gofobo.com Open in urlscan Pro
52.34.129.38 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://gofobo.ticktbox.com/redirect/l948BQ
Effective URL:
https://gofobo.com/sweepstakes/TikiTunesSpeaker
Submission: On May 22 via manual (May 22nd 2022, 1:51:55 pm UTC) from US — Scanned from DE

Summary HTTP 323 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 96 IPs in 10 countries across 73 domains to perform 323 HTTP transactions. The main IP is 52.34.129.38, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is gofobo.com. The Cisco Umbrella rank of the primary domain is 280916.
TLS certificate: Issued by Amazon on January 31st 2022. Valid for: a year.

This is the only time gofobo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	44.238.182.236 44.238.182.236	16509 (AMAZON-02) (AMAZON-02)
5	52.34.129.38 52.34.129.38	16509 (AMAZON-02) (AMAZON-02)
6	2606:4700::68... 2606:4700::6810:9540	13335 (CLOUDFLAR...) (CLOUDFLARENET)
31	108.156.253.172 108.156.253.172	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:205... 2600:9000:2057:f600:8:8845:1500:93a1	16509 (AMAZON-02) (AMAZON-02)
5	2.18.232.170 2.18.232.170	16625 (AKAMAI-AS) (AKAMAI-AS)
3	65.9.58.30 65.9.58.30	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
4	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2620:1ec:27::... 2620:1ec:27::cafe:1834	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2606:4700::68... 2606:4700::6811:4f22	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:10:... 2606:4700:10::6814:b944	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 1	2600:1f18:730... 2600:1f18:730:b150:1cf:88dc:54d8:eec2	14618 (AMAZON-AES) (AMAZON-AES)
1	34.231.179.226 34.231.179.226	14618 (AMAZON-AES) (AMAZON-AES)
1	23.35.237.151 23.35.237.151	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2606:2800:234... 2606:2800:234:59:254c:406:2366:268c	15133 (EDGECAST) (EDGECAST)
2	2a00:1450:400... 2a00:1450:4001:811::200e	15169 (GOOGLE) (GOOGLE)
1	65.9.63.3 65.9.63.3	16509 (AMAZON-02) (AMAZON-02)
5	40.76.174.66 40.76.174.66	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	99.86.4.101 99.86.4.101	16509 (AMAZON-02) (AMAZON-02)
1	143.204.215.118 143.204.215.118	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c0c::9b	15169 (GOOGLE) (GOOGLE)
1	104.244.42.200 104.244.42.200	13414 (TWITTER) (TWITTER)
5	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2	2620:116:800d... 2620:116:800d:21:ee05:6a01:4b41:8c89	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:20:... 2606:4700:20::681a:9a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 6	52.6.156.194 52.6.156.194	14618 (AMAZON-AES) (AMAZON-AES)
1	95.101.20.27 95.101.20.27	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2600:9000:206... 2600:9000:206f:7a00:6:44e3:f8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	52.49.46.73 52.49.46.73	16509 (AMAZON-02) (AMAZON-02)
4	108.138.3.177 108.138.3.177	16509 (AMAZON-02) (AMAZON-02)
6 8	18.194.159.8 18.194.159.8	16509 (AMAZON-02) (AMAZON-02)
2	54.186.212.217 54.186.212.217	16509 (AMAZON-02) (AMAZON-02)
4 4	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
2	72.251.249.9 72.251.249.9	29791 (VOXEL-DOT...) (VOXEL-DOT-NET)
1	141.95.98.69 141.95.98.69	16276 (OVH) (OVH)
1	34.120.133.55 34.120.133.55	15169 (GOOGLE) (GOOGLE)
2	52.88.218.108 52.88.218.108	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:9fea	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:fa8:8806... 2a02:fa8:8806:16::1460	41041 (VCLK-EU-SE) (VCLK-EU-SE)
1	52.29.205.29 52.29.205.29	16509 (AMAZON-02) (AMAZON-02)
1	2602:803:c003... 2602:803:c003:200::51	26667 (RUBICONPR...) (RUBICONPROJECT)
5	34.149.20.76 34.149.20.76	15169 (GOOGLE) (GOOGLE)
3	18.157.66.51 18.157.66.51	16509 (AMAZON-02) (AMAZON-02)
1	99.86.4.28 99.86.4.28	16509 (AMAZON-02) (AMAZON-02)
2	18.185.167.12 18.185.167.12	16509 (AMAZON-02) (AMAZON-02)
1	213.19.147.43 213.19.147.43	3356 (LEVEL3) (LEVEL3)
1	178.162.133.150 178.162.133.150	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
3 7	37.252.172.249 37.252.172.249	29990 (ASN-APPNEX) (ASN-APPNEX)
3	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	104.92.100.195 104.92.100.195	16625 (AKAMAI-AS) (AKAMAI-AS)
1	204.237.133.116 204.237.133.116	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
2 2	103.229.205.243 103.229.205.243	30419 (MEDIAMATH...) (MEDIAMATH-INC)
5	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
2 2	35.210.53.219 35.210.53.219	15169 (GOOGLE) (GOOGLE)
2 2	52.51.78.176 52.51.78.176	16509 (AMAZON-02) (AMAZON-02)
1 2	104.92.72.137 104.92.72.137	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a04:4e42:600... 2a04:4e42:600::300	54113 (FASTLY) (FASTLY)
2 2	50.31.142.191 50.31.142.191	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	2600:1f18:444... 2600:1f18:444a:4680:8e84:2ba7:9e48:8cf5	14618 (AMAZON-AES) (AMAZON-AES)
1	108.157.4.107 108.157.4.107	16509 (AMAZON-02) (AMAZON-02)
1	104.83.151.205 104.83.151.205	16625 (AKAMAI-AS) (AKAMAI-AS)
1	46.105.202.126 46.105.202.126	16276 (OVH) (OVH)
1	65.9.63.43 65.9.63.43	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:401... 2a00:1450:4014:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
20	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
18	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
1 5	2a00:1450:400... 2a00:1450:4001:812::2004	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80f::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1 4	54.247.26.77 54.247.26.77	16509 (AMAZON-02) (AMAZON-02)
7 14	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
6 11	23.35.236.247 23.35.236.247	16625 (AKAMAI-AS) (AKAMAI-AS)
19	2a00:1450:400... 2a00:1450:4001:827::2006	15169 (GOOGLE) (GOOGLE)
5	2600:9000:224... 2600:9000:224a:4400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	142.250.184.230 142.250.184.230	15169 (GOOGLE) (GOOGLE)
4	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
15	104.244.36.20 104.244.36.20	7415 (ADSAFE-1) (ADSAFE-1)
1	151.101.65.108 151.101.65.108	54113 (FASTLY) (FASTLY)
2	23.35.236.201 23.35.236.201	16625 (AKAMAI-AS) (AKAMAI-AS)
4	104.92.74.8 104.92.74.8	16625 (AKAMAI-AS) (AKAMAI-AS)
3 6	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
4	54.171.192.139 54.171.192.139	16509 (AMAZON-02) (AMAZON-02)
1 2	37.252.172.37 37.252.172.37	29990 (ASN-APPNEX) (ASN-APPNEX)
2	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3 3	2a05:d018:d29... 2a05:d018:d29:3605:c111:9aee:7bd3:6707	16509 (AMAZON-02) (AMAZON-02)
3 5	52.46.130.91 52.46.130.91	16509 (AMAZON-02) (AMAZON-02)
4 4	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
2 6	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
2 3	52.94.223.37 52.94.223.37	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1288:80:... 2a00:1288:80:807::1	203220 (YAHOO-DEB) (YAHOO-DEB)
1 6	34.247.233.198 34.247.233.198	16509 (AMAZON-02) (AMAZON-02)
3 3	64.202.112.95 64.202.112.95	23352 (SERVERCEN...) (SERVERCENTRAL)
2	66.155.71.149 66.155.71.149	13768 (COGECO-PEER1) (COGECO-PEER1)
1	54.163.96.140 54.163.96.140	14618 (AMAZON-AES) (AMAZON-AES)
1 1	54.227.164.149 54.227.164.149	14618 (AMAZON-AES) (AMAZON-AES)
1 1	193.122.130.38 193.122.130.38	31898 (ORACLE-BM...) (ORACLE-BMC-31898)
2 2	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY)
1	18.195.155.181 18.195.155.181	16509 (AMAZON-02) (AMAZON-02)
1 1	124.146.215.49 124.146.215.49	2514 (INFOSPHER...) (INFOSPHERE NTT PC Communications)
2 2	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS)
1	2600:9000:214... 2600:9000:214f:1600:1f:2473:9080:93a1	() ()
5	67.202.105.31 67.202.105.31	() ()
1 1	23.75.240.210 23.75.240.210	() ()
4	52.201.208.245 52.201.208.245	() ()
1	35.244.159.8 35.244.159.8	() ()
2 2	18.194.10.133 18.194.10.133	() ()
1 1	88.214.206.247 88.214.206.247	() ()
323	96

2 44.238.182.236 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-44-238-182-236.us-west-2.compute.amazonaws.com

gofobo.ticktbox.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.34.129.38 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-34-129-38.us-west-2.compute.amazonaws.com

gofobo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 108.156.253.172 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-156-253-172.dus51.r.cloudfront.net

dk2d6nav3mn9d.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2057:f600:8:8845:1500:93a1 (United States)

ASN16509 (AMAZON-02, US)

b-code.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2.18.232.170 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-232-170.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 65.9.58.30 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-58-30.fra56.r.cloudfront.net

d2u384mreupnc8.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:27::cafe:1834 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6811:4f22 (United States)

ASN13335 (CLOUDFLARENET, US)

global.proper.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
abcheck.proper.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
eb.proper.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:730:b150:1cf:88dc:54d8:eec2 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)

rp.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.231.179.226 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-231-179-226.compute-1.amazonaws.com

rp4.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.35.237.151 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-237-151.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:234:59:254c:406:2366:268c (United States)

ASN15133 (EDGECAST, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:811::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.63.3 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-63-3.fra56.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 40.76.174.66 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

d.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.101 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-101.fra6.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-118.fra53.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9b (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.200 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:ee05:6a01:4b41:8c89 (United States)

ASN16509 (AMAZON-02, US)

secure.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:20::681a:9a9 (United States)

ASN13335 (CLOUDFLARENET, US)

script.4dex.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.6.156.194 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-6-156-194.compute-1.amazonaws.com

i.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.20.27 (Milan, Italy)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-20-27.deploy.static.akamaitechnologies.com

sli.gofobo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:7a00:6:44e3:f8c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

rules.quantcount.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.49.46.73 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-49-46-73.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 108.138.3.177 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-3-177.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 18.194.159.8 (Frankfurt am Main, Germany) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-159-8.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.186.212.217 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-186-212-217.us-west-2.compute.amazonaws.com

usync.proper.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.56.137 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 72.251.249.9 (Amsterdam, Netherlands)

ASN29791 (VOXEL-DOT-NET, US)

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.95.98.69 (France)

ASN16276 (OVH, FR)
PTR: ns3216534.ip-141-95-98.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.133.55 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 55.133.120.34.bc.googleusercontent.com

api.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.88.218.108 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-88-218-108.us-west-2.compute.amazonaws.com

bids.proper.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:9fea (United States)

ASN13335 (CLOUDFLARENET, US)

player.propervideo.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:16::1460 (Singapore)

ASN41041 (VCLK-EU-SE, US)

web.hb.ad.cpe.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.29.205.29 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-205-29.eu-central-1.compute.amazonaws.com

tlx.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2602:803:c003:200::51 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 34.149.20.76 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 76.20.149.34.bc.googleusercontent.com

ssc.33across.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.157.66.51 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-157-66-51.eu-central-1.compute.amazonaws.com

btlr.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.4.28 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-28.fra6.r.cloudfront.net

hb.undertone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.185.167.12 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-167-12.eu-central-1.compute.amazonaws.com

pre.ads.justpremium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 213.19.147.43 (Utrecht, Netherlands)

ASN3356 (LEVEL3, US)

tag.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.162.133.150 (Rijswijk, Netherlands)

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ams-1-apex.go.sonobi.com

apex.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.252.172.249 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

propermedia-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.92.100.195 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-100-195.deploy.static.akamaitechnologies.com

htlb.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.237.133.116 (West Chester, United States)

ASN3257 (GTT-BACKBONE GTT, US)

hbopenbid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 103.229.205.243 (Singapore) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 15.197.193.217 (United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.210.53.219 (Brussels, Belgium) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 219.53.210.35.bc.googleusercontent.com

pool.admedo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.51.78.176 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-78-176.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.92.72.137 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-72-137.deploy.static.akamaitechnologies.com

x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::300 (United States)

