b383658833cd5c776a7f5715b9e9a5670668506db8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:46 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
QyV10aQjskvJeMWugUJ9Sg==
age
2028
x-ms-lease-status
unlocked
last-modified
Tue, 26 Apr 2022 11:11:52 GMT
server
cloudflare
etag
W/"0x8DA277591530E37"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
08be841d-f01e-0004-6789-c46021000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2011-08-18
cf-ray
75d5dba18f4f906d-FRA
ScrollToPlugin.min.js
c.bannerflow.net/misc/libs/gsap/3.5.1/ Frame AB0A
3 KB
2 KB
Script
General
Full URL
https://c.bannerflow.net/misc/libs/gsap/3.5.1/ScrollToPlugin.min.js
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/scripts/widget.b830f81785a336af5623.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b80b934f3f4c2332dd8d77abd1354233647dfb138eec1c4f5a9c07fd69651a7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 21 Oct 2022 00:25:46 GMT
content-encoding
br
cf-cache-status
HIT
content-md5
RCeckZr9ahjy1CSocLy88Q==
age
2028
x-ms-lease-status
unlocked
last-modified
Tue, 26 Apr 2022 11:12:06 GMT
server
cloudflare
etag
W/"0x8DA277599529108"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
74bc14b1-001e-003f-4989-c42585000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
x-ms-version
2011-08-18
cf-ray
75d5dba18f50906d-FRA
activeview
pagead2.googlesyndication.com/pcs/ Frame A9BA
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuGk6TbbF5DenHUo7xyAAcu8BzEolcTzdvHYrxSCklVEx5_-JgVDqtiXv4euxWZjZoWaeXZ4slxmvaB7exljeRLiEeWoTGsLzqIv08ai0D4W22p07uwcOnUHeVSI1Zg7xrAhhWYksQ&sai=AMfl-YSLZKwsPucZjpw6plbOkP1NOZU4HQ-_WASoXa26PtABUBaztN8xq-t_uH-gxLiGorGdfGBAwTk1i8YY7gJa34urRS4dVgQeRzDsXuMdcWs7FiCa__4Kyp5pEGaBBcKRHfM&sig=Cg0ArKJSzMK6rzvLpjMHEAE&cid=CAQSPwDq26N9IJPS-mfHTgv5V8QqX_3BT7o-oFbwHsD8eXHkuUXwHMBC4_LcdS2vHRfLlPJ1ECxhZnaZgzxFH3tTkBgBIA4&id=lidar2&mcvt=1039&p=170,436,260,1164&mtos=1039,1039,1039,1039,1039&tos=1039,0,0,0,0&v=20221019&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1431258259&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1666311944834&rpt=600&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:46 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
optimize
c.bannerflow.net/io/api/image/ Frame FEB7
17 KB
17 KB
Image
General
Full URL
https://c.bannerflow.net/io/api/image/optimize?u=https%3A%2F%2Fc.bannerflow.net%2Faccounts%2Fwyndham%2F5ca76276e534b182c4576ce4%2Fimages%2F682f24a3-ac1d-4c30-b264-5c37a0aebf15.jpg&w=250&h=250&q=90&f=webp&rt=contain
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6fa8f77f210d5e1fa81d8825b606051df79dcbf7ff0b639ab3536ca4158ea6f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
cf-cache-status
HIT
last-modified
Thu, 20 Oct 2022 09:06:38 GMT
api-supported-versions
2.0
server
cloudflare
age
55148
vary
Accept-Encoding
content-type
image/webp
cache-control
public, max-age=86400,stale-if-error=86400,stale-while-revalidate=86400
accept-ranges
bytes
cf-ray
75d5dba1af64906d-FRA
content-length
17668
request-context
appId=cid-v1:aa2d0cc3-fd7d-4ac0-80ca-1db03d937ce1
font
c.bannerflow.net/fs/api/v2/ Frame B336
4 KB
4 KB
Font
General
Full URL
https://c.bannerflow.net/fs/api/v2/font?u=https%3A%2F%2Ffontmanagerstorage.blob.core.windows.net%2Ffontmanagerfonts%2F5b7b0cad6817397694e95d66%2F5ca76276e534b182c4576ce4%2F31fdbdf3-7f70-415c-9110-bcdd44afc2e1.woff%3Fr%3D0.6800054565838232&t=%20%2CSabcehjnprstz%C3%A4%C3%BC
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16633326591040028672/WHRGermany-Deutsch-728x90-637987462014180196-72a168c9-377a-4ca1-a46a-2db3f8c0b239.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1024fbe1569d6452c85f2576e7798663b5d780cc8cd3f3391e5dc1452039650

Request headers

Referer
https://s0.2mdn.net/
Origin
https://s0.2mdn.net
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
cf-cache-status
HIT
last-modified
Mon, 03 Oct 2022 20:23:03 GMT
server
cloudflare
age
1483363
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
cache-control
public, s-maxage=31536000, max-age=31536000, stale-if-error=86400, stale-while-revalidate=86400
content-disposition
attachment; filename=31fdbdf3-7f70-415c-9110-bcdd44afc2e1-subset.woff?r=0
cf-ray
75d5dba1bf2e90dd-FRA
expires
Tue, 03 Oct 2023 20:23:03 GMT
/
c.bannerflow.net/tr/v2/pixel/ Frame B336
0
81 B
Ping
General
Full URL
https://c.bannerflow.net/tr/v2/pixel/
Requested by
Host: c.bannerflow.net
URL: https://c.bannerflow.net/a/6321a5312e3a572c4684eff4?did=5ced17d285b1c200019c3fe1&deeplink=on&&redirecturl=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%3Fxai%3DAKAOjsvWUtkPFGGC0kZV4WI89SUOg3ZcRztrFlS-wo0hvwuZwFEGfgQyO-fANlCOHd7i8mrQIN5uGnO0J5BrGljzirqKxfpK1kb8lWVST8yVN_DKFd7q2a4OFC6olY0KgxlQ2DTszcALFH3-EqIJNq3IXCcXJZ8pLv_8M6CawcAmWS3MLmGsK2VGR2TVnmTaF2uuvE-DEYp7xNLB26wMQHadbGmut8WlfctnkolbHJSlklHQJ56rABdnJG0scxeL83s8xvKQZI5jSf6TKy5SYg6_Gmql8CDmnq7_C8fUhcRoHE-nid7KFk8jH-Vm4-qcWuGtz-24eivIYWsilB3XSyYrXEq5iW2lR99FzFF750Cbdyx7fwhF4bOEe1MHa4cNiC35nNSISouY9LxgT7M-VazxAL7L8YA02t0gvBj6kHm6HBsWmGOgDkEV0KOdGWZg-V2fYfJkAT0StaIqqlIyppuIeKBuuKNXf--OzBIsro5hvinD8NVrv0a665KV9ov8ZWqKjls-YGdTh6yaQTb9T_h7so4hzjX_ORBk5lDbS-hDd4_f1UXaiHTlIiAMWjG8cjjkNNyGGBUbugkfejlOjVHHqBfynm1_lq51VAPRX9J7Sv09JRIg-Z7W319fZdvF7240XWjgUWmMMYSQGe1Q6s8UJeIQk6O08YpKfRSLXeaMhL0og0kw8LxxCq2P0hV50zXuIqhgO5x1uv8CreNaTX9Sc0SJPSLdcC-UCEyG-G6wW5Qh59IcgwqjA4Z9y97JzlnNyBsLLYq_nL9hMode7jt3AS_WSoIKFttAQmyMkJIxnbyAXj1mXY_0eIcd_5JMROT5VCjwcNpPrq1xTVt2QK2thSCsXZBLNnI3wqdye2pybmaNVt17PpCV07D75ur-xUwPndSOLvK25e6_wmlbVlBlN8nYgfZce7Jqk7VEpbm5yGps6bLWBVFIy4RszP7BaNAPS6xHK0TAHkRbqq9yc8jHUGPpMOObPWguDwe1lQmCpd8nBSYxNP0mYdgJ4LwpDs14cMTqhBHt-89KkNWjGf8kEykKhkIJ__jKZ5XbHFnFTlju_8dUz_BpodkoFRIHRfOOwQlcGgi5XWdnnID-ZOTRx1p4XDSuNMfZVHDnkgo7bHnFs6W4rPupJOJo0keDv2Blv-Mlw8tXFYs7TY8USJoqLZQOZz1ihtwx9GOu%26sai%3DAMfl-YTtbrKE1ffwymFKEwuItwLp-bSl4QcthBfLm8KVB3g5pYdtE-OK6onUop9RN9hEM6WZF3bGST8ur4GxE9BM4NPE9sjg3Ct-Fak_0ueWLAHB4-XFr_SeEEBxmXimBrkgdylKhWuKMZIW_huuPL7EF9q4_V9TyR0lHGeydAoo1WSxahvuoWb181zWUQiTEx6B_7x_LEwBnvHh-XdVUBA-PLlgQQPv0yDvfO1xfhlvdhE9QRWAebDG7iAdY7cM7jGN0dF2X3HgztIm7zjXsykmqnn-wRj7xK4Q-g%26sig%3DCg0ArKJSzFiir897fq2REAE%26fbs_aeid%3D%5Bgw_fbsaeid%5D%26urlfix%3D1%26rm_eid%3D6653327%26adurl%3Dhttps%253A%252F%252Fwww.wyndhamhotels.com%252Fde-de%252Fhotel-deals%252Fsave-now-stay-later%253Fcid%253DDP%253Aiyg0g76hdpq4yhz%2526dclid%253D%2525edclid!
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:c40 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://s0.2mdn.net/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
75d5dba1df96906d-FRA
content-length
0
request-context
appId=cid-v1:1d9bcaa3-5ddc-4e5d-973c-949d7ceab63e
activeview
pagead2.googlesyndication.com/pcs/ Frame 8735
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsue0yQLN6cDMk7VbgZ0lA-Zo26gpWDhOWSLxTf3poO9h0L3EYuRK-3wxNiNvTsHtrWT4K66ilWgEt7F54dCtNESjTHbvQFq_0LTYip2vzq72nBmCl6T&sig=Cg0ArKJSzPmfLPqcNlYxEAE&id=lidar2&mcvt=1000&p=628,990,878,1290&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221019&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=19&adk=3948478152&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1666311945772&rpt=223&isd=0&lsd=0&met=ie&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:47 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
access-control-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 55FE
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=dbg&cor=3937164023530862263&x=1&ct=76&dl=2&ds=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:47 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/ Frame C6E3
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 20 Oct 2022 23:01:59 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
5028
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Fri, 21 Oct 2022 01:01:59 GMT
lato.woff
gsm-widgets.betstream.betgenius.com/fonts/ Frame C6E3
38 KB
38 KB
Font
General
Full URL
https://gsm-widgets.betstream.betgenius.com/fonts/lato.woff
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
9f4bb49b19fe835161344a1ab647c5df2b04403169fdb58cc8aba19d7b611c89

Request headers

Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Origin
https://gsm-widgets.betstream.betgenius.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
cache-control
max-age=600
server
AkamaiNetStorage
etag
"613895451650fc1d5deebc40b6555b48:1663780056.348576"
content-length
38992
content-type
font/woff
lato-bold.woff
gsm-widgets.betstream.betgenius.com/fonts/ Frame C6E3
38 KB
38 KB
Font
General
Full URL
https://gsm-widgets.betstream.betgenius.com/fonts/lato-bold.woff
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c51c75c768db2fc87ff993b7fd7c3e3bc296569ce0955b439dbb06ca78bd8d6b

Request headers

Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Origin
https://gsm-widgets.betstream.betgenius.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
cache-control
max-age=600
server
AkamaiNetStorage
etag
"bb910c97fb2d813acdd122900556e329:1663780056.315541"
content-length
39184
content-type
font/woff
BarlowSemiCondensed-Bold.woff
gsm-widgets.betstream.betgenius.com/fonts/ Frame C6E3
57 KB
57 KB
Font
General
Full URL
https://gsm-widgets.betstream.betgenius.com/fonts/BarlowSemiCondensed-Bold.woff
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
fa58c4b5d186c8d31190b67714226a3a76c9b5517076f96c27081e154b9c2436

Request headers

Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Origin
https://gsm-widgets.betstream.betgenius.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
cache-control
max-age=600
server
AkamaiNetStorage
etag
"60a5f1122ef173728eec78c80b73059b:1663780056.331016"
content-length
58284
content-type
font/woff
externals.js
gsm-widgets.betstream.betgenius.com/javascript/ Frame C6E3
203 KB
62 KB
Script
General
Full URL
https://gsm-widgets.betstream.betgenius.com/javascript/externals.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
30f5b40cca5295366b773b660839831f42e5d67aeeccd7198e610ee32dde249d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
cache-control
max-age=600
server
AkamaiNetStorage
etag
"bf74637538611e11da0bbf4aa29324a6:1663780056.285293"
vary
Accept-Encoding
content-type
application/x-javascript
genius-sports-message-bus.js
gsm-widgets.betstream.betgenius.com/javascript/ Frame C6E3
4 KB
2 KB
Script
General
Full URL
https://gsm-widgets.betstream.betgenius.com/javascript/genius-sports-message-bus.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4e4e796a542de8d37c08383c4b0f1deb7a0f1a2343d3c731fc9239ab0a89137c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
server
AkamaiNetStorage
etag
"a0b2987d5ba54bffa6c1c4f9e733dfae:1663780056.214645"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=600
content-length
1590
genius-sports-logger.js
gsm-widgets.betstream.betgenius.com/javascript/ Frame C6E3
9 KB
3 KB
Script
General
Full URL
https://gsm-widgets.betstream.betgenius.com/javascript/genius-sports-logger.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
6860490efeb4447dabfcb5a57b0d9a14aaa76df28f6f2067565aca3d7fac9c52

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
server
AkamaiNetStorage
etag
"54a5a00739253e18049911bc36571e9b:1663780056.280429"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=600
content-length
3064
data-update-service.js
gsm-widgets.betstream.betgenius.com/javascript/ Frame C6E3
23 KB
6 KB
Script
General
Full URL
https://gsm-widgets.betstream.betgenius.com/javascript/data-update-service.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
ed2772d700ff8cedd17a8c5d43ac9a78269fb7087839f3cc0e504bc9ce021858

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
server
AkamaiNetStorage
etag
"08e22335547bb9a117de210b0762c6e8:1663780056.193374"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=600
content-length
5997
market-entity-mapper.js
gsm-widgets.betstream.betgenius.com/javascript/ Frame C6E3
8 KB
3 KB
Script
General
Full URL
https://gsm-widgets.betstream.betgenius.com/javascript/market-entity-mapper.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
8e4daf0c4bcd9d75a33efd4fbcb1d5d348afba4bf707dd93533a4d5fd38de52f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
server
AkamaiNetStorage
etag
"547a82348a8d243bb44874d6d267e64f:1663780056.250266"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=600
content-length
2606
ast.js
acdn.adnxs.com/ast/ Frame C6E3
92 KB
32 KB
Script
General
Full URL
https://acdn.adnxs.com/ast/ast.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
90352cd429fceb3b816c9418248ab076c32d27239cc9bdf453287b07c952fe93