ASN54113 (FASTLY, US)

trc.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.31.142.191 (Chicago, United States) 2 redirects

ASN22075 (AS-OUTBRAIN, US)
PTR: chi.outbrain.com

b1sync.zemanta.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:444a:4680:8e84:2ba7:9e48:8cf5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

i6.liadm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.4.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-107.dus51.r.cloudfront.net

ats.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.83.151.205 (Milan, Italy)

ASN16625 (AKAMAI-AS, US)
PTR: a104-83-151-205.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.105.202.126 (France)

ASN16276 (OVH, FR)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.63.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-63-43.fra56.r.cloudfront.net

geo.privacymanager.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4014:80f::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:812::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80f::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.247.26.77 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-247-26-77.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 142.250.186.98 (United States) 7 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.35.236.247 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-247.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 2a00:1450:4001:827::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2600:9000:224a:4400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.230 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 104.244.36.20 (United States)

ASN7415 (ADSAFE-1, US)
PTR: nyidt.adsafeprotected.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.35.236.201 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-35-236-201.deploy.static.akamaitechnologies.com

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.92.74.8 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-74-8.deploy.static.akamaitechnologies.com

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 76.223.111.18 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.171.192.139 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-192-139.eu-west-1.compute.amazonaws.com

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.252.172.37 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a05:d018:d29:3605:c111:9aee:7bd3:6707 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.46.130.91 (Ashburn, United States) 3 redirects

ASN16509 (AMAZON-02, US)

s.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 69.173.144.165 (Frankfurt am Main, Germany) 4 redirects

ASN26667 (RUBICONPROJECT, US)

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 69.173.144.139 (Frankfurt am Main, Germany) 2 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.94.223.37 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

aax-eu.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::1 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.247.233.198 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com

usersync.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 64.202.112.95 (Harrodsburg, United States) 3 redirects

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.149 (Portsmouth, United Kingdom)

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.163.96.140 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-163-96-140.compute-1.amazonaws.com

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.227.164.149 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-227-164-149.compute-1.amazonaws.com

sync.ipredictive.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 193.122.130.38 (Ashburn, United States) 1 redirects

ASN31898 (ORACLE-BMC-31898, US)

sync.technoratimedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.66.49 (United States) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.195.155.181 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com

cs.emxdgt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 124.146.215.49 (Japan) 1 redirects

ASN2514 (INFOSPHERE NTT PC Communications, Inc., JP)

tg.socdm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (Amsterdam, Netherlands) 2 redirects

ASN204995 (RTB-HOUSE-AMS, PL)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:214f:1600:1f:2473:9080:93a1 (None, )

ASN- ()

cdn.undertone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 67.202.105.31 (None, )

ASN- ()

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.75.240.210 (None, ) 1 redirects

ASN- ()

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.201.208.245 (None, )

ASN- ()

usr.undertone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (None, )

ASN- ()

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.194.10.133 (None, ) 2 redirects

ASN- ()

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.214.206.247 (None, ) 1 redirects

ASN- ()

cs.admanmedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	googlesyndication.com 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 95 tpc.googlesyndication.com — Cisco Umbrella Rank: 130	349 KB
34	cloudfront.net dk2d6nav3mn9d.cloudfront.net d2u384mreupnc8.cloudfront.net	1005 KB
30	doubleclick.net 7 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 92 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 187 googleads.g.doubleclick.net — Cisco Umbrella Rank: 44 cm.g.doubleclick.net — Cisco Umbrella Rank: 212 ad.doubleclick.net — Cisco Umbrella Rank: 202 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 284	255 KB
24	adsafeprotected.com 1 redirects pixel.adsafeprotected.com — Cisco Umbrella Rank: 548 fw.adsafeprotected.com — Cisco Umbrella Rank: 805 static.adsafeprotected.com — Cisco Umbrella Rank: 552 dt.adsafeprotected.com — Cisco Umbrella Rank: 504	195 KB
19	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 264	180 KB
16	rubiconproject.com 7 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 471 eus.rubiconproject.com — Cisco Umbrella Rank: 556 token.rubiconproject.com — Cisco Umbrella Rank: 692 pixel.rubiconproject.com — Cisco Umbrella Rank: 354 secure-assets.rubiconproject.com	25 KB
12	casalemedia.com 6 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 477 dsum-sec.casalemedia.com — Cisco Umbrella Rank: 557 ssum-sec.casalemedia.com	9 KB
12	amazon-adsystem.com 5 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 288 s.amazon-adsystem.com — Cisco Umbrella Rank: 278 aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1187	47 KB
11	liadm.com 3 redirects b-code.liadm.com — Cisco Umbrella Rank: 3811 rp.liadm.com — Cisco Umbrella Rank: 2835 rp4.liadm.com — Cisco Umbrella Rank: 10775 i.liadm.com — Cisco Umbrella Rank: 525 i6.liadm.com — Cisco Umbrella Rank: 1678	18 KB
10	gumgum.com 1 redirects rtb.gumgum.com — Cisco Umbrella Rank: 1176 usersync.gumgum.com — Cisco Umbrella Rank: 2306	3 KB
10	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 240 acdn.adnxs.com — Cisco Umbrella Rank: 596 secure.adnxs.com — Cisco Umbrella Rank: 424	16 KB
9	proper.io global.proper.io — Cisco Umbrella Rank: 8146 abcheck.proper.io — Cisco Umbrella Rank: 9377 usync.proper.io — Cisco Umbrella Rank: 12408 bids.proper.io — Cisco Umbrella Rank: 8622 eb.proper.io — Cisco Umbrella Rank: 12080	137 KB
8	yahoo.com 7 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 297 pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 485 ads.yahoo.com — Cisco Umbrella Rank: 1156	4 KB
8	bidswitch.net 6 redirects x.bidswitch.net — Cisco Umbrella Rank: 287	4 KB
8	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1266 d.clarity.ms — Cisco Umbrella Rank: 2164 c.clarity.ms — Cisco Umbrella Rank: 668	26 KB
7	3lift.com 3 redirects tlx.3lift.com — Cisco Umbrella Rank: 559 eb2.3lift.com — Cisco Umbrella Rank: 414	3 KB
6	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 74 www.google.com — Cisco Umbrella Rank: 7	2 KB
6	undertone.com hb.undertone.com — Cisco Umbrella Rank: 3522 cdn.undertone.com usr.undertone.com	4 KB
6	addthis.com 1 redirects s7.addthis.com — Cisco Umbrella Rank: 1493 m.addthis.com — Cisco Umbrella Rank: 1449 x.dlx.addthis.com — Cisco Umbrella Rank: 1172	218 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 501	120 KB
6	gofobo.com gofobo.com — Cisco Umbrella Rank: 280916 sli.gofobo.com — Cisco Umbrella Rank: 382994	33 KB
5	tynt.com de.tynt.com	2 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 344	109 KB
5	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 338	1 KB
5	33across.com ssc.33across.com — Cisco Umbrella Rank: 1489	1 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 175	114 KB
4	openx.net propermedia-d.openx.net — Cisco Umbrella Rank: 11447 us-u.openx.net — Cisco Umbrella Rank: 399 u.openx.net	672 B
4	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 645 script.hotjar.com — Cisco Umbrella Rank: 896 vars.hotjar.com — Cisco Umbrella Rank: 989 in.hotjar.com — Cisco Umbrella Rank: 1730	67 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 146	198 KB
3	outbrain.com 3 redirects sync.outbrain.com — Cisco Umbrella Rank: 782	1 KB
3	pubmatic.com hbopenbid.pubmatic.com — Cisco Umbrella Rank: 446 ads.pubmatic.com — Cisco Umbrella Rank: 439 image6.pubmatic.com Failed image8.pubmatic.com Failed	20 KB
3	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1057	328 B
3	twitter.com platform.twitter.com — Cisco Umbrella Rank: 664 syndication.twitter.com — Cisco Umbrella Rank: 954	133 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 102	713 B
2	advertising.com 2 redirects pixel.advertising.com	677 B
2	creativecdn.com 2 redirects creativecdn.com — Cisco Umbrella Rank: 690	695 B
2	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 572	635 B
2	sitescout.com pixel-sync.sitescout.com — Cisco Umbrella Rank: 594	248 B
2	linkedin.com px.ads.linkedin.com — Cisco Umbrella Rank: 511	1 KB
2	zemanta.com 2 redirects b1sync.zemanta.com — Cisco Umbrella Rank: 558	592 B
2	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 214	2 KB
2	admedo.com 2 redirects pool.admedo.com — Cisco Umbrella Rank: 4646	752 B
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 444	1 KB
2	justpremium.com pre.ads.justpremium.com — Cisco Umbrella Rank: 5573	5 KB
2	rlcdn.com api.rlcdn.com — Cisco Umbrella Rank: 832 ats.rlcdn.com — Cisco Umbrella Rank: 1310	38 KB
2	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 663 cdn.id5-sync.com — Cisco Umbrella Rank: 1573	12 KB
2	lijit.com ce.lijit.com — Cisco Umbrella Rank: 917 ap.lijit.com — Cisco Umbrella Rank: 615	890 B
2	4dex.io script.4dex.io — Cisco Umbrella Rank: 1842	24 KB
2	quantserve.com secure.quantserve.com — Cisco Umbrella Rank: 987 pixel.quantserve.com — Cisco Umbrella Rank: 427	10 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	20 KB
2	ticktbox.com 2 redirects gofobo.ticktbox.com — Cisco Umbrella Rank: 360058	1 KB
1	admanmedia.com 1 redirects cs.admanmedia.com	509 B
1	socdm.com 1 redirects tg.socdm.com — Cisco Umbrella Rank: 1802	688 B
1	emxdgt.com cs.emxdgt.com — Cisco Umbrella Rank: 933
1	technoratimedia.com 1 redirects sync.technoratimedia.com — Cisco Umbrella Rank: 1163	340 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 1042	433 B
1	stackadapt.com sync.srv.stackadapt.com — Cisco Umbrella Rank: 813	168 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 232	555 B
1	google.de adservice.google.de — Cisco Umbrella Rank: 7678	792 B
1	privacymanager.io geo.privacymanager.io — Cisco Umbrella Rank: 1409	595 B
1	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1561	17 KB
1	taboola.com trc.taboola.com — Cisco Umbrella Rank: 679	238 B
1	sonobi.com apex.go.sonobi.com — Cisco Umbrella Rank: 1623	791 B
1	1rx.io tag.1rx.io — Cisco Umbrella Rank: 1277	166 B
1	dotomi.com web.hb.ad.cpe.dotomi.com — Cisco Umbrella Rank: 2139	527 B
1	propervideo.io player.propervideo.io — Cisco Umbrella Rank: 24249	28 KB
1	quantcount.com rules.quantcount.com — Cisco Umbrella Rank: 918	2 KB
1	addthisedge.com v1.addthisedge.com — Cisco Umbrella Rank: 1736	585 B
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 374	1 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 824	457 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 71	41 KB
0	pagefair.net Failed asset.pagefair.net Failed
0	pagefair.com Failed asset.pagefair.com Failed
323	73

	Domain	Requested by
31	dk2d6nav3mn9d.cloudfront.net	gofobo.com dk2d6nav3mn9d.cloudfront.net
20	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net ad.doubleclick.net www.googletagservices.com
19	s0.2mdn.net	gofobo.com s0.2mdn.net 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
18	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com gofobo.com 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com cdn.ampproject.org googleads.g.doubleclick.net
15	dt.adsafeprotected.com	6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
14	cm.g.doubleclick.net	7 redirects googleads.g.doubleclick.net eb2.3lift.com rtb.gumgum.com
10	dsum-sec.casalemedia.com	6 redirects googleads.g.doubleclick.net
8	x.bidswitch.net	6 redirects eb2.3lift.com rtb.gumgum.com
7	ib.adnxs.com	3 redirects global.proper.io googleads.g.doubleclick.net eb2.3lift.com
6	usersync.gumgum.com	1 redirects rtb.gumgum.com
6	pixel.rubiconproject.com	2 redirects cdn.undertone.com eus.rubiconproject.com
6	eb2.3lift.com	3 redirects global.proper.io eb2.3lift.com
6	i.liadm.com	2 redirects b-code.liadm.com i.liadm.com
6	cdn.cookielaw.org	gofobo.com cdn.cookielaw.org
5	de.tynt.com	global.proper.io
5	s.amazon-adsystem.com	3 redirects eb2.3lift.com
5	static.adsafeprotected.com	fw.adsafeprotected.com pixel.adsafeprotected.com 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
5	googleads.g.doubleclick.net	6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com gofobo.com
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	www.google.com	1 redirects tpc.googlesyndication.com gofobo.com 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
5	match.adsrvr.org	i.liadm.com eb2.3lift.com rtb.gumgum.com cdn.undertone.com
5	ssc.33across.com	global.proper.io
5	securepubads.g.doubleclick.net	global.proper.io securepubads.g.doubleclick.net gofobo.com
5	d.clarity.ms	www.clarity.ms d.clarity.ms
5	gofobo.com	gofobo.com
4	usr.undertone.com	cdn.undertone.com
4	token.rubiconproject.com	4 redirects
4	rtb.gumgum.com	pre.ads.justpremium.com rtb.gumgum.com
4	eus.rubiconproject.com	global.proper.io eus.rubiconproject.com cdn.undertone.com
4	googleads4.g.doubleclick.net	gofobo.com ad.doubleclick.net
4	www.googletagservices.com	6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com www.googletagservices.com
4	ups.analytics.yahoo.com	4 redirects
4	c.amazon-adsystem.com	global.proper.io c.amazon-adsystem.com
4	connect.facebook.net	gofobo.com connect.facebook.net
3	sync.outbrain.com	3 redirects
3	aax-eu.amazon-adsystem.com	2 redirects
3	pr-bh.ybp.yahoo.com	3 redirects
3	6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	btlr.sharethrough.com	global.proper.io
3	www.facebook.com	gofobo.com
3	d2u384mreupnc8.cloudfront.net	gofobo.com
3	s7.addthis.com	gofobo.com s7.addthis.com
2	pixel.advertising.com	2 redirects
2	creativecdn.com	2 redirects
2	sync-tm.everesttech.net	2 redirects
2	us-u.openx.net	rtb.gumgum.com cdn.undertone.com
2	pixel-sync.sitescout.com	rtb.gumgum.com cdn.undertone.com
2	px.ads.linkedin.com	eb2.3lift.com
2	secure.adnxs.com	1 redirects acdn.adnxs.com
2	ads.pubmatic.com	global.proper.io rtb.gumgum.com
2	fw.adsafeprotected.com	1 redirects gofobo.com
2	pixel.adsafeprotected.com	6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
2	c.clarity.ms	1 redirects
2	b1sync.zemanta.com	2 redirects
2	x.dlx.addthis.com	1 redirects i.liadm.com
2	dpm.demdex.net	2 redirects
2	pool.admedo.com	2 redirects
2	sync.mathtag.com	2 redirects
2	pre.ads.justpremium.com	global.proper.io
2	bids.proper.io	global.proper.io
2	usync.proper.io	gofobo.com
2	script.4dex.io	global.proper.io script.4dex.io
2	abcheck.proper.io	gofobo.com
2	www.google-analytics.com	gofobo.com www.google-analytics.com
2	platform.twitter.com	gofobo.com platform.twitter.com
2	global.proper.io	gofobo.com global.proper.io
2	b-code.liadm.com	gofobo.com b-code.liadm.com
2	gofobo.ticktbox.com	2 redirects
1	cs.admanmedia.com	1 redirects
1	ssum-sec.casalemedia.com	cdn.undertone.com
1	secure-assets.rubiconproject.com	1 redirects
1	u.openx.net	global.proper.io
1	cdn.undertone.com	global.proper.io
1	tg.socdm.com	1 redirects
1	cs.emxdgt.com	rtb.gumgum.com
1	sync.technoratimedia.com	1 redirects
1	sync.ipredictive.com	1 redirects
1	sync.srv.stackadapt.com	rtb.gumgum.com
1	ads.yahoo.com
1	acdn.adnxs.com	global.proper.io
1	ad.doubleclick.net	www.googletagservices.com
1	c.bing.com	1 redirects
1	adservice.google.com	securepubads.g.doubleclick.net
1	adservice.google.de	securepubads.g.doubleclick.net
1	eb.proper.io	global.proper.io
1	geo.privacymanager.io	ats.rlcdn.com
1	cdn.id5-sync.com	gofobo.com
1	secure.cdn.fastclick.net	gofobo.com
1	ats.rlcdn.com	gofobo.com
1	i6.liadm.com	i.liadm.com
1	trc.taboola.com	i.liadm.com
1	hbopenbid.pubmatic.com	global.proper.io
1	htlb.casalemedia.com	global.proper.io
1	propermedia-d.openx.net	global.proper.io
1	apex.go.sonobi.com	global.proper.io
1	tag.1rx.io	global.proper.io
1	hb.undertone.com	global.proper.io
1	fastlane.rubiconproject.com	global.proper.io
1	ap.lijit.com	global.proper.io
1	tlx.3lift.com	global.proper.io
1	web.hb.ad.cpe.dotomi.com	global.proper.io
1	player.propervideo.io	global.proper.io
1	api.rlcdn.com	global.proper.io
1	id5-sync.com	global.proper.io
1	ce.lijit.com	global.proper.io
1	pixel.quantserve.com	gofobo.com
1	in.hotjar.com	script.hotjar.com
1	rules.quantcount.com	secure.quantserve.com
1	sli.gofobo.com	gofobo.com
1	secure.quantserve.com	global.proper.io
1	syndication.twitter.com	platform.twitter.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	static.hotjar.com	gofobo.com
1	z.moatads.com	s7.addthis.com
1	rp4.liadm.com	gofobo.com
1	rp.liadm.com	1 redirects
1	geolocation.onetrust.com	cdn.cookielaw.org
1	www.clarity.ms	gofobo.com
1	www.googletagmanager.com	gofobo.com
0	image8.pubmatic.com Failed	cdn.undertone.com
0	image6.pubmatic.com Failed	ads.pubmatic.com
0	asset.pagefair.net Failed	gofobo.com
0	asset.pagefair.com Failed	gofobo.com
323	127

This site contains links to these domains. Also see Links.

Domain
d2u384mreupnc8.cloudfront.net
www.facebook.com
twitter.com
instagram.com
sovrn.com
onetrust.com

Subject Issuer	Validity	Valid
gofobo.com Amazon	`2022-01-31` - `2023-03-01`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
*.cloudfront.net Amazon	`2022-02-01` - `2023-01-31`	a year	crt.sh
*.liadm.com Amazon	`2022-01-31` - `2023-03-01`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-02-28` - `2022-05-29`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
proper.io Cloudflare Inc ECC CA-3	`2022-05-07` - `2023-05-07`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-12`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
*.twimg.com DigiCert TLS RSA SHA256 2020 CA1	`2021-10-20` - `2022-10-19`	a year	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
syndication.twitter.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-07` - `2023-03-06`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-22` - `2022-09-21`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-08` - `2022-07-07`	a year	crt.sh
sli.gofobo.com R3	`2022-04-12` - `2022-07-11`	3 months	crt.sh
c.amazon-adsystem.com Amazon	`2021-07-06` - `2022-06-27`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2022-03-11` - `2023-04-12`	a year	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2022-02-03` - `2023-02-25`	a year	crt.sh
*.proper.io Sectigo RSA Domain Validation Secure Server CA	`2022-01-10` - `2023-02-09`	a year	crt.sh
ad.cpe.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-07-13` - `2022-06-25`	a year	crt.sh
*.3lift.com Amazon	`2022-05-13` - `2023-06-11`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-08` - `2023-04-04`	a year	crt.sh
ssc.33across.com GTS CA 1D4	`2022-05-20` - `2022-08-18`	3 months	crt.sh
*.sharethrough.com Amazon	`2021-08-13` - `2022-09-11`	a year	crt.sh
*.undertone.com Amazon	`2021-10-04` - `2022-11-01`	a year	crt.sh
tracking.justpremium.com Amazon	`2022-01-30` - `2023-02-28`	a year	crt.sh
*.1rx.io Sectigo RSA Domain Validation Secure Server CA	`2021-06-01` - `2022-07-02`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2021-12-08` - `2023-01-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-12-12` - `2022-12-13`	a year	crt.sh
*.pubmatic.com DigiCert Baltimore TLS RSA SHA256 2020 CA1	`2021-08-04` - `2022-09-04`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2022-03-31` - `2023-05-02`	a year	crt.sh
*.taboola.com DigiCert TLS RSA SHA256 2020 CA1	`2021-11-28` - `2022-12-29`	a year	crt.sh
secure.cdn.fastclick.net DigiCert SHA2 Secure Server CA	`2022-01-15` - `2023-01-17`	a year	crt.sh
cdn.id5-sync.com R3	`2022-04-13` - `2022-07-12`	3 months	crt.sh
*.privacymanager.io Amazon	`2021-09-25` - `2022-10-24`	a year	crt.sh
*.google.de GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
www.google.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2022-04-28` - `2023-05-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-05-04` - `2022-07-27`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.adsafeprotected.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-26` - `2022-06-17`	a year	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2022-03-11` - `2023-04-11`	a year	crt.sh
*.gumgum.com Amazon	`2022-05-06` - `2023-06-04`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2022-03-28` - `2022-09-28`	6 months	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2022-04-05` - `2023-05-04`	a year	crt.sh
*.srv.stackadapt.com Amazon	`2021-11-09` - `2022-12-07`	a year	crt.sh
*.ad-server.k8s.ie.ggops.com Amazon	`2022-02-15` - `2023-03-16`	a year	crt.sh
*.emxdgt.com Go Daddy Secure Certificate Authority - G2	`2021-05-18` - `2022-06-19`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.sitescout.com GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	`2021-12-15` - `2023-01-15`	a year	crt.sh

This page contains 42 frames:

Primary Page: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Frame ID: E7495BD7C9F7E77D886C9B60913E0D91
Requests: 135 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: B581AEA1941734465D7BC553E4113DBB
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 24F64344B3D8D941A8798F88F9494641
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fgofobo.com
Frame ID: 1AA3937FA2D21DA7378F70072A3F69C4
Requests: 2 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Frame ID: 4EED72544E8159B8B67F0D9C3B9EFFBF
Requests: 1 HTTP requests in this frame

Frame: https://i.liadm.com/s/c/a-00jp?s=&cim=&ps=true&ls=true&duid=0304f7a82132--01g3p0khgs41fzj1x3kbsh1nvf&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Frame ID: 7D2D8E13644FBE0CF8A11CC17151EA17
Requests: 8 HTTP requests in this frame

Frame: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 20CC7E34F3E431EEBFC59995E25AB3CC
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A1774037F86A4652CE3ACD2763E7D92B
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: D13528B78BD7890692771E34C26F4310
Requests: 2 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs
Frame ID: 56B45B0C68EE5D754E2067FE6F18FDF0
Requests: 16 HTTP requests in this frame

Frame: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 58FDCFF67267A527E873371BFDCE5E55
Requests: 28 HTTP requests in this frame

Frame: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: C9A8870693F60F4BEA4B943C975C885A
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCbv6ABGLCB3ccBMAE&v=APEucNVEQpd8RYnWrdVyfq57eWLBH2MSKP8nY4m9i2WXdrU4sO9tC1hRQFlpGt56Ye2CkaLNzDmrO4ZaShK1GSh9KCNOuogUhRxNHqQIrZxh57Psk-hoUY0pYPxaPQhkrLQeR2urfRzwQXAR_k5k-5wVR3IrNcDdN-_AaoUINv8lIM3Kn9wyOgVhh_5B3DQ4j9k3zx0hAIIZ
Frame ID: 352F31EEC7851013AC900CCD789EAAF0
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjv0dHKATAB&v=APEucNVgeEP8gHZbpQnLB8nu0S0dBC_hOoU87Pq_ntFX4ZMvmeprLi6l-c1uARGSreVDVdc7ndG1H1SBHPTUxAYQdmJCNUWlPKiwAWyqGOp3aNRS0fAAIsv9dAzN0pJIq8TEjDCqi4sKKfpfUxP7j3kxfWDK1IW0cYg9CE9b8kmJEWY1l7PlGkwq4HjMjjY03MLlklBPu-du
Frame ID: 947B8A51458B64187A05D66ABE60F573
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: C63BD4CD6CF03CE2897897D2AF39D8B0
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F62562172E7FC855BCAF7F66995C208E
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
Frame ID: 3076AB824232122818296CA99D6AB195
Requests: 17 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 44C97B989E6AC2CD8BFB999901AAE230
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 7E3AD86B9FEAD261CEEF84857659AF42
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 2FA93A5A4EAF94F3A631571F0ACBD9C2
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Frame ID: 3C229C9F43D8A33658E15CB6AB72CE95
Requests: 2 HTTP requests in this frame