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Expires
Tue, 18 Oct 2022 12:32:40 GMT
Date
Fri, 21 Oct 2022 00:25:47 GMT
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Age
42783
X-Cache
HIT, HIT
Connection
keep-alive
Content-Length
32131
X-Served-By
cache-lga21942-LGA, cache-fra-eddf8230126-EDDF
Last-Modified
Mon, 17 Oct 2022 12:28:46 GMT
Server
nginx/1.18.0 (Ubuntu)
X-Timer
S1666311948.521280,VS0,VE0
ETag
W/"634d4a7e-16e64"
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Accept-Ranges
bytes
X-Cache-Hits
4802, 17
LinkManager.js
gsm-widgets.betstream.betgenius.com/javascript/ Frame C6E3
2 KB
865 B
Script
General
Full URL
https://gsm-widgets.betstream.betgenius.com/javascript/LinkManager.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
e5718552985b885aad92b5fd62e8ba2748bda285e1cf240b5fd87f5e9fc125a2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
server
AkamaiNetStorage
etag
"409dd33d4a0a8e5444cbef802a721561:1663780056.425375"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=600
content-length
696
AppNexusPlacement.js
gsm-widgets.betstream.betgenius.com/javascript/ Frame C6E3
5 KB
2 KB
Script
General
Full URL
https://gsm-widgets.betstream.betgenius.com/javascript/AppNexusPlacement.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
85b9381a028dfec3b2eb098f3ed05904960e8eef84201307f0911d70d384e1f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
server
AkamaiNetStorage
etag
"98ad450095d83dfff51615e75444e61f:1663780056.343723"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=600
content-length
1833
PrebidPlacement.js
gsm-widgets.betstream.betgenius.com/javascript/ Frame C6E3
4 KB
2 KB
Script
General
Full URL
https://gsm-widgets.betstream.betgenius.com/javascript/PrebidPlacement.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
fef150c7927eec405ab56ba61bc9c6b48bb0a4367b3b4142c0d919659b358dee

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
server
AkamaiNetStorage
etag
"a0f724fce2e92b7470f84db8f21a17e9:1663780056.303776"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=600
content-length
1600
AdvertSlotCreator.js
gsm-widgets.betstream.betgenius.com/javascript/ Frame C6E3
9 KB
3 KB
Script
General
Full URL
https://gsm-widgets.betstream.betgenius.com/javascript/AdvertSlotCreator.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4ddf846533dbdfeadfb689dad3bb5e90e6057c0dfdc0657e6f35d003a38cf730

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
server
AkamaiNetStorage
etag
"0655fa3069a4dc41c04c7a13fae7f13d:1663780056.346056"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=600
content-length
2712
AppNexus.js
gsm-widgets.betstream.betgenius.com/javascript/ Frame C6E3
724 B
872 B
Script
General
Full URL
https://gsm-widgets.betstream.betgenius.com/javascript/AppNexus.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
d3564d2b09a1761f856bf198d3b4f97e1229358698bb6314bb731697e9429c16

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
cache-control
max-age=600
server
AkamaiNetStorage
etag
"225b63108000193122416ffe4742d91e:1663780056.1783"
content-length
724
content-type
application/x-javascript
Prebid.js
gsm-widgets.betstream.betgenius.com/javascript/ Frame C6E3
170 KB
54 KB
Script
General
Full URL
https://gsm-widgets.betstream.betgenius.com/javascript/Prebid.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
956502cf34dd763cc8c03deacd057372a779750b63cd6d0ecfa1100e70a5e5ae

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
cache-control
max-age=600
server
AkamaiNetStorage
etag
"b4ff8df7435ff552a58a966c324d012f:1663780056.268755"
vary
Accept-Encoding
content-type
application/x-javascript
predictedscorewidget
us.connextra.com/dcs/tagController/tag/268336296bbf/ Frame C6E3
0
0
Script
General
Full URL
https://us.connextra.com/dcs/tagController/tag/268336296bbf/predictedscorewidget
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.203.66.225 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-66-225.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-length
34
content-type
text/html
Milwaukee_Bucks_logo.svg
upload.wikimedia.org/wikipedia/en/4/4a/ Frame C6E3
8 KB
5 KB
Image
General
Full URL
https://upload.wikimedia.org/wikipedia/en/4/4a/Milwaukee_Bucks_logo.svg
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),
Reverse DNS
Software
ATS/9.1.3 /
Resource Hash
30568976ec60901c83df619811ae5d473e0be11cbbda09e6433173ccfa06cd8a
Security Headers
Name Value
Strict-Transport-Security max-age=106384710; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 18:22:40 GMT
content-encoding
gzip
strict-transport-security
max-age=106384710; includeSubDomains; preload
nel
{ "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age
21786
x-cache-status
hit-front
x-cache
cp3059 hit, cp3063 hit/20
server-timing
cache;desc="hit-front", host;desc="cp3063"
content-length
3472
x-client-ip
2a00:c98:2030:a004:1::4
x-object-meta-sha1base36
29bmqynw732i3bmcjgotrcyu7ygb632
last-modified
Sun, 27 May 2018 19:49:11 GMT
server
ATS/9.1.3
accept-ch
Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
etag
W/5b7f6aeba722a2029fc51e90397f1ae7
vary
Accept-Encoding
report-to
{ "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
permissions-policy
interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
accept-ranges
bytes
timing-allow-origin
*
Philadelphia_76ers_logo.svg
upload.wikimedia.org/wikipedia/en/0/0e/ Frame C6E3
19 KB
9 KB
Image
General
Full URL
https://upload.wikimedia.org/wikipedia/en/0/0e/Philadelphia_76ers_logo.svg
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:0:862:ed1a::2:b , United States, ASN14907 (WIKIMEDIA, US),
Reverse DNS
Software
ATS/9.1.3 /
Resource Hash
9c0054243c6d0f999f2529b7b6165753d8ea98d40defc0e598853379af7798a8
Security Headers
Name Value
Strict-Transport-Security max-age=106384710; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Thu, 20 Oct 2022 06:52:24 GMT
content-encoding
gzip
strict-transport-security
max-age=106384710; includeSubDomains; preload
nel
{ "report_to": "wm_nel", "max_age": 86400, "failure_fraction": 0.05, "success_fraction": 0.0}
age
63202
x-cache-status
hit-front
x-cache
cp3061 hit, cp3063 hit/85
server-timing
cache;desc="hit-front", host;desc="cp3063"
content-length
7520
x-client-ip
2a00:c98:2030:a004:1::4
x-object-meta-sha1base36
nivvunmjzcdrrdt9hehggpf57u2mfhp
last-modified
Tue, 03 Jul 2018 15:07:23 GMT
server
ATS/9.1.3
accept-ch
Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
etag
W/94fc4e4c3964e75b0939447aa1e7e487
vary
Accept-Encoding
report-to
{ "group": "wm_nel", "max_age": 86400, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
content-type
image/svg+xml
access-control-allow-origin
*
access-control-expose-headers
Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
permissions-policy
interest-cohort=(),ch-ua-arch=(self "intake-analytics.wikimedia.org"),ch-ua-bitness=(self "intake-analytics.wikimedia.org"),ch-ua-full-version-list=(self "intake-analytics.wikimedia.org"),ch-ua-model=(self "intake-analytics.wikimedia.org"),ch-ua-platform-version=(self "intake-analytics.wikimedia.org")
accept-ranges
bytes
timing-allow-origin
*
8030.svg
gsm-widgets.betstream.betgenius.com/img/bookmaker-logos/light/8030/svg/ Frame C6E3
8 KB
3 KB
Image
General
Full URL
https://gsm-widgets.betstream.betgenius.com/img/bookmaker-logos/light/8030/svg/8030.svg
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
32b61feee0df71fa8ac78c8b2c85b68e574536b2fd6380dcd39dfe5eb24cdbd5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
server
AkamaiNetStorage
etag
"6bada3fa22e74fa0cc54a8fe2b209b42:1663780056.421935"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=600
content-length
3262
PredictedScore.js
gsm-widgets.betstream.betgenius.com/getWidgetJS/ Frame C6E3
523 KB
147 KB
Script
General
Full URL
https://gsm-widgets.betstream.betgenius.com/getWidgetJS/PredictedScore.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
istio-envoy / Express
Resource Hash
ec6f364352c009a79ecee3ddd6e3b2731a07cae7844b9f69c13c2b3629a03cf9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
server
istio-envoy
x-powered-by
Express
etag
W/"82b22-vYrxC++HkHJGLDMAJXBNSCLrCzc"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-envoy-upstream-service-time
4
getWidgetInitScript
gsm-widgets.betstream.betgenius.com/ Frame C6E3
29 KB
4 KB
Script
General
Full URL
https://gsm-widgets.betstream.betgenius.com/getWidgetInitScript?uuid=e892c670-50d6-11ed-b4db-af5777d8c466&renderConfigId=predictedscorewidget&containerId=predictedscorewidget-gsm-widgets&region=HE&country=DE&productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033&culture=en-US
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
istio-envoy / Express
Resource Hash
5dc828faaec7dde7186d4c024ae51126ab5aa1d73c130528b7fcd6787c11eaa7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
server
istio-envoy
x-powered-by
Express
etag
W/"73a2-MvgUFAq+2/AxBV0ZDAM+Bu/D4Ok"
vary
Accept-Encoding
content-type
text/html; charset=utf-8
x-envoy-upstream-service-time
2
content-length
4052
icons.svg
gsm-widgets.betstream.betgenius.com/img/ Frame C6E3
132 KB
41 KB
Other
General
Full URL
https://gsm-widgets.betstream.betgenius.com/img/icons.svg
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
6497da46e526c0eaa827bf692f829012fa40ada5c0a9ef0124296d64ee71a00e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
server
AkamaiNetStorage
etag
"4b98c36be8396e278b2fd822317b87db:1663780056.27441"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=600
content-length
41451
rum
dsum.casalemedia.com/
Redirect Chain
  • https://dsum.casalemedia.com/pbusermatch?origin=prebid&site_id=360071&p=1&i=0&gdpr=0&gdpr_consent=&us_privacy=
  • https://x.bidswitch.net/sync?ssp=index
  • https://x.bidswitch.net/ul_cb/sync?ssp=index
  • https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=index
  • https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=index
  • https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=284e106f-59c8-410c-afa3-e774aeeb658b&ssp=index
  • https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c355bcde-6eff-4a3f-92dd-5b40e7d86203
43 B
766 B
Image
General
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c355bcde-6eff-4a3f-92dd-5b40e7d86203
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=496
Content-Length
43
Expires
0

Redirect headers

Location
//dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c355bcde-6eff-4a3f-92dd-5b40e7d86203
Date
Fri, 21 Oct 2022 00:25:48 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
generic
match.adsrvr.org/track/cmf/
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
  • https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1666311947549
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7679276743
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7679276743
Protocol
H2
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Fri, 21 Oct 2022 00:25:47 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:47 GMT
etag
RX838b20d9fbe9470a82c53a2528df1d54003
content-type
text/html
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7679276743
cache-control
no-store, no-cache, must-revalidate
expires
0
cksync.php
cs.media.net/
44 B
410 B
Image
General
Full URL
https://cs.media.net/cksync.php?cs=8
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
95.101.200.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-200-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1681cb2b2db935f48c843351945df3f3f77f79c1c8de28c4fa88d8b655c25ae2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:47 GMT
Server
Apache
P3P
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
44
X-MNET-HL2
E
Expires
Fri, 21 Oct 2022 00:25:47 GMT
ImgSync
image8.pubmatic.com/AdServer/
0
42 B
Image
General
Full URL
https://image8.pubmatic.com/AdServer/ImgSync?p=159745
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.18 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
content-length
0
cksync.php
cs.media.net/
Redirect Chain
  • https://pm.w55c.net/ping_match.gif?ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_
  • https://pm.w55c.net/ping_match.gif?scc=1&ei=MEDIANET&rurl=https%3A%2F%2Fcs.media.net%2Fcksync.php%3Fcs%3D8%26type%3Ddxu%26ovsid%3D_wfivefivec_
  • https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=Uc6qo5l21OLFR95
45 B
623 B
Image
General
Full URL
https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=Uc6qo5l21OLFR95
Protocol
HTTP/1.1
Server
95.101.200.23 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-101-200-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:47 GMT
Server
Apache
P3P
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
45
X-MNET-HL2
E
Expires
Fri, 21 Oct 2022 00:25:47 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:47 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
Server
PingMatch/5502e06#5502e06d7dbe3c52c9a5559e1550ac262fba6e07 i-0a4402c7ccc8b73ba@eu-central-1a@dxedge-app-eu-central-1-prod-asg
Location
https://cs.media.net/cksync.php?cs=8&type=dxu&ovsid=Uc6qo5l21OLFR95
Cache-Control
no-cache, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
Fri, 01 Jan 1990 00:00:00 GMT
pd
u.openx.net/w/1.0/
43 B
120 B
Image
General
Full URL
https://u.openx.net/w/1.0/pd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:47 GMT
content-encoding
gzip
via
1.1 google
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
content-type
image/gif
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
sync
ads.servenobid.com/
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26cbimg%3D10141%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=312&cbimg=10141&uid=2379152101782792133
0
343 B
Image
General
Full URL
https://ads.servenobid.com/sync?pid=312&cbimg=10141&uid=2379152101782792133
Protocol
H2
Server
54.75.88.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-75-88-22.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:47 GMT
AN-X-Request-Uuid
4b8eef42-7c63-47c0-9e29-752b04edc3d9
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://ads.servenobid.com/sync?pid=312&cbimg=10141&uid=2379152101782792133
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
pixel
ap.lijit.com/
0
277 B
Image
General
Full URL
https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=http%3A%2F%2Flocalhost%3A8282%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.251.249.9 Amsterdam, Netherlands, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Fri, 21 Oct 2022 00:25:47 GMT
Access-Control-Allow-Credentials
true
X-Sovrn-Pod
ad_ap3ams1
Access-Control-Allow-Headers
X-Requested-With, Content-Type
Access-Control-Allow-Methods
GET, POST, DELETE, PUT
usersync.aspx
dis.criteo.com/dis/
43 B
363 B
Image
General
Full URL
https://dis.criteo.com/dis/usersync.aspx?r=115&p=259&cp=medianet&cu=1&url=https%3A%2F%2Fcontextual.media.net%2Fcksync.php%3Fcs%3D1%26type%3Dcrt%26ovsid%3D%40%40CRITEO_USERID%40%40
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:46 GMT
x-errorlevel
0
strict-transport-security
max-age=31536000; preload;
server
Kestrel
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type
image/gif
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
290071
expires
Fri, 21 Oct 2022 00:00:00 GMT
cksync.php
contextual.media.net/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=medianet&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&gdpr_pd=1
  • https://x.bidswitch.net/ul_cb/sync?ssp=medianet&gdpr=${GDPR}&gdpr_consent=${GDPR_CONSENT}&gdpr_pd=1
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=medianet&bsw_param=c355bcde-6eff-4a3f-92dd-5b40e7d86203&google_hm=YzM1NWJjZGUtNmVmZi00YTNmLTkyZGQtNWI0MGU3ZDg2MjAz
  • https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEMwuSxC7pY9Qs1Q4c8iSMZA&google_cver=1&ssp=medianet&bsw_param=c355bcde-6eff-4a3f-92dd-5b40e7d86203
  • https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=c355bcde-6eff-4a3f-92dd-5b40e7d86203&gdpr=&gdpr_consent=&gdpr_pd=
45 B
465 B
Image
General
Full URL
https://contextual.media.net/cksync.php?cs=1&type=bs&ovsid=c355bcde-6eff-4a3f-92dd-5b40e7d86203&gdpr=&gdpr_consent=&gdpr_pd=
Protocol
H2
Server
104.79.88.129 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-79-88-129.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Fri, 21 Oct 2022 00:25:48 GMT
server
Apache
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
content-type
image/gif
cache-control
max-age=0, no-cache, no-store
content-length
45
x-mnet-hl2
E
expires
Fri, 21 Oct 2022 00:25:48 GMT

Redirect headers

Location
//contextual.media.net/cksync.php?cs=1&type=bs&ovsid=c355bcde-6eff-4a3f-92dd-5b40e7d86203&gdpr=&gdpr_consent=&gdpr_pd=
Date
Fri, 21 Oct 2022 00:25:47 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
sync
ads.servenobid.com/
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
  • https://ads.servenobid.com/sync?pid=312&uid=2379152101782792133
0
343 B
Image
General
Full URL
https://ads.servenobid.com/sync?pid=312&uid=2379152101782792133
Protocol
H2
Server
54.75.88.22 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-75-88-22.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://bearinsider.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
amp-access-control-allow-source-origin
*
content-type
image/avif;charset=ISO-8859-1
access-control-allow-origin
*
access-control-expose-headers
AMP-Access-Control-Allow-Source-Origin
cache-control
no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials
true
content-length
0

Redirect headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:47 GMT
AN-X-Request-Uuid
cd70122f-27f3-4781-8812-de98c41dd7f6
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://ads.servenobid.com/sync?pid=312&uid=2379152101782792133
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
369.json
id5-sync.com/g/v2/
216 B
625 B
XHR
General
Full URL
https://id5-sync.com/g/v2/369.json
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
141.95.98.64 , France, ASN16276 (OVH, FR),
Reverse DNS
ns3216658.ip-141-95-98.eu
Software
/
Resource Hash
12ad5c68ff9467e07f805c5537e4d4c7454434de12b7da994a63d9aa396a8288
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:46 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding
chunked
content-type
application/json;charset=UTF-8
envelope
api.rlcdn.com/api/identity/
0
13 B
XHR
General
Full URL
https://api.rlcdn.com/api/identity/envelope?pid=88
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.133.55 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
55.133.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
via
1.1 google
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://bearinsider.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-headers
Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length
0
rid
match.adsrvr.org/track/
63 B
388 B
XHR
General
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=mp4hjl8&fmt=json
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
dd76237cb45a7968e068f314836135fbb40f1e2e64ece7bcb94ad09fb1e51562

Request headers

Referer
https://bearinsider.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
x-aspnet-version
4.0.30319
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://bearinsider.com
cache-control
private
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
content-length
63
expires
Sun, 20 Nov 2022 00:25:47 GMT
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame B48F
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=95054
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.168.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-168-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=134478
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Fri, 21 Oct 2022 00:25:47 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sat, 22 Oct 2022 13:47:05 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
pd
u.openx.net/w/1.0/ Frame 43FB
0
35 B
Document
General
Full URL
https://u.openx.net/w/1.0/pd
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
20
content-type
text/html
date
Fri, 21 Oct 2022 00:25:47 GMT
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
ixmatch.html
js-sec.indexww.com/um/ Frame 562B
3 KB
2 KB
Document
General
Full URL
https://js-sec.indexww.com/um/ixmatch.html
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.12.76 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
684
cache-control
public, max-age=14400
cf-cache-status
HIT
cf-ray
75d5dba869739226-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Fri, 21 Oct 2022 00:25:47 GMT
expires
Fri, 21 Oct 2022 04:25:47 GMT
last-modified
Mon, 25 Jul 2022 19:18:30 GMT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server
cloudflare
vary
Accept-Encoding
check.html
biddr.brealtime.com/ Frame 40C4
926 B
1 KB
Document
General
Full URL
https://biddr.brealtime.com/check.html
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.17.120.107 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Age
3314
CF-Cache-Status
HIT
CF-RAY
75d5dba8bf949bf5-FRA
Cache-Control
public, max-age=3600
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Fri, 21 Oct 2022 00:25:47 GMT
Expires
Fri, 21 Oct 2022 01:25:47 GMT
Last-Modified
Tue, 08 Sep 2020 13:51:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
x-amz-id-2
THBBha14TFKejWVop+slac2Gat7v7s2Fu4JGgxBkG9B75xNQjO1mn/icIaXCsUesNFddupQ0giY=
x-amz-request-id
15DG7FS62Q387667
usersync.html
ad-cdn.technoratimedia.com/html/ Frame F1D8
22 KB
8 KB
Document
General
Full URL
https://ad-cdn.technoratimedia.com/html/usersync.html?src=prebid_prebid_6.29.0
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:f76:14f7:d635:25c4:c8d7 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CFA) /
Resource Hash
6619c3c9eaf6738dc2e1921e0682e82f4a5b0ac44a6b33d89812f576bc31ab41

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-methods
GET
access-control-allow-origin
*
access-control-expose-headers
access-control-allow-credentials,access-control-allow-methods,access-control-allow-origin,date,etag,opc-client-info,opc-request-id,x-api-id
age
726
cache-control
max-age=900
content-encoding
gzip
content-length
7250
content-md5
lcpePTe6AerpIQfSuw35Lg==
content-type
text/html; charset=utf-8
date
Fri, 21 Oct 2022 00:25:47 GMT
etag
a24e35b4-9daf-4886-8cb8-e752aec17db7
expires
Fri, 21 Oct 2022 00:40:47 GMT
last-modified
Thu, 25 Aug 2022 17:39:51 GMT
opc-request-id
iad-1:KjwnBvW8arFIqR0cSH-EDn5LHIoevv6PXpK9BgK9c5PqnRBVdnLtdl5qb8oLKAhj
server
ECAcc (frc/4CFA)
storage-tier
Standard
vary
Accept-Encoding
version-id
47726d7f-1be6-4a83-a43b-588c3e43b197
x-api-id
native
x-cache
HIT
usermatch
ssum-sec.casalemedia.com/ Frame A7D7
2 KB
1 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.19.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4dfccead154e05c830b54f0c4d72641d8f8d6e2200d6ec0faa4ee73e03c37a30

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
75d5dba8a99e9193-FRA
content-encoding
br
content-type
text/html
date
Fri, 21 Oct 2022 00:25:47 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mIw824hKYUQGqRBAdikGjXQVE%2Bo4wVWBUfJJebs1ur0ODZAzqDGyhGkQ3jqYjBmJ4%2BY0ALwSMdFg9jmesxldTmqXTDM1XC%2FmdO2FM3C3C6mcqQ5bx5tjNftq0qUaAipaSdz2pWuNiAwmYw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7D25
15 KB
6 KB
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=95054&userIdMacro=PM_UID&gdpr=0&predirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fpubmatic%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3DPM_UID
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
88.221.168.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a88-221-168-201.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=134478
content-encoding
gzip
content-length
5549
content-type
text/html; charset=UTF-8
date
Fri, 21 Oct 2022 00:25:47 GMT
etag
"1300708-3de4-5d6ef246ef4cf"
expires
Sat, 22 Oct 2022 13:47:05 GMT
last-modified
Tue, 01 Feb 2022 06:38:00 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
generic
match.adsrvr.org/track/cmf/ Frame 4F70
Redirect Chain
  • https://ex.ingage.tech/v1/syncPage/unruly?userId=cf0709de-10b7-424e-9eb2-e10859bca5eb&to=https%3A%2F%2Fsync.1rx.io%2Fusersync2%2Frmpssp%3Fsub%3Dinsticator
  • https://sync.1rx.io/usersync2/rmpssp?sub=insticator
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1042139016
70 B
264 B
Document
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1042139016
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,no-cache, must-revalidate
content-length
70
content-type
image/gif
date
Fri, 21 Oct 2022 00:25:47 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-type
text/html
date
Fri, 21 Oct 2022 00:25:47 GMT
etag
RX838b20d9fbe9470a82c53a2528df1d54003
expires
0
location
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=1042139016
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
pragma
no-cache
async_usersync.html
acdn.adnxs.com/dmp/ Frame 9161
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.1.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Age
71811
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Fri, 21 Oct 2022 00:25:47 GMT
ETag
W/"623de86a-cf34"
Expires
Wed, 19 Oct 2022 04:28:54 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
Via
1.1 varnish, 1.1 varnish
X-Cache
HIT, HIT
X-Cache-Hits
27, 801
X-Served-By
cache-lga13626-LGA, cache-fra-eddf8230126-EDDF
X-Timer
S1666311948.591576,VS0,VE0
/
ssc-cms.33across.com/ps/ Frame 7094
0
0
Document
General
Full URL
https://ssc-cms.33across.com/ps/?m=xch&rt=html&ru=deb&id=atx4xsU7Or6R0PaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.23 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip23.67-202-105.static.steadfastdns.net
Software
33XP002 /
Resource Hash

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

date
Fri, 21 Oct 2022 00:25:48 GMT
server
33XP002
x-33x-status
2000208
usync.html
eus.rubiconproject.com/ Frame B450
281 B
573 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.77.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-77-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 21 Oct 2022 00:25:47 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Unused62
8096267
Vary
Accept-Encoding
/
sync.aralego.com/idSync/ Frame 1619
35 B
413 B
Document
General
Full URL
https://sync.aralego.com/idSync/?ucf_nid=par-BE7E7ADB8D34EE2BF7BBD2899BB62A77&gdpr=0&redirect=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fucfunnel%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3DUCFUID
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.96.200.41 Gaithersburg, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
Software
/
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
close
Content-Length
35
Content-Type
image/gif
Date
Fri, 21 Oct 2022 00:25:47 GMT
cf0709de-10b7-424e-9eb2-e10859bca5eb
ex.ingage.tech/v1/sync/betweenx/ Frame 7062
Redirect Chain
  • https://ads.betweendigital.com/match?bidder_id=43907&gdpr=0&callback_url=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fbetweenx%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D%24%7BUSER_ID%7D
  • https://ads.betweendigital.com/match?bidder_id=43907&gdpr=0&callback_url=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fbetweenx%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D%24%7BUSER_ID%7D&crf=1
  • https://ex.ingage.tech/v1/sync/betweenx/cf0709de-10b7-424e-9eb2-e10859bca5eb?uid=10b4d290-5fd7-5226-997d-2ee7fa2cc9ec
0
0
Document
General
Full URL
https://ex.ingage.tech/v1/sync/betweenx/cf0709de-10b7-424e-9eb2-e10859bca5eb?uid=10b4d290-5fd7-5226-997d-2ee7fa2cc9ec
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:53d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
cache-control
private, max-age=1296000
cf-cache-status
DYNAMIC
cf-ray
75d5dba9cbeebbf2-FRA
date
Fri, 21 Oct 2022 00:25:47 GMT
server
cloudflare
vary
Origin

Redirect headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
location
https://ex.ingage.tech/v1/sync/betweenx/cf0709de-10b7-424e-9eb2-e10859bca5eb?uid=10b4d290-5fd7-5226-997d-2ee7fa2cc9ec
rubicon
ex.ingage.tech/v1/syncPage/ Frame CB09
951 B
537 B
Document
General
Full URL
https://ex.ingage.tech/v1/syncPage/rubicon?userId=cf0709de-10b7-424e-9eb2-e10859bca5eb&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Requested by
Host: df80k0z3fi8zg.cloudfront.net
URL: https://df80k0z3fi8zg.cloudfront.net/files/instibid/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:53d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d048d1ba1fb1f78e38c3e0cc432db86fb8138d98d4b61242b1b7951f62208b1

Request headers

Referer
https://bearinsider.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
cf-cache-status
DYNAMIC
cf-ray
75d5dba87a4abbf2-FRA
content-encoding
gzip
content-type
text/html
date
Fri, 21 Oct 2022 00:25:47 GMT
server
cloudflare
vary
Origin
PugMaster
image6.pubmatic.com/AdServer/ Frame B48F
0
42 B
Script
General
Full URL
https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=58556176&p=95054&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=95054
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ads.pubmatic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:46 GMT
content-length
0
usermatch
ssum-sec.casalemedia.com/ Frame 198F
2 KB
1 KB
Document
General
Full URL
https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fbearinsider.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Requested by
Host: js-sec.indexww.com
URL: https://js-sec.indexww.com/um/ixmatch.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.19.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f6885febd5d6acf6dd236c07d6b3e3ae836659dddfc28a03ad470c8f6ea1fd5

Request headers

Referer
https://js-sec.indexww.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
75d5dba90a17927d-FRA
content-encoding
br
content-type
text/html
date
Fri, 21 Oct 2022 00:25:47 GMT
expires
0
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jv4DOk%2Bo26%2B0p87I%2F68F4xhaMx2q6SEpJ5Wg8qDxX2WtunIkmQlX0nFweqRVphHozQwHJkfgg%2BaL9tJs3eDS8sy4GyLIn8xJP6528ADPFCDOuBF93hGaPRxuv0BGKuEAsr96Ahjd3Opswg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
async_usersync
ib.adnxs.com/ Frame 9161
0
741 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:47 GMT
AN-X-Request-Uuid
a4c160a1-8268-481e-8937-8b991abc5cbf
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
usermatchredir
ssum-sec.casalemedia.com/ Frame A7D7
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=Y1HnCearnhTxNBDTDKoqQAAABIMAAAIB&gdpr_consent=&us_privacy=&gdpr=
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESENFxw8XCtaVZpEChNeeUefE&google_cver=1
43 B
845 B
Image
General
Full URL
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESENFxw8XCtaVZpEChNeeUefE&google_cver=1
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D
Protocol
H3
Server
104.18.19.126 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:47 GMT
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JjV9axHPF%2B6zClE66xl7e9VCZgxSiLm927Fb7JNWPLBWRklwbAi9eWv7E2T%2Bd3Vc3h0ayjjewGTHDAUmhlxrJcWumb2L0JzmhZKjr1Sf4p9Kr74KtDnnlxz2kV%2B%2B21OQ%2FyF1%2BcKoro9xJg%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type
image/gif
cache-control
no-cache
cf-ray
75d5dba9fb84927d-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
0