Frame: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=ahpq5np1653227506618
Frame ID: CAA316E04C7C9C2E7CF540DC24076754
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: DF1608BDA1EF0A19EE9855836F36E3F5
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 972168506E521FC0BAF47062B2620684
Requests: 10 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?&ld=1
Frame ID: 869BDF952C0ACB4339AF205AE0BB17DD
Requests: 11 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Frame ID: 122AA2EC122EF5FAB40AF5FA39F0495E
Requests: 9 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=mmh&i=142b628a-3ff3-4700-a19a-c55798d2844f&gdpr=1&gdpr_consent=
Frame ID: 002839E5C32E3DAE988D69A20BAB8EBA
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=Yoo-9wADNIuxHQAj&gdpr=1&gdpr_consent=&_test=Yoo-9wADNIuxHQAj
Frame ID: 1FF2EF9215F88F3C78DBCE086E693BA0
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV85YzNlOWZhMS0yMTMxLTRiZjAtODhlNy0yM2ZlODdkMDUyNDM=&gdpr=1&gdpr_consent=
Frame ID: FB541B824BA3AB0EE2291E4FF7DBC4A4
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Frame ID: BEEC4DC44B9A12D8EB90E1C0418B1CC4
Requests: 2 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Frame ID: 7C1C0FA3251214C24039F02B8F567368
Requests: 1 HTTP requests in this frame

Frame: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=1&gdpr_consent=
Frame ID: 2D34948B393FC6A1CEBC6D144A761C46
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=sus&i=Yoo-.MCo8X8AADKpRFIAAAAA
Frame ID: 7E3E5BE3E2B00C2BABEC7073F4D5D432
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=rth&i=LuLlp32uRyL2uMnzgadM&pi=gumgum&tc=1
Frame ID: 6DB4A46AC13CCBE19D4E7222B9A4CA6D
Requests: 1 HTTP requests in this frame

Frame: https://cdn.undertone.com/js/usersync.html
Frame ID: E217C0C7DBC8C2F7475B927D3D91302A
Requests: 11 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/pd
Frame ID: ABAA47BCA3DB067AEB862C0EF12BE5F8
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dVJisCpHar6P1VaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: C50D2C5381FA7C22877F3FC151A8A4EB
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dIiXMspHar6P1VaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: D69611D10779AB22BB212B9163CD1B1B
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dEJ4uepHar6P1VaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 4ECC8EB04F0C3F082FBE79279E231ABE
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=12776
Frame ID: FE108A9873305EBC1EEC24AAF236BA6B
Requests: 3 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dSbz9CpHar6P1VaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 54CD20FE75443B952CD95D21F7B35F94
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dO6d4gpHar6P1VaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Frame ID: 07D101D6853596D438CBF9CBC7D64594
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The Perfect Sound and Ambiance View Our Merchandise SweepstakesBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

http://gofobo.ticktbox.com/redirect/l948BQ HTTP 301
https://gofobo.ticktbox.com/redirect/l948BQ HTTP 307
https://gofobo.com/sweepstakes/TikiTunesSpeaker Page URL

Detected technologies

Tiki Wiki CMS Groupware (CMS) Expand

Overall confidence: 100%
Detected patterns

(?:/|_)tiki

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

CodeIgniter (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

owl\.carousel.*\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Quantcast Measure (Analytics) Expand

Overall confidence: 100%
Detected patterns

\.quantserve\.com/quant\.js

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

323
Requests

86 %
HTTPS

32 %
IPv6

73
Domains

127
Subdomains

96
IPs

10
Countries

3475 kB
Transfer

9042 kB
Size

89
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://d2u384mreupnc8.cloudfront.net/assets/swpMerchImages/4vlqOA8GVP.jpg

Search URL Search Domain Scan URL

URL: https://www.facebook.com/gofobo

Search URL Search Domain Scan URL

URL: https://twitter.com/gofobo

Search URL Search Domain Scan URL

URL: https://instagram.com/gofobo_official?ref=badge

Search URL Search Domain Scan URL

URL: https://sovrn.com/?ref=ms-sticky

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://gofobo.ticktbox.com/redirect/l948BQ HTTP 301
https://gofobo.ticktbox.com/redirect/l948BQ HTTP 307
https://gofobo.com/sweepstakes/TikiTunesSpeaker Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 47

https://rp.liadm.com/j?dtstmp=1653227505293&aid=a-00jp&se=e30&duid=0304f7a82132--01g3p0khgs41fzj1x3kbsh1nvf&tna=v2.3.1&pu=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&wpn=lc-bundle&c=PHRpdGxlPlRoZSBQZXJmZWN0IFNvdW5kIGFuZCBBbWJpYW5jZSAgICAgICAgIFZpZXcgT3VyIE1lcmNoYW5kaXNlIFN3ZWVwc3Rha2VzPC90aXRsZT4 HTTP 302
https://rp4.liadm.com/j?dtstmp=1653227505293&aid=a-00jp&se=e30&duid=0304f7a82132--01g3p0khgs41fzj1x3kbsh1nvf&tna=v2.3.1&pu=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&wpn=lc-bundle&c=PHRpdGxlPlRoZSBQZXJmZWN0IFNvdW5kIGFuZCBBbWJpYW5jZSAgICAgICAgIFZpZXcgT3VyIE1lcmNoYW5kaXNlIFN3ZWVwc3Rha2VzPC90aXRsZT4&i6=MjAwMTphYzg6MjA6MzAzOjoyMDNl&n3pc=true

Request Chain 91

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fusync.proper.io%2Fv1%2Fusersync%3Fbidder%3Dmediagrid%26proper_uid%3D6c496af9-dbd5-4011-b97b-bace923c0ec5%26uid%3D%24%7BBSW_UUID%7D?&callback=window.proper_495fb868_760571e9_1 HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fusync.proper.io%2Fv1%2Fusersync%3Fbidder%3Dmediagrid%26proper_uid%3D6c496af9-dbd5-4011-b97b-bace923c0ec5%26uid%3D%24%7BBSW_UUID%7D?&callback=window.proper_495fb868_760571e9_1 HTTP 302
https://usync.proper.io/v1/usersync?bidder=mediagrid&proper_uid=6c496af9-dbd5-4011-b97b-bace923c0ec5&uid=2bf88976-163f-4cb8-ade4-2939d9634265

Request Chain 92

https://ups.analytics.yahoo.com/ups/58355/sync?redir=true&callback=window.proper_f51d8174_ca7c8ec7_2 HTTP 302
https://ups.analytics.yahoo.com/ups/58355/sync?redir=true&callback=window.proper_f51d8174_ca7c8ec7_2&verify=true HTTP 302
https://usync.proper.io/v1/usersync?bidder=verizon_media_s2s&uid=y-uylWTAhE2uFO0bmFhnYldmsNvFf4PITU~A

Request Chain 118

https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-00jp%2F0%2F659f00da20064a8d94f26475dff43c8f%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5 HTTP 302
https://i.liadm.com/s/e/a-00jp/0/659f00da20064a8d94f26475dff43c8f?mpid=7156&muid=142b628a-3ff3-4700-a19a-c55798d2844f

Request Chain 120

https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D HTTP 302
https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=97aee1f4-a063-444e-9e03-f92c3ce36ae4 HTTP 303
https://x.bidswitch.net/sync?ssp=liveintent&user_id=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5 HTTP 302
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=liveintent&bsw_custom_parameter=97aee1f4-a063-444e-9e03-f92c3ce36ae4 HTTP 302
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=liveintent&bsw_custom_parameter=97aee1f4-a063-444e-9e03-f92c3ce36ae4 HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=733f6966-bccc-4948-973e-895666979e8e&user_group=1&ssp=liveintent&bsw_param=97aee1f4-a063-444e-9e03-f92c3ce36ae4 HTTP 302
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=97aee1f4-a063-444e-9e03-f92c3ce36ae4

Request Chain 121

https://dpm.demdex.net/ibs:dpid=127444&dpuuid=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-00jp%2F0%2F659f00da20064a8d94f26475dff43c8f%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-00jp%2F0%2F659f00da20064a8d94f26475dff43c8f%3Fmpid%3D82775%26muid%3D%24%7BDD_UUID%7D HTTP 302
https://i.liadm.com/s/e/a-00jp/0/659f00da20064a8d94f26475dff43c8f?mpid=82775&muid=75795502720138132730861060950017137617

Request Chain 122

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5 HTTP 302
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5&rd=Y

Request Chain 124

https://b1sync.zemanta.com/usersync/liveintent/?cb=%2F%2Fi.liadm.com%2Fs%2F35004%3Fbidder_id%3D98254%26bidder_uuid%3D__ZUID__ HTTP 302
https://i.liadm.com/s/35004?bidder_id=98254&bidder_uuid= HTTP 303
https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=

Request Chain 141

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=2165A4CBCA99467AA738F89E17042D12&RedC=c.clarity.ms&MXFR=1E643DCEB38166B802632C62B7816869 HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=2165A4CBCA99467AA738F89E17042D12&MUID=3FB49F759FD86F7204758ED99E0A6E9E

Request Chain 177

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 181

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1&C=1

Request Chain 182

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yoo-9NpAM9v.32-4kWHCdQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1&google_hm=2

Request Chain 183

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHWgOLiCPe5XGdf5roWWLxg&google_cver=1

Request Chain 184

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU5NDc0MzY4MDAxNzgwOTUxOA%3D%3D

Request Chain 185

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1&C=1

Request Chain 186

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yoo-9LB0IwD3dHK4a9HxUQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1

Request Chain 187

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEHWgOLiCPe5XGdf5roWWLxg&google_cver=1

Request Chain 188

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU5NDc0MzY4MDAxNzgwOTUxOA%3D%3D

Request Chain 230

https://fw.adsafeprotected.com/rfw/st/1032644/63173256/skeleton.js?adsafe_url=https%3A%2F%2Fgofobo.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:8f6e22b8-949e-debd-9938-9aea3074e2d4,c:dlPwjU,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-58499bf7cc-7np9c,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:218,fm:t6zs92g+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1c21%7C1c3%7C1d*.1032644-63173256%7C1d1%7C1d21%7C1d3,idMap:1d*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:235,oid:534f5795-d9d6-11ec-9d2a-7a38c1b6cb1f,v:19.8.309,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 262

https://eb2.3lift.com/sync HTTP 302
https://eb2.3lift.com/sync?&ld=1

Request Chain 267

https://eb2.3lift.com/ebda?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=ODE4MDg5NjczNTk0NDcyOTc4NjQz

Request Chain 269

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=ODE4MDg5NjczNTk0NDcyOTc4NjQz

Request Chain 271

https://pr-bh.ybp.yahoo.com/sync/triplelift/818089673594472978643?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-jlXGwmFE2oTRIh3PuAqM0rRUBvxDSDHs1Vl728TtBg--~A&dongle=0883

Request Chain 273

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=818089673594472978643 HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=818089673594472978643&dcc=t

Request Chain 274

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

Request Chain 276

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/ohtQou5nQRkxS4cY8DBgtw?csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=2208605081258343356

Request Chain 277

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L3HCZ0DT-S-1XMX

Request Chain 278

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Youe9924Tn2zLU8i6sOpQQ&rk=usync-other HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Youe9924Tn2zLU8i6sOpQQ

Request Chain 279

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=7RaoPTtpSbG-LhnK_0yqUQ&rk=usync-na HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=7RaoPTtpSbG-LhnK_0yqUQ

Request Chain 280

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEIrUe_4Byfg7AUMQWkBdXs8&google_cver=1

Request Chain 281

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NWIyZTEzMjU4YzAxMDdmMmE5NzQ1NDFhMzkxNjkwOWY1NTNiZjkwOA

Request Chain 282

https://token.rubiconproject.com/token?pid=26594 HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L3HCZ0DT-S-1XMX&sigv=1&esig=2~c7ce7f25f6b65df5c6326998745d5b90dfdc8700

Request Chain 284

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://usersync.gumgum.com/usersync?b=apn&i=3594743680017809518

Request Chain 286

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=1&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobRdUrl%7D HTTP 302
https://usersync.gumgum.com/usersync?b=obn&i=ENC%28Eytniiv5lnfDux7qDLoPVG2LABLhbn3Lue0nhNaSR37-AVqo_pnJ43GVZRWci48p%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%26platformUid%3D%7Bplatform_uid%7D%26obuid%3DENC%28Eytniiv5lnfDux7qDLoPVG2LABLhbn3Lue0nhNaSR37-AVqo_pnJ43GVZRWci48p%29 HTTP 302
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_9c3e9fa1-2131-4bf0-88e7-23fe87d05243&obuid=ENC(Eytniiv5lnfDux7qDLoPVG2LABLhbn3Lue0nhNaSR37-AVqo_pnJ43GVZRWci48p) HTTP 302
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51 HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=127&gdpr=[EXCHANGE_GDPR_MACRO]&gdpr_consent=[EXCHANGE_CONSENT_MACRO]&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcentro%26uid%3D%7BuserId%7D%26obUid%3DEytniiv5lnfDux7qDLoPVG2LABLhbn3Lue0nhNaSR37-AVqo_pnJ43GVZRWci48p&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING

Request Chain 289

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=oth&i=y-_2nOucZE2pdJCMT1Vrd88x6xBIsHu1QLmt1I~A

Request Chain 290

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=vnt&i=5541ff71-d9d6-11ec-8a25-c312b08c9a12

Request Chain 291

https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D HTTP 307
https://usersync.gumgum.com/usersync?b=snc&i=GDPR

Request Chain 292

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d HTTP 302
https://usersync.gumgum.com/usersync?b=mmh&i=142b628a-3ff3-4700-a19a-c55798d2844f&gdpr=1&gdpr_consent=

Request Chain 293

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=Yoo-9wADNIuxHQAj HTTP 302
https://usersync.gumgum.com/usersync?b=atm&i=Yoo-9wADNIuxHQAj&gdpr=1&gdpr_consent=&_test=Yoo-9wADNIuxHQAj

Request Chain 298

https://tg.socdm.com/aux/idsync?proto=gumgum HTTP 302
https://rtb.gumgum.com/usersync?b=sus&i=Yoo-.MCo8X8AADKpRFIAAAAA

Request Chain 299

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://rtb.gumgum.com/usersync?b=rth&i=LuLlp32uRyL2uMnzgadM&pi=gumgum&tc=1

Request Chain 307

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=12776 HTTP 301
https://eus.rubiconproject.com/usync.html?p=12776

Request Chain 309

https://ib.adnxs.com/getuidnb?https://usr.undertone.com/userPixel/sync?partner=appnexus&uid=$UID HTTP 302
https://usr.undertone.com/userPixel/sync?partner=appnexus&uid=3594743680017809518

Request Chain 311

https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true HTTP 302
https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP55eda94e-d9d6-11ec-b6fc-0231421f89ac HTTP 302
https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-BtX1MhpE2uGIAOX_DafL6dp_snHcMuAE~A~UP55eda94e-d9d6-11ec-b6fc-0231421f89ac

Request Chain 314

https://cs.admanmedia.com/sync/undertone?url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3Fpartner%3Dacuityads%26uid%3D%24UID HTTP 302
https://usr.undertone.com/userPixel/sync?partner=acuityads&uid=5d422c0bd0e5b72084e090be5575b4b4e11fbbd6

Request Chain 315

https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D53%2526uid%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone.com%252FuserPixel%252Fsync%253FpartnerId%253D53%2526uid%253D%2523PMUID&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=Qzg1NzA0QkItODAxMS00NUQzLUJDM0EtRTRDM0E2NDUzQkYx&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Request Chain 317

https://ups.analytics.yahoo.com/ups/58545/occ HTTP 302
https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-2S2UFhxE2uG8uUl0koVKCrooY4z5J76pv1v6QUA-~A

323 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request TikiTunesSpeaker Show response
gofobo.com/sweepstakes/
Redirect Chain

http://gofobo.ticktbox.com/redirect/l948BQ
https://gofobo.ticktbox.com/redirect/l948BQ
https://gofobo.com/sweepstakes/TikiTunesSpeaker

43 KB
13 KB

730ms
350ms

Document
text/html

52.34.129.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.34.129.38 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-129-38.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

8b81c37ea52ba669c30cf9e3ed3c86696b86267d6d0171b6f7afd3407b8aefcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 12793
content-type: text/html; charset=UTF-8
date: Sun, 22 May 2022 13:51:44 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
feature-policy: geolocation 'self'; vibrate 'none'
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: Apache
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Sun, 22 May 2022 13:51:44 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
feature-policy: geolocation 'self'; vibrate 'none'
location: https://gofobo.com/sweepstakes/TikiTunesSpeaker
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: Apache
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 20 KB
7 KB 65ms
23ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

03aa6fcac2902227e1b66a01b87824692f708bbf9bfe441784f8ed22d677f6de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 22 May 2022 13:51:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: +q2Bd0SvXowDeesSOf+0yw==
age: 13974
vary: Accept-Encoding
content-length: 6782
x-ms-lease-status: unlocked
last-modified: Tue, 17 May 2022 16:31:29 GMT
server: cloudflare
etag: 0x8DA3822B23D0DE9
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: d4700742-d01e-00d7-241e-6a92c1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 70f607422e709250-FRA

GET
H2 200 global.css
dk2d6nav3mn9d.cloudfront.net/assets/css/ 37 KB
8 KB 70ms
19ms Stylesheet
text/css 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/global.css?v=2.6
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: de9f5355efc771cc84f9ce8895d40e5cfb094659b5c9fc43fd06779ea1023a9c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: L5jgWPDR.a88bQXUGrj8MSCqikZfm6LF
content-encoding: gzip
last-modified: Thu, 13 Jan 2022 01:10:10 GMT
server: AmazonS3
age: 609224
etag: W/"2052ec4f794a07c901b87d6b15e60683"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Sun, 15 May 2022 12:38:51 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: uFqL3Y-AGeyepP4EmbyWNOwmEfCUK0svMZkK-Y294slRXtMD26mfZw==

GET
H2 200 mobile.css
dk2d6nav3mn9d.cloudfront.net/assets/css/ 110 KB
21 KB 73ms
22ms Stylesheet
text/css 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/mobile.css?v=2.6
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 20ae0566226be2984d2808c93996c092a6ee3c5293e2a1acf978fb775ba32107

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: xVHBP_1obLRK74nyDCz.kNpzt2zcvRxA
content-encoding: gzip
last-modified: Thu, 13 Jan 2022 01:10:10 GMT
server: AmazonS3
age: 2090647
etag: W/"897c7166feab781c0acbe2d6f37076af"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Thu, 28 Apr 2022 09:14:15 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: Ic8qo8Tw4don_9J6buOvwCDALW_w_jcrAB1Eb-r5L3-KlXThQY6L-g==

GET
H2 200 desktop.css
dk2d6nav3mn9d.cloudfront.net/assets/css/ 72 KB
14 KB 86ms
35ms Stylesheet
text/css 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/desktop.css?v=2.8
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e8f0d8a946862bbdb97869257e9f137676947212ce31f6759fdaf6a040bf9d0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: p_WpnZO53Na14Za.RWEkJCCVOnkUw1UE
content-encoding: gzip
last-modified: Tue, 08 Feb 2022 00:33:42 GMT
server: AmazonS3
age: 780084
etag: W/"cb1a339daefcd09f301f4c0f469c0ef6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Fri, 13 May 2022 13:14:56 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: WSGQwOlW836FZeEuLveLJSUPUKik0CPSYdwzHATBZyB7FZRtThoSVw==

GET
H2 200 fonts.css
dk2d6nav3mn9d.cloudfront.net/assets/css/ 2 KB
781 B 86ms
36ms Stylesheet
text/css 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/fonts.css?v=3
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9ad951a46493b7d422aed00ea837dfff94508fe1a39120ba56f23a99f3c4c8b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: AHkJorMJI30gdzTFOltw8xAh17Zisw2U
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:47 GMT
server: AmazonS3
age: 526812
etag: W/"b7882d4faeca508f6e8035733dc7f340"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Mon, 16 May 2022 13:02:41 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: nr6JkR8rW-VropEKfxyQ-BmNX8MxhPbMCsrPFHK2HoU8_XX69t-D-g==

GET
H2 200 vendor.css
dk2d6nav3mn9d.cloudfront.net/assets/css/ 2 KB
1 KB 87ms
36ms Stylesheet
text/css 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/vendor.css??v=3
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9436816d54666c2f33eb0c6d3d556f10dd70ed6721906a82c6adbf6100a008bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: iCVjc0ErYLH1QGcz9T1qrs7VIUsagAkU
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:47 GMT
server: AmazonS3
age: 535151
etag: W/"5c36192a2ce86ec4dbedca28c3b79e3a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Mon, 16 May 2022 10:28:41 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: JMIX4TFpcJenEYkcspygpOgf5v3o-eF8FuzWglNi2kwpxTDJnMSSHg==

GET
H2 200 jquery-ui.css
dk2d6nav3mn9d.cloudfront.net/assets/css/ 31 KB
6 KB 87ms
37ms Stylesheet
text/css 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/jquery-ui.css??v=3
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 66c9fd744a3db46f3dce06826004b9f756b9ba03a5b9cdc21d86427e7a688386

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: RRHzJ7UsEXbG5Lqe0IcnAC_ALzT.xBtX
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:47 GMT
server: AmazonS3
age: 1741972
etag: W/"9cf8b8d3a33766a642812643efa4494e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Mon, 02 May 2022 10:49:07 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: P-HBDDGAy5FXWriFap5fEUYqKf-GnGnm4RHO6L0NIhwfLenzBtrAkw==

GET
H2 200 datepicker.css
dk2d6nav3mn9d.cloudfront.net/assets/css/ 4 KB
1 KB 89ms
39ms Stylesheet
text/css 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/datepicker.css??v=3
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82664a18c949f3d66ba8a6251c55dd1cb28e25620bdf43dcf4611ab4842a10ab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: 1bQPMpMNLv_zNtFARBYOR.mkEgrN3I_K
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:47 GMT
server: AmazonS3
age: 1661376
etag: W/"5b6bc4be9145f55901fb934d1b2d5c63"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Tue, 03 May 2022 08:24:23 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: rVEzW2thq5dOPAS8i1jk4wg92zV13PRaTsWg1gXpfpbN8mDJ_cef2A==

GET
H2 200 menu.css
dk2d6nav3mn9d.cloudfront.net/assets/css/ 864 B
1 KB 89ms
39ms Stylesheet
text/css 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/menu.css
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 36ac80a2a51a5f030f93b08bbd4601e3944accb8152db9d175fd2aeb394b1ae7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: WfYB_HgAPEhMDaYSsRm3lf1svzh9.ciy
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
last-modified: Fri, 03 Apr 2020 19:35:47 GMT
server: AmazonS3
age: 2089546
etag: "9738c0503f080721b4bc0a5b75dcc8f5"
x-cache: Hit from cloudfront
content-type: text/css
cache-control: public, max-age=2592000
date: Thu, 28 Apr 2022 10:27:33 GMT
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 864
x-amz-cf-id: iEPTvdeNm1Pfuk65iopPb0QAEzWtrvY5yZBHl7mBG4e_Kss3Cscpzg==

GET
H2 200 dd.css
dk2d6nav3mn9d.cloudfront.net/assets/css/ 4 KB
2 KB 89ms
39ms Stylesheet
text/css 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/dd.css
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 88d51c99298c6ade08c4e754c7c92d0ccb5af58e71232f79f018dfa4763aca16

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: 1bj8sX27DFYBVPukk7Od1Nlkqa15G6tq
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:47 GMT
server: AmazonS3
age: 440564
etag: W/"afb92ee82b5a8d06693c4c6421ab6ffc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Tue, 17 May 2022 12:44:26 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: cu8DILL3VUxQrRL6XzHajeM3L-PNljcmqDjE9ELE_Y3AKT1wM8fPQA==

GET
H2 200 flags.css
dk2d6nav3mn9d.cloudfront.net/assets/css/ 10 KB
2 KB 89ms
40ms Stylesheet
text/css 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/flags.css
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4349f665a853d8970813d466168d4d2ebba277d4ba4cc57b1a2ebbcb4b49cc0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: lqgeO_hdOHF53DBQb0A2MmISOIx4foBO
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:47 GMT
server: AmazonS3
age: 1740634
etag: W/"badb33147fec855b27ee82fce94bb3d4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Mon, 02 May 2022 10:49:07 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: caL9RtIrnknv0CXoqymKGvpKM_6zZ0SsXThmlA_I-qt8j0oRGLSsLQ==

GET
H2 200 jquery-1.12.4.min.js Show response
dk2d6nav3mn9d.cloudfront.net/assets/js/ 95 KB
33 KB 101ms
52ms Script
application/javascript 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/js/jquery-1.12.4.min.js
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: RsPt_OSQ8F7nBhqgG4cfaNND5y0jEypg
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:55 GMT
server: AmazonS3
age: 1661128
etag: W/"0fca26b5a37a66d68d0f4406976be4b5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Tue, 03 May 2022 08:49:22 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: ga5JeHGNmbBHNKTCVEYkCJRf9R4Ptjl_5ZXYJO5EeZ24lHpX0afn8A==

GET
H2 200 jquery.cookie.js Show response
dk2d6nav3mn9d.cloudfront.net/assets/js/ 2 KB
1 KB 90ms
41ms Script
application/javascript 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/js/jquery.cookie.js?v=3
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: aee8ab892144e88f83a00a907676bd1e0e9a83e8a0879518ca3a77f897c8128d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: m2zvFN6rnWCpPKRzYjG2fiZQI636DOmB
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:55 GMT
server: AmazonS3
age: 1214285
etag: W/"324c4f698275d2afb1ae67f16c8aabbc"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Sun, 08 May 2022 12:55:29 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: fp2HFavlAr_fE0Lozcp_mfm7g3OjfNWU4AL36ptsCPofSvrjAmHpAg==