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:47 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&google_gid=CAESENFxw8XCtaVZpEChNeeUefE&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
342
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
dcm
s.amazon-adsystem.com/ Frame A7D7
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y1HnCearnhTxNBDTDKoqQAAABIMAAAIB
  • https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y1HnCearnhTxNBDTDKoqQAAABIMAAAIB&dcc=t
43 B
855 B
Image
General
Full URL
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y1HnCearnhTxNBDTDKoqQAAABIMAAAIB&dcc=t
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
DDYF5F2XBGZD9RKPXG0Q
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
2T16KDH9S0MM2JH1GFP3
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=Y1HnCearnhTxNBDTDKoqQAAABIMAAAIB&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
casale
match.adsrvr.org/track/cmf/ Frame A7D7
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/casale
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Fri, 21 Oct 2022 00:25:47 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Y1HnCearnhTxNBDTDKoqQAAABIMAAAIB
pr-bh.ybp.yahoo.com/sync/casale/ Frame A7D7
43 B
601 B
Image
General
Full URL
https://pr-bh.ybp.yahoo.com/sync/casale/Y1HnCearnhTxNBDTDKoqQAAABIMAAAIB?gdpr_consent=&us_privacy=&gdpr=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:d29:3602:74b8:7100:b95b:ee2b Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
ATS /
Resource Hash
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:48 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
content-length
43
pixelSync
pixel-sync.sitescout.com/dmp/ Frame A7D7
0
191 B
Image
General
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma
no-cache
date
Fri, 21 Oct 2022 00:25:47 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
expires
Tue, 11 Oct 1977 12:34:56 GMT
crum
dsum-sec.casalemedia.com/ Frame A7D7
Redirect Chain
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=&gdpr_consent=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
rum
dsum.casalemedia.com/ Frame A7D7
Redirect Chain
  • https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1
  • https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1666398347
43 B
766 B
Image
General
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1666398347
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:47 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

location
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1666398347
pragma
no-cache
date
Fri, 21 Oct 2022 00:25:47 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
content-length
0
expires
0
rum
dsum.casalemedia.com/ Frame A7D7
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=index
  • https://ads.creative-serving.com/bsw_sync?bidswitch_ssp_id=index&bsw_custom_parameter=c355bcde-6eff-4a3f-92dd-5b40e7d86203
  • https://ads.creative-serving.com/ul_cb/bsw_sync?bidswitch_ssp_id=index&bsw_custom_parameter=c355bcde-6eff-4a3f-92dd-5b40e7d86203
  • https://x.bidswitch.net/sync?dsp_id=4&user_id=9f0a503c-d695-4b46-867d-63940af4d265&ssp=index&expires=30&user_group=5&bsw_param=c355bcde-6eff-4a3f-92dd-5b40e7d86203
  • https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c355bcde-6eff-4a3f-92dd-5b40e7d86203
43 B
766 B
Image
General
Full URL
https://dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c355bcde-6eff-4a3f-92dd-5b40e7d86203
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=497
Content-Length
43
Expires
0

Redirect headers

Location
//dsum.casalemedia.com/rum?cm_dsp_id=51&external_user_id=c355bcde-6eff-4a3f-92dd-5b40e7d86203
Date
Fri, 21 Oct 2022 00:25:48 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
cf0709de-10b7-424e-9eb2-e10859bca5eb
ex.ingage.tech/v1/sync/ix/ Frame A7D7
0
53 B
Image
General
Full URL
https://ex.ingage.tech/v1/sync/ix/cf0709de-10b7-424e-9eb2-e10859bca5eb?uid=Y1HnCearnhTxNBDTDKoqQAAABIMAAAIB
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?s=192379&cb=https%3A%2F%2Fex.ingage.tech%2Fv1%2Fsync%2Fix%2Fcf0709de-10b7-424e-9eb2-e10859bca5eb%3Fuid%3D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:53d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
cache-control
private, max-age=604800
access-control-allow-credentials
true
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
75d5dba9fc20bbf2-FRA
vary
Origin
predictedscorewidget
gsm-widgets.betstream.betgenius.com/widget-data/ Frame C6E3
14 KB
3 KB
XHR
General
Full URL
https://gsm-widgets.betstream.betgenius.com/widget-data/predictedscorewidget?group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033&productName=didna&region=HE&country=DE
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
184.24.9.11 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-24-9-11.deploy.static.akamaitechnologies.com
Software
istio-envoy / Express
Resource Hash
45546a616b6956e781ea24f44cb7bc87ff547979f110e6177404ca24d1b5fb62

Request headers

Accept
application/json
Referer
https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 21 Oct 2022 00:25:48 GMT
content-encoding
gzip
server
istio-envoy
x-powered-by
Express
etag
W/"385d-gZVQhrvGQcJqKPFGCwV2Wf8HZaQ"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
x-envoy-upstream-service-time
475
content-length
2484
gen_204
pagead2.googlesyndication.com/pagead/ Frame 55FE
0
20 B
Ping
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2635413403539&version=m202209210101&ct=76&x=1&cor=3937164023530862000
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:47 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame B450
32 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.77.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-77-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
256f6bec6a211d7c3445e856d793846aca14627b2d03c2186c6233140996c1d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 21 Oct 2022 00:25:47 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Oct 2022 18:37:59 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=29983
Connection
keep-alive
Content-Length
9454
Expires
Fri, 21 Oct 2022 08:45:30 GMT
crum
dsum-sec.casalemedia.com/ Frame 198F
Redirect Chain
  • https://secure.adnxs.com/getuid?https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=$UID
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2379152101782792133
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2379152101782792133
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fbearinsider.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:47 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:47 GMT
AN-X-Request-Uuid
e3598208-8629-4c4e-915e-5deab4579156
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=46&external_user_id=2379152101782792133
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 198F
Redirect Chain
  • https://ad.turn.com/r/cs?pid=21
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7150417697092662624
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7150417697092662624
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fbearinsider.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:47 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=4&external_user_id=7150417697092662624
pragma
no-cache
date
Fri, 21 Oct 2022 00:25:47 GMT
cache-control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length
0
p3p
policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
crum
dsum-sec.casalemedia.com/ Frame 198F
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=15&redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D3%26external_user_id%3D%5BMM_UUID%5D
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=851d6351-e70d-4d00-9b2d-68346ab854c9
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=851d6351-e70d-4d00-9b2d-68346ab854c9
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fbearinsider.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:49 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=500
Content-Length
43
Expires
0

Redirect headers

Date
Fri, 21 Oct 2022 00:25:49 GMT
Server
MT3 4539 98cc2da master nrt-pixel-x6 config:1.0.0
Content-Type
image/gif
Access-Control-Allow-Origin
*
location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=3&external_user_id=851d6351-e70d-4d00-9b2d-68346ab854c9
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control
no-cache
Connection
keep-alive
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 21 Oct 2022 00:25:48 GMT
rum
dsum-sec.casalemedia.com/ Frame 198F
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/ZMAwryCI?redir=https%3A%2F%2Fdsum-sec.casalemedia.com%2Frum%3Fcm_dsp_id%3D88%26external_user_id%3D%24%7BTM_USER_ID%7D&_test=Y1HnDAABh8ZSCwAW
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y1HnDAABh8ZSCwAW&_test=Y1HnDAABh8ZSCwAW
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y1HnDAABh8ZSCwAW&_test=Y1HnDAABh8ZSCwAW
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fbearinsider.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

x-served-by
cache-fra-eddf8230091-EDDF
pragma
no-cache
date
Fri, 21 Oct 2022 00:25:48 GMT
via
1.1 varnish
server
Varnish
x-timer
S1666311948.085184,VS0,VE0
x-cache
HIT
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=88&external_user_id=Y1HnDAABh8ZSCwAW&_test=Y1HnDAABh8ZSCwAW
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
crum
dsum-sec.casalemedia.com/ Frame 198F
Redirect Chain
  • https://b1sync.zemanta.com/usersync/index/?us_privacy=&gdpr=&gdpr_consent=
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fbearinsider.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=496
Content-Length
43
Expires
0

Redirect headers

Location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=17&external_user_id=
Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
Cache-Control
no-cache, no-store, must-revalidate
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Content-Length
95
Content-Type
text/html; charset=utf-8
pixelSync
pixel-sync.sitescout.com/dmp/ Frame 198F
0
191 B
Image
General
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=48
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fbearinsider.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.150 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma
no-cache
date
Fri, 21 Oct 2022 00:25:47 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
expires
Tue, 11 Oct 1977 12:34:56 GMT
crum
dsum-sec.casalemedia.com/ Frame 198F
Redirect Chain
  • https://sync.adotmob.com/cookie/indexexchange?r=https%3A%2F%2Fdsum-sec.casalemedia.com%2Fcrum%3Fcm_dsp_id%3D13%26external_user_id%3D%7bamob_user_id%7d%26expiration%3D%5bEXPIRATION%5d
  • https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]
43 B
766 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fbearinsider.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=499
Content-Length
43
Expires
0

Redirect headers

location
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=13&external_user_id=%7Bamob_user_id%7D&expiration=[EXPIRATION]
date
Fri, 21 Oct 2022 00:25:48 GMT
access-control-allow-credentials
true
x-powered-by
Express
keep-alive
timeout=5
vary
Origin
content-length
0
crum
dsum.casalemedia.com/ Frame 198F
Redirect Chain
  • https://dmp.brand-display.com/cm/api/index?cm_dsp_id=191&cm_user_id=%3cIndex_user_id%3e
  • https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=617b8c04-fbba-8703-d22d8ca4
43 B
766 B
Image
General
Full URL
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=617b8c04-fbba-8703-d22d8ca4
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fbearinsider.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
HTTP/1.1
Server
185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type
image/gif
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=1, max=498
Content-Length
43
Expires
0

Redirect headers

date
Fri, 21 Oct 2022 00:25:48 GMT
via
1.1 google
server
nginx/1.22.1
p3p
CP='This is not a P3P policy!'
access-control-allow-origin
*
location
https://dsum.casalemedia.com/crum?cm_dsp_id=191&external_user_id=617b8c04-fbba-8703-d22d8ca4
content-type
text/html; charset=utf-8
cache-control
max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
119
htw-pixel.gif
cdn.indexww.com/ht/ Frame 198F
43 B
352 B
Image
General
Full URL
https://cdn.indexww.com/ht/htw-pixel.gif?Y1HnCearnhTxNBDTDKoqQAAA%261155
Requested by
Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?d=https%3A%2F%2Fbearinsider.com%2F&s=184674&cb=https%3A%2F%2Fcdn.indexww.com%2Fht%2Fhtw-pixel.gif%3F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.13.76 Shahr, Iran, Islamic Republic Of, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://ssum-sec.casalemedia.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
cf-cache-status
HIT
last-modified
Tue, 24 Jan 2017 19:36:04 GMT
server
cloudflare
age
6959
etag
"da1f1d-2b-546dc3a097100"
vary
Accept-Encoding
content-type
image/gif
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
edge-control
cache-maxage=1h
cache-control
public, max-age=86400
accept-ranges
bytes
cf-ray
75d5dbaaf8799a1b-FRA
content-length
43
expires
Sat, 22 Oct 2022 00:25:47 GMT
nr-spa-1123.min.js
js-agent.newrelic.com/ Frame C6E3
34 KB
13 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-spa-1123.min.js
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a6c380163cfb4ec488d8231f891ae8deaa8d82ae8c18ba3a6d6a3b2168b3d1ef

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
null
content-encoding
gzip
via
1.1 varnish
date
Fri, 21 Oct 2022 00:25:47 GMT
x-amz-request-id
R2994Z47RVPERFFZ
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
12987
x-amz-id-2
/OSOdcgk4N+XHLtSm1aWeUSX46aNJb/gRux2B/hKLY2V8cKP7haP4/ASsFXFz4hAQLBjZcYHoKM=
x-served-by
cache-fra-eddf8230108-EDDF
last-modified
Fri, 22 Mar 2019 14:06:17 GMT
server
AmazonS3
x-timer
S1666311948.959330,VS0,VE0
etag
"73372dea50ae4e01a4e1d2f2b5cd5e6a"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
3
usync.html
eus.rubiconproject.com/ Frame CB09
Redirect Chain
  • https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?endpoint=us-east&p=insticator
  • https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
281 B
573 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Requested by
Host: ex.ingage.tech
URL: https://ex.ingage.tech/v1/syncPage/rubicon?userId=cf0709de-10b7-424e-9eb2-e10859bca5eb&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.77.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-77-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer
https://ex.ingage.tech/v1/syncPage/rubicon?userId=cf0709de-10b7-424e-9eb2-e10859bca5eb&to=https%3A%2F%2Fsecure-assets.rubiconproject.com%2Futils%2Fxapi%2Fmulti-sync.html%3Fendpoint%3Dus-east%26p%3Dinsticator
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 21 Oct 2022 00:25:48 GMT
ETag
"40014-119-5d32342a551c0"
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
Server
Apache/2.2.15 (CentOS)
Unused62
8096267
Vary
Accept-Encoding

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*
content-length
0
date
Fri, 21 Oct 2022 00:25:48 GMT
location
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
server
AkamaiGHost
892708b8e8
bam.nr-data.net/1/ Frame C6E3
49 B
615 B
Script
General
Full URL
https://bam.nr-data.net/1/892708b8e8?a=565797169&sa=1&v=1123.df1c7f8&t=Unnamed%20Transaction&rst=1697&ref=https://gsm-widgets.betstream.betgenius.com/predictedscore&be=1177&fe=1646&dc=1522&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1666311946290,%22n%22:0,%22f%22:1,%22dn%22:2,%22dne%22:49,%22c%22:49,%22s%22:55,%22ce%22:67,%22rq%22:67,%22rp%22:1161,%22rpe%22:1163,%22dl%22:1165,%22di%22:1185,%22ds%22:1522,%22de%22:1522,%22dc%22:1646,%22l%22:1647,%22le%22:1648%7D,%22navigation%22:%7B%7D%7D&jsonp=NREUM.setToken
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://gsm-widgets.betstream.betgenius.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 21 Oct 2022 00:25:48 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Transfer-Encoding
chunked
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Vary
Accept-Encoding
access-control-allow-credentials
true
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
CF-Ray
75d5dbab1cab9a33-FRA
ecm3
s.amazon-adsystem.com/ Frame B450
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
  • https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=PsBT2xjLSrOKknCur1viWg&rk=usync-na
  • https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=PsBT2xjLSrOKknCur1viWg
43 B
479 B
Image
General
Full URL
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=PsBT2xjLSrOKknCur1viWg
Protocol
HTTP/1.1
Server
52.46.128.147 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
4EGGAM8KAMRWVXCRQ6ZX
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=PsBT2xjLSrOKknCur1viWg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4b510f0cc5fcbc9800016ef543086418
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
rubicon
match.adsrvr.org/track/cmf/ Frame B450
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-type
image/gif
pragma
no-cache
date
Fri, 21 Oct 2022 00:25:48 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
ecm3
aax-eu.amazon-adsystem.com/s/ Frame B450
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
  • https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=JRyEHX_hTbKmVSeyNmqdMQ&rk=usync-other
  • https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=JRyEHX_hTbKmVSeyNmqdMQ
43 B
479 B
Image
General
Full URL
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=JRyEHX_hTbKmVSeyNmqdMQ
Protocol
HTTP/1.1
Server
52.95.122.74 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
EV9ZNG87BXEN3Z3D4AXD
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=JRyEHX_hTbKmVSeyNmqdMQ
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4b510f0cc5fcbc9800016ef543086418
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
setuid
px.ads.linkedin.com/ Frame B450
Redirect Chain
  • https://token.rubiconproject.com/token?pid=36584
  • https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L9HR3W9K-1G-6BCE
0
922 B
Image
General
Full URL
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L9HR3W9K-1G-6BCE
Protocol
H2
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date
Fri, 21 Oct 2022 00:25:47 GMT
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 07CBA4506AD244BCA04DEE3C8DE1CE3D Ref B: FRAEDGE1212 Ref C: 2022-10-21T00:25:48Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXrgHvClkzpoi7S/hKNuw==

Redirect headers

Location
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L9HR3W9K-1G-6BCE
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
pixel
cm.g.doubleclick.net/ Frame B450
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlIUjNXOUstMUctNkJDRQ==
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlIUjNXOUstMUctNkJDRQ==
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:48 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TDlIUjNXOUstMUctNkJDRQ==
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame B450
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/lOkZh9yak7U4v5CItoucQsn5EUdSAgOZEtemQ7w0kco?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=364683099468586370
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=364683099468586370
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
4b510f0cc5fcbc9800016ef543086418
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

date
Fri, 21 Oct 2022 00:25:48 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=364683099468586370
content-length
0
pixel
cm.g.doubleclick.net/ Frame B450
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZDA1MTczNWI3MWFjNjgzZjczMTVjYjdiZWE0ODVmYTVhYWI5YmU1Yg
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZDA1MTczNWI3MWFjNjgzZjczMTVjYjdiZWE0ODVmYTVhYWI5YmU1Yg
Protocol
H3
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:48 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ZDA1MTczNWI3MWFjNjgzZjczMTVjYjdiZWE0ODVmYTVhYWI5YmU1Yg
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
6f9fd0201ed801884e5299d5aabca094
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame B450
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELDIojQPqWkTGoVRWL8sYjU&google_cver=1
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELDIojQPqWkTGoVRWL8sYjU&google_cver=1
Protocol
HTTP/1.1
Server
69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
4b510f0cc5fcbc9800016ef543086418
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:48 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESELDIojQPqWkTGoVRWL8sYjU&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
usync.js
eus.rubiconproject.com/ Frame CB09
32 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.203.77.3 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-77-3.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
256f6bec6a211d7c3445e856d793846aca14627b2d03c2186c6233140996c1d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date
Fri, 21 Oct 2022 00:25:48 GMT
Content-Encoding
gzip
Last-Modified
Mon, 17 Oct 2022 18:37:59 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
Content-Type
text/html; charset=UTF-8
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=29982
Connection
keep-alive
Content-Length
9454
Expires
Fri, 21 Oct 2022 08:45:30 GMT
sync.php
pixel-us-east.rubiconproject.com/exchange/ Frame CB09
0
239 B
Image
General
Full URL
https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=insticator&khaos=L9HR3W9K-1G-6BCE
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?endpoint=us-east&p=insticator
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type
image/gif
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
X-RPHost
0190a17a18f2299b1b85aeb1793e601c
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
892708b8e8
bam.nr-data.net/events/1/ Frame C6E3
24 B
423 B
XHR
General
Full URL
https://bam.nr-data.net/events/1/892708b8e8?a=565797169&sa=1&v=1123.df1c7f8&t=Unnamed%20Transaction&rst=2163&ref=https://gsm-widgets.betstream.betgenius.com/predictedscore
Requested by
Host: gsm-widgets.betstream.betgenius.com
URL: https://gsm-widgets.betstream.betgenius.com/predictedscore?productName=didna&group[0][competitionId]=12156&group[1][competitionId]=432&group[2][competitionId]=610&group[3][competitionId]=597&group[4][competitionId]=190&group[5][competitionId]=296&group[6][competitionId]=1034&group[7][competitionId]=1033
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://gsm-widgets.betstream.betgenius.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
content-type
text/plain

Response headers

Date
Fri, 21 Oct 2022 00:25:48 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://gsm-widgets.betstream.betgenius.com
access-control-allow-credentials
true
Connection
keep-alive
CF-Ray
75d5dbadd8099a33-FRA
Content-Length
24
async_usersync
ib.adnxs.com/ Frame 9161
0
741 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.89.211.12 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS
947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net
Software
nginx/1.21.3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 21 Oct 2022 00:25:48 GMT
AN-X-Request-Uuid
ef1abbca-c068-4e23-9c8d-c5fb75cef55d
Server
nginx/1.21.3
Content-Type
text/html; charset=utf-8
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
X-Proxy-Origin
37.58.58.248; 37.58.58.248; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
01dbf856-b67a-4088-bd82-73445d4ab183.js
product.instiengage.com/ceu-code/ Frame FCA4
369 KB
88 KB
Script
General
Full URL
https://product.instiengage.com/ceu-code/01dbf856-b67a-4088-bd82-73445d4ab183.js
Requested by
Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/15d3358a-5086-4925-8bc6-c7a5c8559978.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:223d:b400:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d199391607ba200b28de4d86f36be065228f27c05bf11db5b4b0cdf00cf093da

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
ZJaBD0kLllOKeTdVHb7hG4awhk2cLAoR
content-encoding
gzip
via
1.1 626c544a24a86c6cd608360f520b6d8c.cloudfront.net (CloudFront)
date
Fri, 21 Oct 2022 00:25:50 GMT
last-modified
Tue, 04 Oct 2022 16:28:44 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P3
etag
W/"1ccbe31e418b1ced70bea7b6d1f58006"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=3600,public
x-amz-cf-id
DaN84VnLsudqMCKZr6Ih6eQhqabXdndsF-5x2qb3wV-1BgyXNYz8-Q==
analytics.js
www.google-analytics.com/ Frame FCA4
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: bearinsider.com
URL: https://bearinsider.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 20 Oct 2022 23:01:59 GMT
last-modified
Tue, 27 Sep 2022 22:01:05 GMT
server
Golfe2
age
5030
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20039
expires
Fri, 21 Oct 2022 01:01:59 GMT
/
geoip.instiengage.com/json/ Frame FCA4
241 B
426 B
XHR
General
Full URL
https://geoip.instiengage.com/json/
Requested by
Host: product.instiengage.com
URL: https://product.instiengage.com/ceu-code/01dbf856-b67a-4088-bd82-73445d4ab183.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.82.239.242 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
44793d44ea1bbc12dace2640119b71b42be35573ef979a8305066fa106f45930

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:50 GMT
access-control-allow-credentials
true
x-database-date
Thu, 20 Oct 2022 23:30:20 GMT
content-length
241
vary
Origin
content-type
application/json
logo-insticator-light-opt.png
static.instiengage.com/files/images/embed4.0/app/ Frame FCA4
4 KB
4 KB
Image
General
Full URL
https://static.instiengage.com/files/images/embed4.0/app/logo-insticator-light-opt.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:a400:17:5bae:c7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c7ed7ef9182dc5206d1b7a8038bcfe2b57fc1be96d78b75152e9b713ca4ef2d6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
T2IjPTIo4qchLnC2G3GrIcEa98kcWaxz
date
Fri, 21 Oct 2022 00:24:56 GMT
via
1.1 98bb66c97d4f153aac116d087b36dc40.cloudfront.net (CloudFront)
last-modified
Wed, 13 Jul 2022 16:30:10 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P2
age
62
etag
"591958545714b5567fc57c2f4c215b1c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
x-amz-replication-status
REPLICA
accept-ranges
bytes
content-length
3973
x-amz-cf-id
ZghniscSxyzSb_5PAeM9ve5OQfLfKyLqkgrnR_hSGGD2x2l7DsnUAg==
icon-check.png
static.instiengage.com/files/images/embed4.0/app/ Frame FCA4
649 B
1 KB
Image
General
Full URL
https://static.instiengage.com/files/images/embed4.0/app/icon-check.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:a400:17:5bae:c7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
151c4c52c25dd28c33321aaaeabe879c4814087d4eaf7545d93f5d81d4d1c4f3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
LAzj2T9To4nJbbC7ZHWfpQpTuFxrgcvY
date
Fri, 21 Oct 2022 00:24:14 GMT
via
1.1 98bb66c97d4f153aac116d087b36dc40.cloudfront.net (CloudFront)
last-modified
Wed, 06 Oct 2021 18:59:06 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P2
age
121
etag
"b673377b664a0b33454c267d911fcfc1"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
649
x-amz-cf-id
twldhJ_ZKHZ88XADs6FIoGNNSo9cVQIbuNthPyfi7xswkgDuqG95bA==
graphic-ooc-opt.png
static.instiengage.com/files/images/embed4.0/app/ Frame FCA4
5 KB
5 KB
Image
General
Full URL
https://static.instiengage.com/files/images/embed4.0/app/graphic-ooc-opt.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:a400:17:5bae:c7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
695ce10188e5306fcbf679b7cc125b6eac681d124a85a5908bbd8d0079a47e9a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
eOMnJSzBI81wb4OK.n4S.oHVD4IqRrSP
date
Fri, 21 Oct 2022 00:21:50 GMT
via
1.1 98bb66c97d4f153aac116d087b36dc40.cloudfront.net (CloudFront)
last-modified
Wed, 06 Oct 2021 18:59:05 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P2
age
275
etag
"3b5c1361f893cc23b07c2f3cc48cee32"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
image/png
accept-ranges
bytes
content-length
4833
x-amz-cf-id
Wkoo8v8robZNdD_KM7CAAEd96NO-ljdlsOL5nKX5fIVdqhjEzLfLnQ==
contents
cms.instiengage.com/v3/ Frame FCA4
18 KB
18 KB
XHR
General
Full URL
https://cms.instiengage.com/v3/contents?embed_uuid=01dbf856-b67a-4088-bd82-73445d4ab183&cookie_id=null&content_order=RANDOM&for_embed=true&content_count=20
Requested by
Host: product.instiengage.com
URL: https://product.instiengage.com/ceu-code/01dbf856-b67a-4088-bd82-73445d4ab183.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.200.112.63 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
eb8bfc1324f089a7d1ff198649c86d275717397cfb5d27636e2094a2a085070f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

access-control-allow-origin
https://bearinsider.com
date
Fri, 21 Oct 2022 00:25:50 GMT
access-control-allow-credentials
true
content-length
18520
vary
Origin
content-type
application/json
collect
www.google-analytics.com/j/ Frame FCA4
4 B
24 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j98&a=1973623480&t=pageview&_s=1&dl=about%3A%2F%2F%2Fblank&dr=https%3A%2F%2Fbearinsider.com%2F&dp=%2F15d3358a-5086-4925-8bc6-c7a5c8559978&ul=en-us&de=UTF-8&sd=24-bit&sr=1600x1200&vp=300x350&je=0&_utma=124379541.1222672303.1666311943.1666311943.1666311943.1&_utmz=124379541.1666311943.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)&_utmht=1666311949876&_u=YQBCAGABAAAAACAEI~&jid=1830300554&gjid=605388153&cid=1222672303.1666311943&tid=UA-123718506-11&_gid=1506024288.1666311950&_r=1&_slc=1&z=1243375565
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ Frame FCA4
4 B
25 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-123718506-11&cid=1222672303.1666311943&jid=1830300554&gjid=605388153&_gid=1506024288.1666311950&_u=YQBCAGAAAAAAACAEI~&z=1322091791
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c00::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 21 Oct 2022 00:25:49 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://bearinsider.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ Frame FCA4
42 B
63 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-123718506-11&cid=1222672303.1666311943&jid=1830300554&_u=YQBCAGAAAAAAACAEI~&z=549193877
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:49 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ Frame FCA4
42 B
501 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-123718506-11&cid=1222672303.1666311943&jid=1830300554&_u=YQBCAGAAAAAAACAEI~&z=549193877
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 21 Oct 2022 00:25:50 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
RF3W-bPdBTU
static.instiengage.com/content_images/unsplash/ Frame FCA4
106 KB
106 KB
Image
General
Full URL
https://static.instiengage.com/content_images/unsplash/RF3W-bPdBTU
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2315:a400:17:5bae:c7c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bd033faef5d1c120aeadef08c67ca30ed9f779a79d019a7b853489db7efb2ec8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

x-amz-version-id
HmfBc8TpncIJtiy2SzOF9ZptKvsx58vI
date
Fri, 21 Oct 2022 00:25:51 GMT
via
1.1 98bb66c97d4f153aac116d087b36dc40.cloudfront.net (CloudFront)
last-modified
Mon, 29 Aug 2022 16:53:18 GMT
server
AmazonS3
x-amz-cf-pop
DUS51-P2
etag
"6721251935963419387fe8347018f572"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/octet-stream
cache-control
max-age=31536000,public
accept-ranges
bytes
content-length
108362
x-amz-cf-id
mLuOJyfV8EgaGtTLbTShhqbxAMC3qyusoDA9GRLe2YbWY3D0NSXotw==