GET
H2 200 jquery.form.js Show response
dk2d6nav3mn9d.cloudfront.net/assets/js/ 18 KB
7 KB 89ms
40ms Script
application/javascript 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/js/jquery.form.js
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 478a01bfa3c2eb215f345963e7e4a89343d2fb5eb5726e248495ea6606c72801

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: YgBKWKrUGBWXyiDx5QfbUSnu7qoNC7Tz
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:55 GMT
server: AmazonS3
age: 1661369
etag: W/"cd93c12dc002783e7888c3af9c6e1cd0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Tue, 03 May 2022 08:24:23 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: GPH_exQJytnJA1EXmerDfRQjE6FHUIittld3aDp5z7l6ZJjCWOoRWg==

GET
H2 200 jquery.validate.min.js Show response
dk2d6nav3mn9d.cloudfront.net/assets/js/ 21 KB
7 KB 91ms
42ms Script
application/javascript 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/js/jquery.validate.min.js
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 5c19a958735b85cda3c841c910a0e45ff2f188c8d532de5dfb21860d2e8eb70a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: CaAzU2ghGLyOIKr.8Xpge2oHbiFchUbZ
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:55 GMT
server: AmazonS3
age: 1663349
etag: W/"924f6ce5d53e521a8b1ab6e351024c30"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Tue, 03 May 2022 08:18:48 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: ZXQ6rYYs7HNIukwDX1aWLe2TOxdMDUpp6iJydRA2lYweMCs8TkvIwQ==

GET
H2 200 ui.js Show response
dk2d6nav3mn9d.cloudfront.net/assets/js/ 7 KB
3 KB 91ms
42ms Script
application/javascript 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/js/ui.js
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0abcc9427a6673f19254270c4c92fa1c8179e79e54d8961434537bcee780f07b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: o6w6zZyEHgbRR06mmrfc2cqEJbpEu05S
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:55 GMT
server: AmazonS3
age: 1656568
etag: W/"c1260260378aa59b8923e4ac21807c6f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Tue, 03 May 2022 09:52:52 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: MDxO8TC_M6M6_FP_ih7FMsP55SduvT0SUPn_dx2SCZDy89NtjBNGDQ==

GET
H2 200 modernizr.custom.js Show response
dk2d6nav3mn9d.cloudfront.net/assets/js/ 8 KB
4 KB 91ms
43ms Script
application/javascript 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/js/modernizr.custom.js
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 76ab9639d9948ade3d2b0c06432f41689c328173322c8eb3da3c60447126831e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: XohF9XIhLflxDU2RKEW.SWYVdmYmj6sG
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:55 GMT
server: AmazonS3
age: 1743065
etag: W/"9b168f2700a02d1c3ce4cbbc399c1644"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Mon, 02 May 2022 10:49:07 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: a_N9qjoJGxq2maEEhAihMPWEjBvvh4x5R-fKVH7rby4gdt0_AyXh1A==

GET
H2 200 instagram.js Show response
dk2d6nav3mn9d.cloudfront.net/assets/js/ 7 KB
3 KB 102ms
54ms Script
application/javascript 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/js/instagram.js
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e5471e6216c3677a79cbf10721752fdfff5340e0c29d0b86d436821301edeedd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: x.jp4rruNTnJjzw3Uertb5c8PjuKCX0Y
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:55 GMT
server: AmazonS3
age: 1657657
etag: W/"2f0204a5d4480d4565945dd567318601"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Tue, 03 May 2022 09:29:27 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: m0yjkzw52DVc5T6Y8G_jQ7kquzCIL8LqJwIakqnvB6MdZzK039jp3g==

GET
H2 200 jquery-ui.js Show response
dk2d6nav3mn9d.cloudfront.net/assets/js/ 222 KB
59 KB 104ms
56ms Script
application/javascript 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/js/jquery-ui.js?v=3
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d24e83fb832a53db6e3b4e6452db348b9428436a36a3be2cff207cfb31d0c231

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: G5KXfjnZB.60fDa4eaHCc6s2ZGcvLxP8
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:55 GMT
server: AmazonS3
age: 1663348
etag: W/"31ce159985cb3b82a12586316e7c4ec9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Tue, 03 May 2022 08:18:44 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: 1UNQYzGrZaS4TpSalI3ZUTeEwf0lufWr9GBHkbLGati5T9FMI3uIQg==

GET
H2 200 jquery-ui-timepicker-addon.js Show response
dk2d6nav3mn9d.cloudfront.net/assets/js/ 69 KB
17 KB 111ms
63ms Script
application/javascript 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/js/jquery-ui-timepicker-addon.js?v=3
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 77516e87f9273512485c9e6daaf80dd6696b98a3583e83e79e68fd52220c82d4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: TnohKRqbcvbLZokivpyuUQWjIlpEZdaI
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:55 GMT
server: AmazonS3
age: 1660107
etag: W/"cfa6dd10078ffe10841a2773680ffff4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Tue, 03 May 2022 08:49:23 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: EpKHgEqSGXRVe5W-Uw9ZiYsvHkFE9okeIXfA7VxzFaUkRLIEfT3ofg==

GET
H2 200 jquery.dd.js Show response
dk2d6nav3mn9d.cloudfront.net/assets/js/ 53 KB
13 KB 112ms
64ms Script
application/javascript 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/js/jquery.dd.js
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1a891fc0d213b1a1ceb5a8f13c61dd9b274e163bd172758318648fad77c9a422

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: 9H3I8baR5sPSAcO4FU.sqkFIgk8xVai1
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:55 GMT
server: AmazonS3
age: 2092068
etag: W/"d82e4a94f7c0824a75f17b04c7686d2a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Thu, 28 Apr 2022 08:45:25 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: zmsnkV5y3D8bC6dSl8f91FAb_t8bdwm_WtbgW04BDPCQmrtaGZ7IoQ==

GET
H2 200 a-00jp.min.js Show response
b-code.liadm.com/ 27 KB
10 KB 67ms
27ms Script
application/javascript 2600:9000:2057:f600:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/a-00jp.min.js
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:f600:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 1dffe5ee35df74c6087ac961491d5b62df69c261d98b6658734674131627faf0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:37:32 GMT
via: 1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront)
age: 853
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=86400
x-amz-cf-pop: FRA6-C1
content-encoding: gzip
x-amz-cf-id: -W-5Qw8Sm2RyiVo2nU8iONmQLZ40oBV4els_x2JXwaeArvuGwI18Nw==

GET
H2 200 magnific-popup.js Show response
gofobo.com/assets/js/ 45 KB
14 KB 171ms
170ms Script
text/javascript 52.34.129.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://gofobo.com/assets/js/magnific-popup.js

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.34.129.38 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-129-38.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

0694b02d0bd9f608e70bd4ed91b10270be25aecc3b151f1980d1d33fbf0c45b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/sweepstakes/TikiTunesSpeaker
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 12 Mar 2020 21:57:36 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript; charset=utf-8
cache-control: max-age=604800
feature-policy: geolocation 'self'; vibrate 'none'
x-content-type-options: nosniff
accept-ranges: bytes
vary: Accept-Encoding
content-length: 13816
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 13:51:45 GMT

GET
H2 200 magnific-popup.css
gofobo.com/assets/css/ 8 KB
3 KB 169ms
168ms Stylesheet
text/css 52.34.129.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://gofobo.com/assets/css/magnific-popup.css

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.34.129.38 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-129-38.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

0fbf945eae1c5869be401c6db68da93f5a47f2c1ff6072151ebb4b2dea6d4f62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/sweepstakes/TikiTunesSpeaker
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 12 Mar 2020 21:57:36 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cache-control: max-age=604800
feature-policy: geolocation 'self'; vibrate 'none'
x-content-type-options: nosniff
accept-ranges: bytes
vary: Accept-Encoding
content-length: 1936
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 13:51:45 GMT

GET
H2 200 bootstrap.css
dk2d6nav3mn9d.cloudfront.net/assets/css/ 71 KB
10 KB 85ms
38ms Stylesheet
text/css 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/bootstrap.css
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 420f171b3b10a2ac410b6571d93500df0f8cce0c0cc33f94ac567fa038924247

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: sNCcSpoJykJd_oxlhjGahTNiyT.rKvDr
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:47 GMT
server: AmazonS3
age: 792691
etag: W/"c8d72fe55dc952d8ce79dc30d9bd20ac"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/css
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Fri, 13 May 2022 11:18:21 GMT
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: ofuKGNfoojnVMojLI2NoCV7JPExDyYdHiIF2s9KWiksdYks6Zhzs-w==

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 451ms
39ms Script
application/javascript 2.18.232.170
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.232.170 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-232-170.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Sun, 22 May 2022 13:51:45 GMT
x-host: s7.addthis.com
content-length: 116421

GET
H2 200 GofoboLogo.png
dk2d6nav3mn9d.cloudfront.net/assets/img/sr_image/menu/ 15 KB
15 KB 13ms
11ms Image
image/png 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/img/sr_image/menu/GofoboLogo.png
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8c8207e762acd72dd9114ca3e6de823f69ede6c9c5db711dceadefabaf05284c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: 794S.iJ6fBkrN9l2iVPDpyljOnuCPCg7
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
last-modified: Fri, 03 Apr 2020 19:35:54 GMT
server: AmazonS3
age: 706565
etag: "ee25c8fd15a84e8b58301a87fe89c275"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=2592000
date: Sat, 14 May 2022 10:45:17 GMT
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 15330
x-amz-cf-id: efIbbv-ALWZ9wcfrT8ZnstXV1yMz31-Gu-6jbqGpqXP13tWRoSS6EQ==

GET
H2 200 rPcoJQhbfg.jpg
d2u384mreupnc8.cloudfront.net/assets/featuredsweeps/ 22 KB
22 KB 65ms
19ms Image
image/jpeg 65.9.58.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u384mreupnc8.cloudfront.net/assets/featuredsweeps/rPcoJQhbfg.jpg
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-58-30.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c56fbe49e6749159e3b44c820db36f9cbca3b981d5530222991dc850e732cc9f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 07:00:13 GMT
via: 1.1 28ccbefb54459137bb0b0d946fd75e48.cloudfront.net (CloudFront)
last-modified: Thu, 19 May 2022 23:33:09 GMT
server: AmazonS3
age: 197493
etag: "1a2c1e78cc9b0af1ef2f8a01f43f421c"
x-cache: Hit from cloudfront
x-amz-version-id: 2KkjPun3MlSOoQIKJSBnD5AjOSPNuLhE
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: image/jpeg
content-length: 22471
x-amz-cf-id: JbLxMKjmdJ8rHNEvmzlW97T_QA2bHv9H8NLl3uAPPKKIY4tLiwAkkA==

GET
H2 200 4vlqOA8GVP.jpg
d2u384mreupnc8.cloudfront.net/assets/swpMerchImages/ 79 KB
79 KB 79ms
33ms Image
image/jpeg 65.9.58.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u384mreupnc8.cloudfront.net/assets/swpMerchImages/4vlqOA8GVP.jpg
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-58-30.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fc7b4ad9f0979e831579f97aadf8d6d986176c4368367aaf6012dc2c05b585f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 07:00:19 GMT
via: 1.1 28ccbefb54459137bb0b0d946fd75e48.cloudfront.net (CloudFront)
last-modified: Thu, 19 May 2022 23:36:17 GMT
server: AmazonS3
age: 197487
etag: "e2d1ccedeafdf935a1f88414fd9c83af"
x-cache: Hit from cloudfront
x-amz-version-id: 8cTMEwZy7QK8jTQsZ0a.XjHGvk4o2.XC
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: image/jpeg
content-length: 80597
x-amz-cf-id: c5d2EwRTTbIMUa8Hv266EbcHx0FPygY5ZjRcQxuVzwuA3CaHBNEUzg==

GET
H2 200 6sSFLxizNp.jpg
d2u384mreupnc8.cloudfront.net/assets/swpPartnerImages/ 23 KB
23 KB 77ms
32ms Image
image/jpeg 65.9.58.30
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d2u384mreupnc8.cloudfront.net/assets/swpPartnerImages/6sSFLxizNp.jpg
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.58.30 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-58-30.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 291d15de469b22384160ddfd74f6856469d6b374440a93234d534c9d6b1a37d0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 07:00:19 GMT
via: 1.1 28ccbefb54459137bb0b0d946fd75e48.cloudfront.net (CloudFront)
last-modified: Thu, 19 May 2022 23:36:20 GMT
server: AmazonS3
age: 197487
etag: "1472002790e6ee0440e9478a1b44b635"
x-cache: Hit from cloudfront
x-amz-version-id: ryALpH37gq7xbyZkIqEEk4hr7EIrhjnr
cache-control: public, max-age=2592000
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
content-type: image/jpeg
content-length: 23445
x-amz-cf-id: VT0Jv5tGGBraHwvughc21rjAi0kwUMw3QfYx7nXQhr1cQb6OQoRPZw==