Verdicts & Comments Add Verdict or Comment

289 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| 20 object| 21 object| 22 object| 23 object| 24 object| 25 object| 26 object| 27 object| 28 object| 29 object| 30 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| jwDefaults object| webpackChunkjwplayer function| jwplayer object| Accept string| cdnPath string| encryptEndPoint object| FB string| gaqSubscription string| gaqTemplate string| gaqAggieStatus boolean| gaqUtility function| $ function| jQuery object| siteConfig object| _gaq object| spinOpts object| loadOpts function| admiral object| googletag function| EventHandler object| page object| MediaItemType object| whiteOverlay object| std function| stdPager function| dateFormat object| utility function| onForumsCaptchaLoad object| stories object| premium object| sports object| DropDown object| recruits object| pickoff object| helpcenter object| sf object| searchAds object| nonuseremails object| authorizenet object| stripePayments object| namingConventionComponentLoader function| loadRemoteResources object| eventEntry object| general object| forums object| potd object| mod object| account object| benefits object| popups object| images object| modules object| messages object| media object| chat object| profile object| dashboards function| jAlert function| jConfirm function| jPrompt function| jChoice object| didna object| hindsight function| Spinner function| PhotoSwipe function| PhotoSwipeUI_Default function| EventEmitter object| eventie function| imagesLoaded object| core object| __core-js_shared__ function| setImmediate function| clearImmediate object| regeneratorRuntime function| SimpleBar object| ko object| __buffer function| ObservablePromise function| AccountSettingsViewModel function| AccountDashboardViewModel function| DashboardViewModel function| DashboardItemViewModel function| ModerationDashboardViewModel function| FlaggedPostRowViewModel function| NotificationDashboardViewModel function| NotificationDashboardItemViewModel function| PrivateMessagesDashboardViewModel function| PrivateMessageRowViewModel function| NilCounterViewModel function| NotificationsViewModel function| NotificationViewModel function| EditNotificationModal function| DropdownOption function| TailgateRegistrationViewModel function| TailgateTicketLevelViewModel function| TailgateAttendeeViewModel function| TailgateShirtSizeViewModel object| ggeac object| google_tag_data object| google_js_reporting_queue object| INT_DIDNA_CONFIG object| DIDNA_CONFIG function| getMediaLayout function| mergeConfig object| _gat object| gaGlobal object| pbjsChunk object| pbjs object| _pbjsGlobals object| ADAGIO object| mnet string| nobidVersion object| nobid object| __s object| instgrm function| 4dm1r11545242527 undefined| google_measure_js_timing object| CKEDITOR function| Picker object| headertag function| fbq function| _fbq function| submitPoll object| Insticator object| twttr object| __twttr function| a0_0x1348 function| a0_0x5ade object| confiant object| __twttrll object| $jscomp function| $jscomp$lookupPolyfilledValue object| InsticatorApp string| insticatorHeaderCodeVersion object| __webpack_exports__ object| instBid object| ads_list object| embeds_list boolean| isPageviewSent object| federatedObj object| InsticatorXmess object| instBidChunk object| __connect object| owpbjsChunk object| owpbjs object| PWT string| partnerName string| key object| googleToken object| googleIMState function| processGoogleToken number| google_unique_id boolean| isReady object| GoogleGcLKhOms function| lotameIsCompatible function| sync16589_c function| sync16589_d undefined| sync16589_e undefined| sync16589_f undefined| sync16589_g function| sync16589_h object| sync16589_j function| sync16589_k function| sync16589_l object| sync16589_ object| sync16589_la function| sync16589_a function| sync16589_b function| sync16589_i function| sync16589_m function| sync16589_n function| sync16589_o function| sync16589_p function| sync16589_aa function| sync16589_q function| sync16589_r function| sync16589_s function| sync16589_t function| sync16589_u function| sync16589_ba function| sync16589_ca function| sync16589_v function| sync16589_da function| sync16589_w function| sync16589_x function| sync16589_y function| sync16589_ea function| sync16589_z function| sync16589_A function| sync16589_B function| sync16589_C function| sync16589_D function| sync16589_E function| sync16589_F function| sync16589_G function| sync16589_H function| sync16589_I function| sync16589_fa function| sync16589_J function| sync16589_K function| sync16589_ga function| sync16589_ha function| sync16589_L function| sync16589_M function| sync16589_ia function| sync16589_ja function| sync16589_ka function| sync16589_N function| sync16589_O function| sync16589_P function| sync16589_Q function| sync16589_R function| sync16589_S function| sync16589_T function| sync16589_U function| sync16589_V function| sync16589_W function| sync16589_X function| sync16589_Z function| sync16589_Y function| sync16589__ function| sync16589_0 function| sync16589_1 function| sync16589_2 function| sync16589_4 function| sync16589_5 function| sync16589_ma function| sync16589_3 function| sync16589_7 function| sync16589_6 function| sync16589_na function| sync16589_8 function| sync16589_oa function| sync16589_9 function| sync16589_pa function| sync16589_$ function| sync16589_qa object| lotame_sync_16589 object| ox_esp object| criteo_syncframe_state object| criteo_pubtag object| criteo_identitytag_131 object| Criteo object| Criteo_identitytag_131 object| signal_decrypted function| __esp_getUID2Async object| __uid2 function| confiantDfpWrap object| google_image_requests

83 Cookies

Domain/Path Name / Value
.authorize.net/ Name: __cfruid
Value: b5b5aeb2ef0036b7151ed0ba3d57fb11289639ed-1666311940
.bearinsider.com/ Name: __utma
Value: 124379541.1222672303.1666311943.1666311943.1666311943.1
.bearinsider.com/ Name: __utmc
Value: 124379541
.bearinsider.com/ Name: __utmz
Value: 124379541.1666311943.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.bearinsider.com/ Name: __utmt
Value: 1
.bearinsider.com/ Name: __utmb
Value: 124379541.1.10.1666311943
.bearinsider.com/ Name: _fbp
Value: fb.1.1666311943415.1265420642
.rubiconproject.com/ Name: khaos
Value: L9HR3W9K-1G-6BCE
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB0q1khg8rFvVLJGe4Ni1ThWK2euPP2lVg3CRi4Lg8bJK4QuHFU+4BDePUuHS8zllH0axGK9CJk2kyYbB5SW5XQ3VHTdFyFATuGma+WVcS1g3g==
.bearinsider.com/ Name: InstiSession
Value: eyJpZCI6ImU3MTZhMTI0LWY5NTktNDJhNi04ZDNmLTc2NjkwMTk5Y2RkMiIsInJlZmVycmVyIjoiIiwiY2FtcGFpZ24iOnsic291cmNlIjpudWxsLCJtZWRpdW0iOm51bGwsImNhbXBhaWduIjpudWxsLCJ0ZXJtIjpudWxsLCJjb250ZW50IjpudWxsfX0=
bearinsider.com/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
bearinsider.com/ Name: hb_insticator_uid
Value: cf0709de-10b7-424e-9eb2-e10859bca5eb
ads.resetsrv.com/ Name: ckbk
Value: 000000CDFF4B8931
.prebid.a-mo.net/ Name: __amc
Value: 1_1666311943_1666311943
.bearinsider.com/ Name: _awl
Value: 2.1666311944.0.5-88d13675d7cb9e1b43302c9ef81e8812-6763652d6575726f70652d7765737431-0
.bearinsider.com/ Name: _pubcid
Value: dcb72204-790a-4ab7-9ad9-51312da3e17f
.adnxs.com/ Name: icu
Value: ChgIqql7EAoYASABKAEwiM7HmgY4AUABSAEQiM7HmgYYAA..
.adnxs.com/ Name: uuid2
Value: 2379152101782792133
bearinsider.com/ Name: visitorGeo
Value: DE
bearinsider.com/ Name: visitorCity
Value: Essen
bearinsider.com/ Name: visitorIP
Value: 37.58.58.248
.go.sonobi.com/ Name: HAPLB8G
Value: s8540|Y1HnC
.technoratimedia.com/ Name: tads_uid
Value: GDPR
.doubleclick.net/ Name: IDE
Value: AHWqTUkVnrSyalyNOtSGlxBoRkXpuD4UBYh-oHP961jd-pnns6WcNGhs3sqXmFSyS8k
.bearinsider.com/ Name: __gpi
Value: UID=00000b75d06c9ced:T=1666311944:RT=1666311944:S=ALNI_MZoLP__JILQ9tZiWndAgw-Grh_aiw
.criteo.com/ Name: uid
Value: ec603c6b-fa54-4720-a208-cc50760275e4
.openx.net/ Name: i
Value: 4dd16bdc-0b73-4e5f-af73-69b157ce1eab|1666311945
.casalemedia.com/ Name: CMID
Value: Y1HnCearnhTxNBDTDKoqQAAA
.casalemedia.com/ Name: CMPS
Value: 1155
.casalemedia.com/ Name: CMPRO
Value: 1155
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2C$O>F.C=!@wnfH8K6pQK`!5=E<*L5?%M%2DVKo739p'5rcwQ4ti=-hfyvuC*lkIsUF_D%nugO%v4VB%nlmm)yA8H
.spotxchange.com/ Name: audience
Value: e773ccca-50d6-11ed-8fdd-1984e64b0206
.yahoo.com/ Name: A3
Value: d=AQABBAnnUWMCENYoUdbz0xkMddNer-ctnh8FEgEBAQE4U2NbYwAAAAAA_eMAAA&S=AQAAAkVAU-Mo7wyx6eHt4jDhPd0
.bearinsider.com/ Name: cto_bundle
Value: Q38xSF9hQnZKdWNPc2FlR3pIRTlzVUl6N1I2dk1OVDRvRHJGRTZGRkdEQUNmTndPYklpYkEzRWdSbFBqMzBIWlZpZGlONUxkSVklMkJ0N3Y0cU55RW1HdURsaldWOE9TSEtrYlpCQTdDZFBERFFxMzAzUyUyRnI0VjlXcm85S3dmM1NmMkw3MHJGeVFjQTIwZURpM3daVkFhckE1S2p3JTNEJTNE
.analytics.yahoo.com/ Name: IDSYNC
Value: 18yl~27u0
.bearinsider.com/ Name: __gads
Value: ID=ec38125e851960d1:T=1666311944:S=ALNI_MahOkCUVLxbrDzCc5xeTu8ZbIYBQA
.blau.de/ Name: webShopPV
Value: ?partnerId=BLU_DSP_TRA_HAV_34114_PV&mediacode=26952485_4307561_342686903_154735167_PO2703A20220908&ref=26952485_4307561_342686903_154735167_PO2703A20220908
.connextra.com/ Name: CxtId
Value: 61b4752f-686a-4aeb-9296-eaa116ecc8b5
.connextra.com/ Name: DiDNAGroup
Value: A%7Cpostimpression%7C1%7C202210210125%7C9%7Cdidna_didna_300x250_placement5%7CDiDNA_predictedscorewidget_300x250_widget%7C%7C%7CycAdhpslSd2Wb5zi0sqamw
bearinsider.com/ Name: _lr_retry_request
Value: true
bearinsider.com/ Name: _lr_env_src_ats
Value: false
.w55c.net/ Name: wfivefivec
Value: Uc6qo5l21OLFR95
.servenobid.com/ Name: pid_312
Value: 2379152101782792133
.technoratimedia.com/ Name: tads_ipv6
Value: 2a00:c98:2030:a004:1::4
.w55c.net/ Name: matchmedianet
Value: 5
bearinsider.com/ Name: pbjs-unifiedid
Value: %7B%22TDID_LOOKUP%22%3A%22FALSE%22%2C%22TDID_CREATED_AT%22%3A%222022-10-21T00%3A25%3A47%22%7D
.ads.pubmatic.com/ Name: KCCH
Value: YES
.bidswitch.net/ Name: c
Value: 1666311947
.bidswitch.net/ Name: tuuid_lu
Value: 1666311947
.bidswitch.net/ Name: tuuid
Value: c355bcde-6eff-4a3f-92dd-5b40e7d86203
ex.ingage.tech/ Name: instUid
Value: cf0709de-10b7-424e-9eb2-e10859bca5eb
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-838b20d9-fbe9-470a-82c5-3a2528df1d54-003%22%2C%22zdxidn%22%3A%222069.50%22%2C%22nxtrdr%22%3Afalse%7D
.betweendigital.com/ Name: dc
Value: lux1
.betweendigital.com/ Name: tuuid
Value: 10b4d290-5fd7-5226-997d-2ee7fa2cc9ec
.betweendigital.com/ Name: ss
Value: 1
.betweendigital.com/ Name: ut
Value: Y1HnCwAMJWBDMkJ4tvKHn03l9et-XwDXE919VA==
.media.net/ Name: data-xu
Value: Uc6qo5l21OLFR95~~8
.turn.com/ Name: uid
Value: 7150417697092662624
.aralego.com/ Name: gdpr
Value: 1
.aralego.com/ Name: sspid
Value: a94c6ed3-7c51-343c-8fd7-815a0701044c
.media.net/ Name: data-bs
Value: c355bcde-6eff-4a3f-92dd-5b40e7d86203~~1
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Y1HnDAABh8ZSCwAW
.brand-display.com/ Name: _knxq_
Value: 617b8c04-fbba-8703-d22d8ca4.1666311948.0.1666311948.1666311948
.creative-serving.com/ Name: tuuid
Value: 9f0a503c-d695-4b46-867d-63940af4d265
.creative-serving.com/ Name: c
Value: 1666311948
.creative-serving.com/ Name: tuuid_lu
Value: 1666311948
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&61b3f430-ac13-496f-8545-2c781c286f28"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NjYzMTE5NDg7MjswMjFDYDkTg2nrG7xUWypPoqpWUkk32i0ImUvXNyKXs18eTg==
.linkedin.com/ Name: lidc
Value: "b=TGST03:s=T:r=T:a=T:p=T:g=2858:u=1:x=1:i=1666311948:t=1666398348:v=2:sig=AQHhS8gjB5ehxWIj8C8OoiwjNOIpFe1T"
.amazon-adsystem.com/ Name: ad-id
Value: A7RJyMPKykPVp1hPFRi6DP4
.sportradarserving.com/ Name: zuuid
Value: 284e106f-59c8-410c-afa3-e774aeeb658b
.sportradarserving.com/ Name: c
Value: 1666311948
.sportradarserving.com/ Name: zuuid_lu
Value: 1666311948
.sportradarserving.com/ Name: zuuid_k
Value: 1
.sportradarserving.com/ Name: zuuid_k_lu
Value: 1666311948
.nr-data.net/ Name: JSESSIONID
Value: 14b94206409898df
.mathtag.com/ Name: uuid
Value: 851d6351-e70d-4d00-9b2d-68346ab854c9
.casalemedia.com/ Name: CMTS
Value: 5243
bearinsider.com/ Name: _ga
Value: GA1.1.1222672303.1666311943
bearinsider.com/ Name: _gid
Value: GA1.1.1506024288.1666311950
bearinsider.com/ Name: _gat
Value: 1

3 Console Messages

Source Level URL
Text
network error URL: https://api.rlcdn.com/api/identity?pid=2&rt=envelope
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://us.connextra.com/dcs/tagController/tag/268336296bbf/predictedscorewidget
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=88
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=2592000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4adee4e343060c7223015ae6c8ce6525.safeframe.googlesyndication.com
a.sportradarserving.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad-cdn.technoratimedia.com
ad.turn.com
ads.betweendigital.com
ads.creative-serving.com
ads.pubmatic.com
ads.resetsrv.com
ads.servenobid.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
as-sec.casalemedia.com
auth.instiengage.com
b1sync.zemanta.com
bam.nr-data.net
bcp.crwdcntrl.net
bearinsider.com
biddr.brealtime.com
btlr.sharethrough.com
c.bannerflow.net
c2shb.ssp.yahoo.com
casale-match.dotomi.com
cdn.confiant-integrations.net
cdn.id5-sync.com
cdn.indexww.com
cm.g.doubleclick.net
cms.instiengage.com
connect.facebook.net
content.jwplatform.com
contextual.media.net
cs.media.net
d3lcz8vpax4lo2.cloudfront.net
df80k0z3fi8zg.cloudfront.net
didna-d.openx.net
dis.criteo.com
dmp.brand-display.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
dt.adsafeprotected.com
esp.rtbhouse.com
eus.rubiconproject.com
event.insticator.com
ex.ingage.tech
f5s-cdn.azureedge.net
f5s.blob.core.windows.net
f5s008media.blob.core.windows.net
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
geoip.insticator.com
geoip.instiengage.com
get.s-onetag.com
google-bidout-d.openx.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gsm-widgets.betstream.betgenius.com
gum.criteo.com
hb.emxdgt.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
ib.adnxs.com
id.sharedid.org
id5-sync.com
image6.pubmatic.com
image8.pubmatic.com
insticator-d.openx.net
insticator.technoratimedia.com
invstatic101.creativecdn.com
js-agent.newrelic.com
js-sec.indexww.com
js.authorize.net
lumpylumber.com
match.adsrvr.org
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-geo.s-onetag.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel-us-east.rubiconproject.com
pixel.rubiconproject.com
platform.instagram.com
platform.twitter.com
pm.w55c.net
portal.blau.de
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prebid.media.net
prod.uidapi.com
product.instiengage.com
protected-by.clarium.io
px.ads.linkedin.com
readymoon.com
s.amazon-adsystem.com
s0.2mdn.net
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
signal-beacon.s-onetag.com
signal-segments.s-onetag.com
ssc-cms.33across.com
ssc.33across.com
ssl.connextra.com
ssl.google-analytics.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.criteo.net
static.instiengage.com
stats.g.doubleclick.net
storage.googleapis.com
sync-tm.everesttech.net
sync.1rx.io
sync.adotmob.com
sync.aralego.com
sync.mathtag.com
sync.search.spotxchange.com
sync.teads.tv
syndication.twitter.com
tags.crwdcntrl.net
token.rubiconproject.com
tpc.googlesyndication.com
u.openx.net
upload.wikimedia.org
ups.analytics.yahoo.com
us-u.openx.net
us.connextra.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagservices.com
www.instagram.com
x.bidswitch.net
103.229.205.243
104.17.120.107
104.18.12.76
104.18.13.76
104.18.17.243
104.18.18.126
104.18.19.126
104.244.42.72
104.75.89.75
104.79.88.129
13.32.121.63
138.197.55.50
141.148.45.191
141.95.98.64
142.250.184.226
142.250.185.98
143.204.89.74
147.75.85.234
151.101.1.108
151.101.130.49
151.101.194.137
162.247.241.14
178.250.0.157
178.250.2.151
18.156.0.31
18.64.79.25
18.66.248.112
18.66.97.88
184.24.9.11
185.183.112.155
185.64.189.112
185.80.39.216
185.89.210.20
185.89.211.12
185.94.180.125
188.42.196.115
192.96.200.41
198.47.127.18
198.47.127.19
199.232.136.157
20.150.39.132
20.60.20.68
2001:678:cb4:bbbb::11
213.19.147.45
23.203.66.225
23.203.77.3
2600:1901:0:328a::1
2600:1901:0:d733::1
2600:1f13:800:7780:69dc:792d:e369:44d1
2600:9000:223d:b400:9:78a:e540:93a1
2600:9000:223f:9a00:8:48e:53c0:93a1
2600:9000:2251:400:10:3422:3f00:21
2600:9000:225e:3a00:1:a3fa:7cc0:93a1
2600:9000:2315:a400:17:5bae:c7c0:93a1
2600:9000:2491:4400:1c:386f:ec80:21
2602:803:c004:200::141
2606:2800:233:f76:14f7:d635:25c4:c8d7
2606:4700:10::6816:3456
2606:4700:10::6816:53d
2606:4700::6810:c40
2606:4700::6812:116b
2620:0:862:ed1a::2:b
2620:1ec:21::14
2620:1ec:bdf::45
2a00:1450:4001:801::2008
2a00:1450:4001:803::2002
2a00:1450:4001:808::2006
2a00:1450:4001:80b::2002
2a00:1450:4001:80e::2003
2a00:1450:4001:80f::2001
2a00:1450:4001:80f::200e
2a00:1450:4001:827::2003
2a00:1450:4001:828::2002
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2004
2a00:1450:4001:82f::2002
2a00:1450:4001:830::200a
2a00:1450:4001:831::2001
2a00:1450:4001:831::2002
2a00:1450:4001:831::2010
2a00:1450:400c:c00::9d
2a02:2638:1::3
2a02:2638::1c
2a02:fa8:8806:13::1400
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a03:2880:f21c:81c4:face:b00c:0:43fe
2a03:2880:f21c:81e5:face:b00c:0:4420
2a05:d018:d29:3602:74b8:7100:b95b:ee2b
3.120.52.251
3.122.72.111
3.125.10.252
3.139.232.239
3.82.239.242
34.102.146.192
34.107.148.139
34.111.151.213
34.120.107.143
34.120.133.55
34.149.20.76
34.200.112.63
34.96.70.87
34.98.64.218
35.157.30.208
35.168.146.216
35.190.39.111
40.119.40.202
52.16.17.93
52.215.122.206
52.223.40.198
52.28.133.144
52.28.203.152
52.29.149.17
52.36.23.219
52.46.128.147
52.95.122.74
54.194.79.34
54.75.88.22
66.155.71.150
67.202.105.23
69.166.1.8
69.173.144.139
69.173.144.165
69.173.151.100
70.42.32.127
72.251.249.9
82.113.101.236
88.221.168.201
95.101.200.23
01468d0365981ec4c5b2ac916a2df5ed997ab8fd45e6123ea68a117f72ae83e3
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
038e7bcb2f6e10a1f4a8242a8b4d897bd0d3d41b7d296f71d54b400cb8590721
0570ae40ab14f165f549d180e14c59fcd5744a3663c62e52e235012abfa14037
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
060cf77e632908fa1df556b671306619e734d4ba15e1e05eaaa38c92352cb93e
06da16002b06a44b36022933c8aa72978db6661c4491e40f81ab16ac9b9833d5
0744134e11772193275ccbb074d97b0709fedf96a40cea21a36b5f8912709b0f
094b946adc39ade08f6d927ea066c8fef3ba6ee5c12919873172315ef7428e92
0aa6a7045a55ddcb25bbee4d1edcb864081cf59f7fc9bdc1ada22a32ed4ad3ad
0b124faf401871a12369d10407bb8589005311e85216dc65f1ceec1ca6b707e6
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
1001d02a94adcf09231d1f5168e3f9555b8ea7a747f446154e1092e6bae7077c
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1283790d9ba35e73ff419fb0ed214fdb7c6bc29ca9ee630aca2d17820b2cd4d3
12ad5c68ff9467e07f805c5537e4d4c7454434de12b7da994a63d9aa396a8288
151c4c52c25dd28c33321aaaeabe879c4814087d4eaf7545d93f5d81d4d1c4f3
15c554e216e271fceae375c36374b1d28518969003a01915bc64f820f31be7a7
1681cb2b2db935f48c843351945df3f3f77f79c1c8de28c4fa88d8b655c25ae2
1be8248f466945478b4e2d7438cb1e81068549f6785d08c8d25121159c1d71cf
1e73777f32fdadc9137db91d5a23a62cbe3940b540ffba10fb93678b4624cabb
1f1a5a2ed0d8459d6359475a13a5625c141506fd51e87d07109a6acac7ad103c
218685548113942d02fe914a90711c9b02a9100e4f6215f7d244d7683c260066
236910ee51f041c8b421955b1b149250536436b2732372e2279a43816d3b109b
23bc1d893ce2d2f30b68e549aa3cb991c2a7b7dd87e3df67d9fbb6a8dd113bf8
23cbabdd9fd6d02ad40ec899f459710c56579f1d5ca5c55bae43b67c557c0dfa
243ffb98099f4879764870b76b08cf1d85731b18d05c1b84fd4068af8af780c6
256f6bec6a211d7c3445e856d793846aca14627b2d03c2186c6233140996c1d5
27cee90d41dec7907b22a3fb792fbb745242aed3c6a9ce57f7e1236fbbb2aa2e
28ba5785e9485b1031c773b928840f43943cc326be6bd12afc92b60d65167571
2a04fa46b4ebc4bb2c93126695f45b0acf711870e1f169bb95247592c28c24a8
2a477f97429c3535ffe5572338afc5d303547f2902153f1ebccaa76d0d5d6034
2a79d9d59e4c07752c78abc5f0243cecb939729e0728f347671fcd3a219e9b3f
2d86a1b94fed3b4569650a6a3df0f3ea675076948b6309e05a09ef7ae7e83b97
2dc1f1b8e21a7e85f0be782731a130fc669099d490749e39d309b87bf72b6375
2f7fb6e64d8fab635bb3d30224d772f607d37764e65cc73be4ec74ee9566b103
30568976ec60901c83df619811ae5d473e0be11cbbda09e6433173ccfa06cd8a
30f5b40cca5295366b773b660839831f42e5d67aeeccd7198e610ee32dde249d
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
32b61feee0df71fa8ac78c8b2c85b68e574536b2fd6380dcd39dfe5eb24cdbd5
32dcb7b5d0e79583353a56225e4d8097e004103102d584e245d1b96547f9948d
33cba9eeba7005d93b750ec376f71bf0cb042e7dd0669081bdbe055426cc2924
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
35658f036bb7be1e7d5552e952754e1b915f75c26440945c8e0e9569659a4aca
36baaaaa36dbb3fde09d9a1fa1210b50e8453eaded0d6148e5a641f2be624994
37a59d47c0adfac7ab5acbb4be9ae2c15d041ef669a26c57d94b3ba314f80792
37ab5c060ae53ccda75b8bd212d874a17650f7954b11c4e31f568990ab40196b
391034e31682ee92c9e9acf21506ccfada120c79a939a4511c7625c20fc416a1
3af043b3af56e8b7829c712f913a3fe3f23fe90c09ff6d6a240d7900158f0c29
3b036f9d469341d7f376f3b63c64d302e796d186c4980ff15a750dac7c813cdf
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3d89de2962a7a9582283b1d1ab5bb1138b1ddbb3c36865bb5860912f13c2dd7c
3e20a1bf78b9f941b88deeea294d8a953e9871afb8cc355fc9665df4ffbc5bc4
3e86157053770a3cdeb7a91f2bbd0e933894a401486840d2ffdd6b0fc27fa584
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
410082b276bd6e81b76227c4ba9799e819b96e53e1efd26327fdd428f69b33bc
4351a82e34ba7ad1e6ac887e293cdc37fd3a0bc9b1782a0f57be05518b677a4c
43676543e19de1fc36c90ef1ab1dca5dab0661afde678c7e00d4924ea4903a97
43e70276f3c10173468a6483148f11460b5ac423d25f01ad918246b116faa8e4
44793d44ea1bbc12dace2640119b71b42be35573ef979a8305066fa106f45930
45546a616b6956e781ea24f44cb7bc87ff547979f110e6177404ca24d1b5fb62
4596b0c0a2aae993a54464248cfaec870f24f2219fc55e86ed3fe89b52feffc3
45bc75820c2292bf64b74af20b9785c4a053608816b7d0c05bdc968e8e9de805
467219fc1bdbb650d1ac8b6cd19427235232416bea92a7846ee770fd9390b5e3
479d14940f56ee8623ea8f23f2a9df9130bf7dbbb8f70dfca2886e9a28ff1ee5
47cfc09a6ea16b0f1d8b24198ba3a023f5571ecb502b3b9321b8f2aa8ac64b90
4842db5c889237898bf23769933570b1785aa50d7284a953cd2e3b58820ec485
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
49c1c5dbbcc01db1e9b5908b2f88d3a0142f89c24e2f1e551f5cd953452872e6
4acddac1a60a29d1d0890f2eac91d4a19bcb3246de7c6ea877548ca9510c5f65
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4bb5956b8dbe7c7996feca74a169eea9ae4e6130831c3ed3c22d0db8830dcac4
4ddf846533dbdfeadfb689dad3bb5e90e6057c0dfdc0657e6f35d003a38cf730
4dfccead154e05c830b54f0c4d72641d8f8d6e2200d6ec0faa4ee73e03c37a30
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e4e796a542de8d37c08383c4b0f1deb7a0f1a2343d3c731fc9239ab0a89137c
4f6885febd5d6acf6dd236c07d6b3e3ae836659dddfc28a03ad470c8f6ea1fd5
50327989cbdf5f6c410b391fd183d0b399617bcf8e13eab6fcd062a501d795d5
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51c94bb53e9a69aa441ddd93c5874e0e9d5edccd2aa31d8377753726cb137b8a
534dd5fa0bf5011564bc58d17509b66bc0ca4f67065b9d3217290d2182674cfd
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55accff7b642c2d7a402cbe03c1494c0f14a76bc03dee9d47d219562b6a152a5
570f78d728c94a7c5310b1e8d9e819a5f799a1014fe338c5fa4dc426a5fde7dc
58b603271da250778cca7450c81343eba7a896c87d93812f4de54ca5e1108488
5b64c1713b0ca73893780f4857db46e6ed55e41a4f3cb5a065f32af161dad8ec
5ba60f8e2a5f07c6c9eeea935fe824513ffd63ce10b432856a15acae2c36d41a
5d048d1ba1fb1f78e38c3e0cc432db86fb8138d98d4b61242b1b7951f62208b1