GET
H2 200 classie.js Show response
gofobo.com/assets/js/ 2 KB
1 KB 161ms
159ms Script
text/javascript 52.34.129.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://gofobo.com/assets/js/classie.js

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.34.129.38 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-129-38.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

4ea3d321090cb97cb30e2660c64aa24c5d197a3a27deccbc1ed797e2dd0e778c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/sweepstakes/TikiTunesSpeaker
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 12 Mar 2020 21:57:36 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript; charset=utf-8
cache-control: max-age=604800
feature-policy: geolocation 'self'; vibrate 'none'
x-content-type-options: nosniff
accept-ranges: bytes
vary: Accept-Encoding
content-length: 681
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 13:51:45 GMT

GET
H2 200 demo1.js Show response
gofobo.com/assets/js/ 1 KB
1 KB 161ms
160ms Script
text/javascript 52.34.129.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://gofobo.com/assets/js/demo1.js

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.34.129.38 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-34-129-38.us-west-2.compute.amazonaws.com

Software

Apache /

Resource Hash

b7cb70e1076d694f4f8b86a9d00b2c8736899425c41925f051162872fc85bec4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/sweepstakes/TikiTunesSpeaker
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 12 Mar 2020 21:57:36 GMT
server: Apache
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/javascript; charset=utf-8
cache-control: max-age=604800
feature-policy: geolocation 'self'; vibrate 'none'
x-content-type-options: nosniff
accept-ranges: bytes
vary: Accept-Encoding
content-length: 478
x-xss-protection: 1; mode=block
expires: Sun, 29 May 2022 13:51:45 GMT

GET
H2 200 edb7bc5d-bafa-46e2-8069-72f66608bc9d.json Show response
cdn.cookielaw.org/consent/edb7bc5d-bafa-46e2-8069-72f66608bc9d/ 3 KB
2 KB 110ms
64ms XHR
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/edb7bc5d-bafa-46e2-8069-72f66608bc9d/edb7bc5d-bafa-46e2-8069-72f66608bc9d.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d460e6c9b0d0b49df6a39d58934883108101e83d1e7375c901232ca0e0a10ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: tVbfShQUwqaZpCl6iP8lGA==
vary: Accept-Encoding
content-length: 1325
x-ms-lease-status: unlocked
last-modified: Thu, 21 Jan 2021 19:07:41 GMT
server: cloudflare
etag: 0x8D8BE3FD35ED4DA
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 237bf18a-f01e-00a6-040c-50e0f8000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 70f607429c1b23f7-ZRH
expires: Sun, 22 May 2022 17:51:45 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 104 KB
41 KB 52ms
27ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KSPT2WQ

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d94ea4785abfbc6245f7d3de2280d8200c6b7908352e21f177bc699142533b0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41042
x-xss-protection: 0
last-modified: Sun, 22 May 2022 12:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 22 May 2022 13:51:45 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 99 KB
27 KB 38ms
11ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26310
x-xss-protection: 0
pragma: public
x-fb-debug: IXdG3lIDYRN9/znAl0tg3D9IBzrc/CV0BB1sRxumKhf02I1r5eD8ayHqkWz/1o55/ojml12XTf2/eW3+BNAmOQ==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sun, 22 May 2022 13:51:45 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 42wleqiafj Show response
www.clarity.ms/tag/ 1 KB
2 KB 368ms
209ms Script
application/x-javascript 2620:1ec:27::cafe:1834
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/42wleqiafj
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1834 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 0b59f620b3da4092eb09b39d49ae69e64a44b1eea3c8b12d84809e604b60062f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:45 GMT
x-powered-by: ASP.NET
x-azure-ref: 08T+KYgAAAABIxWSKWo3jT5AV6/SyepW/VExWMzBFREdFMDIwOAA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
content-length: 1363
expires: -1

GET
H2 200 gofobo.min.js Show response
global.proper.io/ 23 KB
7 KB 962ms
915ms Script
application/javascript 2606:4700::6811:4f22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://global.proper.io/gofobo.min.js
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4f22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bc28e4eb995de916167a758d7360f11ed01233d0a416ae13452d89f2c4ec4d85

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 20 May 2022 18:09:45 GMT
server: cloudflare
etag: W/"6287d969-5b9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 70f607435b1f2355-ZRH
expires: Sun, 22 May 2022 13:56:45 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 40ms
13ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

f6f5ede273d677c69174d1d6e159831ba6095aab8d3137c397130c20c5daf326

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: AbC6PsPfYqytZdIwDjt4Gw==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Sun, 22 May 2022 14:02:42 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 1688
x-fb-rlafr: 0
x-fb-debug: G6Gijih6lXS0WHbqZh73tWKIWaBPzBJu/iaDxAseTizk1I080QFopSOzb+OHTAvc0eTxlDG7FUgCQkiNhgc3Vw==
x-fb-trip-id: 686109401
x-fb-content-md5: 01a8bd71b66fa8de041bc401e2b66535
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sun, 22 May 2022 13:51:45 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "837cdad82442f54a5886dcaae2340ced"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 black-err-2-bg.jpg
dk2d6nav3mn9d.cloudfront.net/assets/img/bgs/ 74 KB
75 KB 12ms
11ms Image
image/jpeg 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/img/bgs/black-err-2-bg.jpg
Requested by: Host: dk2d6nav3mn9d.cloudfront.net
URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/mobile.css?v=2.6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c3b9251f1745ced8936ee0998aa96dac16382f6f995d3ad065810fd9341f303d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dk2d6nav3mn9d.cloudfront.net/assets/css/mobile.css?v=2.6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: l2zz3HzDOr.EjTuXBiVJfwrpreIgJbmH
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
last-modified: Fri, 03 Apr 2020 19:35:49 GMT
server: AmazonS3
age: 1661111
etag: "4094728781722d3955df52cbc0364e25"
x-cache: Hit from cloudfront
content-type: image/jpeg
cache-control: public, max-age=2592000
date: Tue, 03 May 2022 09:29:53 GMT
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 76162
x-amz-cf-id: HFel6w4wEdcugxIWf2MM-hGWAF3I7Fx9kPjFRfs_gabae5KPKSoaQg==

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 182 B
457 B 64ms
37ms XHR
application/json 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd9308db31181fde13aca740757dcb439baf71d731011a87da483a28faae444f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 70f607432fde9b9e-FRA
access-control-allow-headers: Content-Type

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 287 KB
82 KB 33ms
16ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=77c1022c4dc74386a1f9c3b318729ce4

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1caa750f250ae445b6d2cc1d192f90af227396568e77ffa7141b5f3568b5a5d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://gofobo.com/
Origin: https://gofobo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: +8NbnZpnwmd+PEtifIvEjA==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
expires: Mon, 22 May 2023 11:24:13 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 83849
x-fb-rlafr: 0
x-fb-debug: kuuOa6MpW94+3CxwZCC/VGr/RX89S4cGg5rLWd/++QOi9HWbhYjHH/Wk0cnZLWJ8cnW49EtIALQqFB+jEob+qg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 726f0e0a94e103cc92e21f939274f981
cross-origin-opener-policy: same-origin-allow-popups
date: Sun, 22 May 2022 13:51:45 GMT
x-frame-options: DENY
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "957afb964bda4a97b84d1a7555f2a5aa"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 393879024716738 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 98ms
97ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/393879024716738?v=2.9.60&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3375618b98aa48615cda5c608ce679df756f563f94cc377802abd9a39ee9ac5d

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: +DDNXilS+hWWw0MfODD0OHZrSxLtst9H1GDpoyGf3Eyz/x+lp/4xep6QyZOns4ytCMixW7y0waJQBixi8fp4Qw==
x-fb-trip-id: 686109401
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Sun, 22 May 2022 13:51:45 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts: 1653227505254
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 sync-container.js Show response
b-code.liadm.com/ 6 KB
3 KB 26ms
25ms Script
application/javascript 2600:9000:2057:f600:8:8845:1500:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://b-code.liadm.com/sync-container.js
Requested by: Host: b-code.liadm.com
URL: https://b-code.liadm.com/a-00jp.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:f600:8:8845:1500:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: CQKQeFXs_ero.dSxGj8yyrCkT6TzPcRS
content-encoding: gzip
etag: W/"ae5e94de938b0387eda6df8f20da811a"
last-modified: Wed, 02 Jun 2021 16:15:01 GMT
server: AmazonS3
age: 1001324
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 2ef0748a2a8fca13fd6065b6b046c33c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
date: Tue, 10 May 2022 23:43:04 GMT
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: y79rW8ziqtauqbythAmNrpjOz_iszGLRp1Vo6jMQ5Ld3R8DRM7WWRA==

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.12.0/ 361 KB
80 KB 24ms
24ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.12.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d97729299024aa64b03739e244f254966f9b546045de88bd835701a473045d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Aib4Vlvkay7u77hQspwwDQ==
age: 13940
vary: Accept-Encoding
content-length: 81328
x-ms-lease-status: unlocked
last-modified: Wed, 20 Jan 2021 07:04:09 GMT
server: cloudflare
etag: 0x8D8BD11958F56CC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 3288bc6c-101e-00ac-67cf-11f971000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 70f6074378c29250-FRA

GET
H2 200 en-us.json Show response
cdn.cookielaw.org/consent/edb7bc5d-bafa-46e2-8069-72f66608bc9d/5647eea2-8487-4183-a49c-e04655885680/ 76 KB
13 KB 63ms
63ms Fetch
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/edb7bc5d-bafa-46e2-8069-72f66608bc9d/5647eea2-8487-4183-a49c-e04655885680/en-us.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.12.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a9247ce2bd50f80397e8e5ff3538bae254d226d3f9d23b15f16bac61580c187e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: yZViXkwKR/aO3km/Z4TYlw==
vary: Accept-Encoding
content-length: 13002
x-ms-lease-status: unlocked
last-modified: Thu, 21 Jan 2021 19:07:41 GMT
server: cloudflare
etag: 0x8D8BE3FD3AA1CFD
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 088415df-c01e-002d-240c-575b26000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 70f60743de4323f7-ZRH
expires: Sun, 22 May 2022 17:51:45 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
409 B 65ms
19ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=393879024716738&ev=PageView&dl=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&rl=&if=false&ts=1653227505287&sw=1600&sh=1200&v=2.9.60&r=stable&ec=0&o=30&fbp=fb.1.1653227505286.2064374363&it=1653227505155&coo=false&rqm=GET

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:45 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Sun, 22 May 2022 13:51:45 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
213 B 66ms
20ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=393879024716738&ev=Purchase&dl=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&rl=&if=false&ts=1653227505289&cd[value]=1&cd[currency]=1&sw=1600&sh=1200&v=2.9.60&r=stable&ec=1&o=30&fbp=fb.1.1653227505286.2064374363&it=1653227505155&coo=false&rqm=GET

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:45 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Sun, 22 May 2022 13:51:45 GMT

GET
H2

200

j Show response
rp4.liadm.com/
Redirect Chain

https://rp.liadm.com/j?dtstmp=1653227505293&aid=a-00jp&se=e30&duid=0304f7a82132--01g3p0khgs41fzj1x3kbsh1nvf&tna=v2.3.1&pu=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&wpn=lc-bundle&c=P...
https://rp4.liadm.com/j?dtstmp=1653227505293&aid=a-00jp&se=e30&duid=0304f7a82132--01g3p0khgs41fzj1x3kbsh1nvf&tna=v2.3.1&pu=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&wpn=lc-bundle&c=...