5dc828faaec7dde7186d4c024ae51126ab5aa1d73c130528b7fcd6787c11eaa7
5f77d389ae7d5ff344e07d05a397ce1a495243eceb060ae8d7e191666e943563
60a27160d65e2b27e63cfae136b04f562119e53b860bfee28e9cf7739bf74c45
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
6297df6d47d26c25f16327e1c256e5733521a3133c8908a3f7b187617f1d9d78
6497da46e526c0eaa827bf692f829012fa40ada5c0a9ef0124296d64ee71a00e
65e449ba28b14b2cc103087acfe38f8800cebb19b4b573df7599779e68a3006f
65ec5e0481c4ceacde8c5e8fab9d5305fc68496b8c75d7d58fb0e91feaf7f598
6619c3c9eaf6738dc2e1921e0682e82f4a5b0ac44a6b33d89812f576bc31ab41
66acb48e5d896c024b5ce7003d0375794e4a6603e8454e902ea448db160884d8
670b4574ac00792fb78909b383658833cd5c776a7f5715b9e9a5670668506db8
6860490efeb4447dabfcb5a57b0d9a14aaa76df28f6f2067565aca3d7fac9c52
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
695ce10188e5306fcbf679b7cc125b6eac681d124a85a5908bbd8d0079a47e9a
6a8ad0932b7721ed0487d2d7004739949a65b7796321558409f6c6208e918666
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6cb56a0c70ad7edd7731131e2271712f6e6f5ebf32256618bcbf563ebe650231
6d6a71cd1ad104144bf6fb5a531a9a0fe1cdebb3914038f1f56835afec0e3f20
6db70efc22ebe658e7f7201546ed259b8408fc8238603d9a994f70e55a86a9f7
711e66708e1264e96b0a0a07d958c999573fa6105a48ac136bb96ef6b3ce84f9
7413374d2d4b50a67e2e18415f76b882a713edecd20182b7d1bcef903330987b
74386ff7caebd4dae157769f5a71c8109bc7f28d436ac0d8d621ab97002786c1
748735a831b31b735e397d4928ecf548aa9583136644b8989f5897db1f97e18d
74abe41f5abe40ebb743346bad44853a9824092bc873cf6c26f470a876960aac
75327d13c2b94a5eb87b9d18ba6d2517016c6285de2c7b32901339a899282635
774c158323cefef568eca1cf0be2eb6f5181e043158a9c60359ad5462a18fea4
77ed72d440214106b70e7687748235ccfb425fbda2227b64ca35c449bd8f194e
7879b6a7897077d50bf41c9afd92664e4b47b3751a0ed2121a5bdc3a10baddec
79ec52f0ce86fb27c47d1f860ba62d34ad5fe6cd3778ee0952ac698f52096e81
7f918e55e2c7fdfe4fbfac4e8baf5a131c88eacb54165dee2aaaa6e70f528a4f
8049b934c0656532d9a83024065477b24a9e907a5e0a86a82a6f8a083557bf9e
815ee379589e2686af0a423df3987810358aaa03ea11a46250de270ad307a383
82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85b9381a028dfec3b2eb098f3ed05904960e8eef84201307f0911d70d384e1f2
868a78df4f3d0a21f89c48ccc709df44d3875f5fb33e22bf51ca8b5c28be4202
874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
87a7f8c7df72493a7feecbe7c34360f1544cbfc2b63e0a8a09da2ea4dd3941f7
87dd5d7b4b8cd4933724bf25f215ff86b2604a7fc61a329e31e88ff2b1f7af90
8a6cebdc9be5a977e8916c76af183272272020ed02a63a35249c905fb16bf1ee
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8b80b934f3f4c2332dd8d77abd1354233647dfb138eec1c4f5a9c07fd69651a7
8c0531412c543b9bd978e29acb8f5cf330db9891115d1e9924519d9a675b7b74
8d5395df0779722c1499b6f1593cb870a6fc7301190f462965935abd03b33ec8
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8d9761793770b2cd27c86963e529fffd98565d74c1d67bc7931c2e8e8cfd86db
8e4daf0c4bcd9d75a33efd4fbcb1d5d348afba4bf707dd93533a4d5fd38de52f
8e958b33e239d8aa264b39e62c4d549ff21a49cda6e94f76cccf5b23cdd12216
90352cd429fceb3b816c9418248ab076c32d27239cc9bdf453287b07c952fe93
92426eb5437b357b9046670556ba89baa8384edcc8734f56b813745bdb9e1cc6
9258fdbb0135cef979e81e6a201a9712e44e850066949151b923bbb0e40c3db1
93975ae1d8cef7cb7a8c05ef392abe1b4d080b570b19cab279a208afe7d36cf9
93e6639c3f07cb77467754907778fc49a74b1194368a93923c824ebec4d78298
956502cf34dd763cc8c03deacd057372a779750b63cd6d0ecfa1100e70a5e5ae
95f59d3673485eaf0566cda1fac52d3d5dfeb9ba38c41b7c83e351449bb5a4f6
96317c3e5a0698390f1e2fe74dbc1bb40bd08aa635d3308f50426070494ca840
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
97eea540d51caf9ea8fdbfbe29e788d1fe016731afa797c33b1f39825a5df14f
97fbe0da7255903768c8485f137c2a05e03124d01cefde09d2dcdaf6f7551bec
9aa3d43134d1f1dfeb282288ab9a891513edc029fcb5689f71fad912ec15b549
9bd8dcc115a0e9fce94520cecad5254352b86d55bca2506833057bb52e87ee1a
9c0054243c6d0f999f2529b7b6165753d8ea98d40defc0e598853379af7798a8
9c58a44616fcbb45feda723913b750be827cc05f526642e9ff52e36ffab9a414
9d1c206ba5eb10f0a63468f9d80439277a779046aac4a8b4be3f3cd0e7dd5846
9e0d404128c22390d9e513e36d742a60e1b440d6b6d108caf16bd10d9c77306f
9e391f70821c1f3c49a2d9a9a2e1b6085fcd1f5aafe404258adbd024a9bef517
9f4501c6e024ec5ecc8ec86d5a09b9e603e226ab83149c8f481708bffcbd3f8e
9f4bb49b19fe835161344a1ab647c5df2b04403169fdb58cc8aba19d7b611c89
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a15f8849232335289b054b7a5a997cc1f7df707cdc6c9492b029359555d13bb5
a1a154110cdb83e6c861b4c5d8a1c51882f119639e91a9ca4adf7c70748a4e5b
a1c6ea99bde3bca538f4bbd1d799c21cb89c0a082b884400c3df69dbe7a20848
a390064db2d28bd0a571c732717f7f50e3e6179ea4af59f8e398eeb9f5e5dd2a
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a68c9cd6dea7fb10cf7a8251b5bed5b29b1047c7431e1ff4def2421329f0a3ad
a6c380163cfb4ec488d8231f891ae8deaa8d82ae8c18ba3a6d6a3b2168b3d1ef
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
aa0e07397fd65980a26cd95fd726b6e7c3b4c8b9ab20af6505124ec2d50d584a
ab612e26357285522cbacea29b729bfdff3b7342c75ee9438ab83a27ce4b297e
abbcd33d404aca830e658671ef6fe1f71ec5b1a9b7ba2498a472ba38daea453b
abd4c37f2e693b8e4e2e33ae084762fec7c210a17fb44126c4011becce302e11
ac1b986bc2148aa06ad10ef94546eed99de4a9c2eae242b9e97f78e3fe2bb6ee
ac850bc623427309d0305d230767fca0506b4f9966c6ecb9bb7f75159f03dd0e
adaf48219ee42efaf48879b7ef083b6c3664ed8a84aba080065bb37b446e0b14
ae778eff86703b09baa4bc89ba09b2a3ba0462d611f5a40f40e5155417a0665d
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b0eb580782e34b6d65bca1d034c8791c3df2164963b3259af441a0289bb4f3bd
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b16aef8a6a18450e93979def14ab6f9fdfb77f242c9b052333c50a0564ab6677
b18ae4a03fd46ca12b7fd334e8c379bb803f39e0fb4a464a1a1a5398d8d2cb4e
b2dbb1cf5c5506562b776bd081fd844a2dae08e907b4cd03c08aad627a9ac06a
b2dc3e5952f57966cea81717e4fa93edad056d9035ce9a93c6a40fdf57d9e704
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
b46b861b465298f9360491e6b87e707af462dad73872c60e5ee90d4fda58b5c4
b4a419095aa8f87ac838a7c0f52fa682bc635aa4d1927b9c058d547fc67dd5ea
b635b1f7a7a6e25d34930b516ff41da98d939dad20fb024acb596a7828106813
b71c20271d9c80d1a71aa0ab9935281c4fa8ac404533f1a0747d7fb03fc68e79
b79969bfe5205648c47230516c4f7da363bbc37cfcf56057abb24c8fbc34d747
b7bd68cb79dcf03fe74b395a014cdc03ddcabd4d4a2552d24cc78f84d09ec155
b89f2425b3a80a2e1861648a6b8b8c82d04b3f4efaca0ab5dbc9db90a3cb82a0
ba8af0d50d79678d5e9e6e68935c23511ff6ae811c880f6b0815855e696b023e
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f
bd033faef5d1c120aeadef08c67ca30ed9f779a79d019a7b853489db7efb2ec8
bd85d107203019a4f16297de2536f98fb29e6799bb47142457bd435895959e6f
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
bee77aeb7bcb6a3163c4d537ca9b6632f6b236f65bb8d6eb536c252064e5b5b4
bf0ab891701cb42a0ba7e19199ace3d4d39935dd61ed4bdc1e9b80c531ecc6d8
bf6c9da6cd516bbb79ea18f42c1450a5624e1c8d7608c4292f8b02d6702e31de
c1609235113bcc0ea2c532064ee52f039b75a48edb067ca110118e813a723a85
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c33e7ccf75562431b2535679241b95165dbe2d461198be913f212c20f3e8cfab
c41355972b53b5b1ca3a40a568d819b877abb8b60c45db4c80f82ef274868189
c4256232b7d938af44cde8123f79ce9dd6acfc2302ccaf0168abd16ae8c833ad
c51c75c768db2fc87ff993b7fd7c3e3bc296569ce0955b439dbb06ca78bd8d6b
c7cdc1c5656f5ccbacdf8c46fa7d970a08cd0dd8f126a30b36a755cce942886f
c7ed7ef9182dc5206d1b7a8038bcfe2b57fc1be96d78b75152e9b713ca4ef2d6
c831f8a053ae390116b17fd75c7b8f34b659ef4c4c0e1f285806848e0752e0bd
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
ca96c40f3a1a913eab009c3066ea01ef6e56cb3bca24a7f7a59099f499e12dfb
cbff952e8c47bf976906662ac210c3ae9aaf8e10820d404e8f760bc273bcb4fb
cc8455926faa2115bb49e10a9f2352d4630f06e1f10873f86d2fd073b2c2f89f
cda3c421b62828768ee2741a35bef36bcfdb1199ee3eb987269f7d1ce2dd8876
ce6db59bd76100dae8b381fa5e669c3ff7b4db76ae11e1676157f95413f52f23
cf6ed6ab73b7f0e5cf5f593a15fa607a9b1daa3c6fc58fc8c98568e70088adbc
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d1024fbe1569d6452c85f2576e7798663b5d780cc8cd3f3391e5dc1452039650
d199391607ba200b28de4d86f36be065228f27c05bf11db5b4b0cdf00cf093da
d1d05642e23866a6d7fb1b165615355e7c01fffaf89c61e9c14c0beecb96ae23
d3169b2726b5c785026813413eb505d88cb3b8d95f899b66153624266a9ef503
d3564d2b09a1761f856bf198d3b4f97e1229358698bb6314bb731697e9429c16
d43a78c0afdaab62e85c43f804e0f994d57679d9a959a40686498c5ef6b4e6e2
d46f0249b4880fa2127f3408edc02158ffa0673c31218312e2b6dbef1b96d507
d4fcc935af779b64ecec8cca08ba21b82fabfaec30b388d459eb4c0a537892f6
d615dc71e2b871728bcac91be31747518b19e5d9019d8d1963300bc169a0fdea
d6298c3b513f2c4653a5ecd25fab7ffb5c74a8ce3c63b176f91621b77a7bc6ab
d9608ec4ea86f70691860daf1b477654e08357662b2fdc33568a376b0fcbdf5c
da45962a1fb4a049c9367ebe9b1b628f071d7a4c9997ee807c01d23f4866e19c
dabcbaebd91fbacba05da75f9d8c8322fd18110c126334cdf55affe0261993af
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dd76237cb45a7968e068f314836135fbb40f1e2e64ece7bcb94ad09fb1e51562
de5fd4268613c2dbf84f78e5c62e6711e45312ca5bff7a6b45058b8527b0a9f1
df6e47f3dead15c7aee83b385619b44bd4d41cf4012df3e34d5e29f511eac6b0
e00397129d5c9f4de2565731d60bc0120d1fe4dc78bf0b5cc9ea8c6571e27052
e095f4fbb86c7318a76ae06340cfd812a5247ea02b416ed57933365d67648df7
e0aa38846f5d1668e250649ffc91f566f66019d0c42c71d7237480280b6c96c0
e2abaab52c00991eaa68af9b739a0d6ff6f36317d6d05458ea794e5a7f319f5f
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e2f2597386660b972fe84faa90af129a353e7e8f9990df6f3b14d0165468350f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e4f4dde2aec3c26a8bd2af8bbd0690467531d6abb632ec5433b0ff5f2fefdf8d
e5206328d2cc2308fcaeac42be6ea00a48a1787053f6581b97fffee6182a57f2
e5718552985b885aad92b5fd62e8ba2748bda285e1cf240b5fd87f5e9fc125a2
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e628a77b432ee49dc3c2a637bef4494dec9be61d1baceef5c86e0cf97f7d1afc
e67a0d2101516224e734c4da43409d31c2cafd062015f2cf4a72420b3da24789
e6deb8763f8da9983dc3f1ab5d4376b37292dbd4b7fbd988713ac334a5904069
e6f4da7f89a69ed052f1dc36dbde4293db5ee32640b75a93a1360dc0a6afbd46
e6fa8f77f210d5e1fa81d8825b606051df79dcbf7ff0b639ab3536ca4158ea6f
ea5682a0a6618c3bb9f5bf74a51454f481d59cb96a0f1a544a72a9c940f0bdf3
eb8bfc1324f089a7d1ff198649c86d275717397cfb5d27636e2094a2a085070f
ebf9a68ed65b588ec9397c2bda9d79b1f5bf9e9ea0c34b4eaac0e927002362bf
ec1cb55d9bd3d88ea23c52278f6d73fd7310abdf3587a702fd60f4fe2f997266
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ec6f364352c009a79ecee3ddd6e3b2731a07cae7844b9f69c13c2b3629a03cf9
ed2772d700ff8cedd17a8c5d43ac9a78269fb7087839f3cc0e504bc9ce021858
ed4262d115281bd512c8032e89ff83cfc3ab4b2107786aabff6ca6bcec4561b5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f287503fb66ac07e6dacdd1e6782fe6d02c32f814961420a511290a218469c94
f2daa7e76eb71f0467c09a9ad129a8c3de6217644510131af36b6cf0f8114d2e
f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f
f4a9cd611ccd96117516a93d5c529f429d7f5e7187b453c12e0405196211e38d
f51938710e179807bbf1be9a1e9d7e3441fa74e7dfe9f46841914fb12ca7de3c
f59992e3bbba63c938be3226ef9716861484b54008fd395086af290a823e5e50
f8486cf55c57486f26236be045e02ada380d1ee0378008375cf54295c23954c8
fa58c4b5d186c8d31190b67714226a3a76c9b5517076f96c27081e154b9c2436
feca2c500ff0adb01036741a190f5295dc783319b9f1dc530e223d9177073aa9
fef150c7927eec405ab56ba61bc9c6b48bb0a4367b3b4142c0d919659b358dee
ff473fdc2276fe4760eb499f944460c4219b6639676288d7709e5cdb9e6b70bb