43 B
582 B

400ms
125ms

XHR
application/json

34.231.179.226
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://rp4.liadm.com/j?dtstmp=1653227505293&aid=a-00jp&se=e30&duid=0304f7a82132--01g3p0khgs41fzj1x3kbsh1nvf&tna=v2.3.1&pu=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&wpn=lc-bundle&c=PHRpdGxlPlRoZSBQZXJmZWN0IFNvdW5kIGFuZCBBbWJpYW5jZSAgICAgICAgIFZpZXcgT3VyIE1lcmNoYW5kaXNlIFN3ZWVwc3Rha2VzPC90aXRsZT4&i6=MjAwMTphYzg6MjA6MzAzOjoyMDNl&n3pc=true

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Server

34.231.179.226 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-231-179-226.compute-1.amazonaws.com

Software

Resource Hash

a43eb929a5f667e26f866e75458c0639b56c9da1bc2f47b354d2319e2d712ada

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
x-pixel-event-id: 4d8b12a7-6f33-42c9-8c04-2add894c4592
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
x-frame-options: DENY
content-type: application/json
access-control-allow-origin: null
x-xss-protection: 1; mode=block
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 6e8612f91cf59f28
request-time: 0
content-length: 43
x-content-type-options: nosniff

Redirect headers

date: Sun, 22 May 2022 13:51:45 GMT
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
x-permitted-cross-domain-policies: master-only
location: https://rp4.liadm.com/j?dtstmp=1653227505293&aid=a-00jp&se=e30&duid=0304f7a82132--01g3p0khgs41fzj1x3kbsh1nvf&tna=v2.3.1&pu=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&wpn=lc-bundle&c=PHRpdGxlPlRoZSBQZXJmZWN0IFNvdW5kIGFuZCBBbWJpYW5jZSAgICAgICAgIFZpZXcgT3VyIE1lcmNoYW5kaXNlIFN3ZWVwc3Rha2VzPC90aXRsZT4&i6=MjAwMTphYzg6MjA6MzAzOjoyMDNl&n3pc=true
x-frame-options: DENY
access-control-allow-origin: https://gofobo.com
x-xss-protection: 1; mode=block
vary: Origin
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
trace-id: 2ca6350624ef46d8
request-time: 0
content-length: 0
x-content-type-options: nosniff

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.12.0/assets/ 13 KB
3 KB 58ms
58ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.12.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.12.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d105b0a793af6426ddf8c1ef8b26ae81d889617ef5f248a72e06b8c71d91e1c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: IpszPceh6jWRl6sjS0PrYA==
vary: Accept-Encoding
content-length: 3212
x-ms-lease-status: unlocked
last-modified: Wed, 20 Jan 2021 07:04:01 GMT
server: cloudflare
etag: 0x8D8BD1190DD964B
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: c97bea9a-001e-011d-710c-504759000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 70f607444f3923f7-ZRH

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/6.12.0/assets/ 62 KB
15 KB 68ms
68ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.12.0/assets/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.12.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e92c705f444d62f823dc852694d8faabc0afc96f642a90ff7e0c775d29689e8e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ZQjkSMldlHpRPgVBEAOG1A==
vary: Accept-Encoding
content-length: 14950
x-ms-lease-status: unlocked
last-modified: Wed, 20 Jan 2021 07:04:02 GMT
server: cloudflare
etag: 0x8D8BD11912C615E
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: c115424d-b01e-0044-6b70-c4048a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 70f607444f3e23f7-ZRH

GET
H2 200 Lato-Reg.ttf
dk2d6nav3mn9d.cloudfront.net/assets/fonts/lato/ 117 KB
50 KB 51ms
19ms Font
application/font-sfnt 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/fonts/lato/Lato-Reg.ttf
Requested by: Host: dk2d6nav3mn9d.cloudfront.net
URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/fonts.css?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 7ae714b63c2c8b940bdd211a0cc678f01168a34eea8aa13c0df25364f29238a7

Request headers

Referer: https://dk2d6nav3mn9d.cloudfront.net/assets/css/fonts.css?v=3
Origin: https://gofobo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: SOw4Bl_R06Pzt3_0loX6t_3f67STH2Ze
content-encoding: gzip
etag: W/"7f690e503a254e0b8349aec0177e07aa"
age: 790252
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Fri, 03 Apr 2020 19:35:48 GMT
server: AmazonS3
date: Fri, 13 May 2022 11:18:26 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/font-sfnt
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: LBvxoqAAgnqqYxvMlG9iOyeKSHZVQ_w-Cz4-_XjmvTLHqoVHr2rVjA==

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 97ms
28ms Script
application/x-javascript 23.35.237.151
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.35.237.151 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-237-151.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=49532
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
H/1.1 200
OK widgets.js Show response
platform.twitter.com/ 97 KB
29 KB 108ms
20ms Script
application/javascript 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BC2) /
Resource Hash: 2b37b00f9400fedda05e3feb73c40b2a19af5fbd2d2d327c39e9476cff3dd9c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Sun, 22 May 2022 13:51:45 GMT
Content-Encoding: gzip
Age: 825
X-Cache: HIT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server-Timing: "x-cache;desc= HIT,x-tw-cdn;desc=",edge;dur=1
Content-Length: 29461
x-tw-cdn: VZ
Last-Modified: Sun, 15 May 2022 20:06:46 GMT
Server: ECS (amb/6BC2)
Etag: "f1369725ba22125b0df0251e74090aa0+gzip"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=1800

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 54ms
20ms Script
text/javascript 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 1019
date: Sun, 22 May 2022 13:34:46 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Sun, 22 May 2022 15:34:46 GMT

GET
H2 200 hotjar-6292.js Show response
static.hotjar.com/c/ 5 KB
2 KB 87ms
46ms Script
application/javascript 65.9.63.3
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-6292.js?sv=3

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

65.9.63.3 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-65-9-63-3.fra56.r.cloudfront.net

Software

Resource Hash

a1cc90fa89bf02f2c7c95cac8c34903963b8d3a1eea79c626a6f6ebcbbd71ac6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
x-amz-cf-pop: FRA56-C1
etag: W/bf9d31f7dd48a6b496e0120fe0e1008a
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-id: FaLDBJLjRUk-WLdNSChd6LvFl-HxyqPBAjCm8EpIhhbSBBH5lSiwDQ==
via: 1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)

GET
H2 200 clarity.js Show response
d.clarity.ms/s/0.6.34/ 53 KB
23 KB 364ms
109ms Script
application/javascript 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/s/0.6.34/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/42wleqiafj
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: br
etag: "1d86ac05e8dcb54"
last-modified: Wed, 18 May 2022 14:05:46 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
content-length: 23150
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 SourceSansPro-Bold.otf
dk2d6nav3mn9d.cloudfront.net/assets/fonts/source-sans-pro/ 126 KB
127 KB 21ms
18ms Font
application/vnd.oasis.opendocument.formula-template 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/fonts/source-sans-pro/SourceSansPro-Bold.otf
Requested by: Host: dk2d6nav3mn9d.cloudfront.net
URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/fonts.css?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 223e634e5f67fa641d509622341690a6e0a5114162df625c4d4b6159b421856d

Request headers

Referer: https://dk2d6nav3mn9d.cloudfront.net/assets/css/fonts.css?v=3
Origin: https://gofobo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: gAeQyQNwxUtX5GDx3.yj6bHXdeRJ99iS
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
etag: "269ca7e400c670e507c39eeafb9d36b9"
age: 1654814
x-cache: Hit from cloudfront
access-control-max-age: 3000
content-length: 129212
last-modified: Fri, 03 Apr 2020 19:35:48 GMT
server: AmazonS3
date: Tue, 03 May 2022 10:49:37 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/vnd.oasis.opendocument.formula-template
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
x-amz-cf-id: 5K9SGvi5XrAcl_KQn93R4ViqYOK-arfII5JEUIw7jXsEoNAIMk3kNA==

GET
H2 200 SourceSansPro-Semibold.otf
dk2d6nav3mn9d.cloudfront.net/assets/fonts/source-sans-pro/ 124 KB
125 KB 58ms
56ms Font
application/vnd.oasis.opendocument.formula-template 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/fonts/source-sans-pro/SourceSansPro-Semibold.otf
Requested by: Host: dk2d6nav3mn9d.cloudfront.net
URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/fonts.css?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3cbef17f675d6d6830405547c90d636e50e8646b8bbc5437225e66afbf04a354

Request headers

Referer: https://dk2d6nav3mn9d.cloudfront.net/assets/css/fonts.css?v=3
Origin: https://gofobo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: .huE.jeNmn1Y2nXp6duoScIuSK.H3YID
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
etag: "3fbf5b8edc66b68a0e2ccfa598bbdae4"
age: 1657603
x-cache: Hit from cloudfront
access-control-max-age: 3000
content-length: 127336
last-modified: Fri, 03 Apr 2020 19:35:48 GMT
server: AmazonS3
date: Tue, 03 May 2022 09:25:03 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/vnd.oasis.opendocument.formula-template
access-control-allow-origin: *
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
x-amz-cf-id: csdzoLCwr3Ga9PJ81D6syC_hsEI0DgE7X_bjEs0UzndOPxbXk0W9Ew==

GET
H2 200 sprite.png
dk2d6nav3mn9d.cloudfront.net/assets/img/sprite/ 163 KB
163 KB 18ms
18ms Image
image/png 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/img/sprite/sprite.png
Requested by: Host: dk2d6nav3mn9d.cloudfront.net
URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/global.css?v=2.6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ddd20fbc250587ac6f1671023aaf2180594d9dcd520add2c6b212044b4a2af12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dk2d6nav3mn9d.cloudfront.net/assets/css/global.css?v=2.6
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: 7Zpr3vx3nJBW6hHevY7tJPKLH0sLoFny
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
last-modified: Fri, 03 Apr 2020 19:35:53 GMT
server: AmazonS3
age: 1661128
etag: "e015276b099c2320dcd16754f0ae3dad"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=2592000
date: Tue, 03 May 2022 09:09:58 GMT
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 166768
x-amz-cf-id: CaKaF11J2HqEFy1LXwBUYUHqrxMGcDa-F2GqF_jgi7tP-txvJIKN5g==

GET
H2 200 footer-g.png
dk2d6nav3mn9d.cloudfront.net/assets/img/logos/ 2 KB
2 KB 17ms
17ms Image
image/png 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/img/logos/footer-g.png
Requested by: Host: dk2d6nav3mn9d.cloudfront.net
URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/desktop.css?v=2.8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d502121116ea9588bd7edfb519575a09ded0e6daaf30427d6093e03d6dc777ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://dk2d6nav3mn9d.cloudfront.net/assets/css/desktop.css?v=2.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: 0tcJ6ViOUPetAQR82NuJb1Yb524tBAan
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
last-modified: Fri, 03 Apr 2020 19:35:51 GMT
server: AmazonS3
age: 1657412
etag: "91a0d1b8f89769c3f7f2b7ffefdc6ba6"
x-cache: Hit from cloudfront
content-type: image/png
cache-control: public, max-age=2592000
date: Tue, 03 May 2022 09:29:29 GMT
x-amz-cf-pop: DUS51-P2
accept-ranges: bytes
content-length: 1873
x-amz-cf-id: 9jCoyteLmNBOYI5JCFHLchJjEnsKqSfKRsSlHklb5Wn4BmdrEMWX_g==

GET
H2 200 Lato-Bla.ttf
dk2d6nav3mn9d.cloudfront.net/assets/fonts/lato/ 112 KB
49 KB 61ms
61ms Font
application/font-sfnt 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/fonts/lato/Lato-Bla.ttf
Requested by: Host: dk2d6nav3mn9d.cloudfront.net
URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/fonts.css?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8b32bc539ca95dda2d2206a43234b5f3b0fe964bd25966c860bc80ec7f06d702

Request headers

Referer: https://dk2d6nav3mn9d.cloudfront.net/assets/css/fonts.css?v=3
Origin: https://gofobo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: hQ94SU66spYV6Lo3qx9FEwiW5DlmJ5cN
content-encoding: gzip
etag: W/"77d353744697c77955f9bacc7f3ed90a"
age: 1661108
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Fri, 03 Apr 2020 19:35:48 GMT
server: AmazonS3
date: Tue, 03 May 2022 08:49:25 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/font-sfnt
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-P2
x-amz-cf-id: MyntmddiLb1-m25xoSlLtVuMDzu39Ip2kbwjtQUQxxJmkhY5pJH7Dw==

GET
H2 200 Lato-Bol.ttf
dk2d6nav3mn9d.cloudfront.net/assets/fonts/lato/ 119 KB
50 KB 65ms
64ms Font
application/font-sfnt 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/fonts/lato/Lato-Bol.ttf
Requested by: Host: dk2d6nav3mn9d.cloudfront.net
URL: https://dk2d6nav3mn9d.cloudfront.net/assets/css/fonts.css?v=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 14f7de6b616950395062902eb8f70f01c0a901223db5d40f2a05728ac4a830f6

Request headers

Referer: https://dk2d6nav3mn9d.cloudfront.net/assets/css/fonts.css?v=3
Origin: https://gofobo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Tue, 26 Apr 2022 09:48:46 GMT
content-encoding: gzip
vary: Accept-Encoding,Origin
age: 2260980
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Fri, 03 Apr 2020 19:35:48 GMT
server: AmazonS3
etag: W/"44dfe8cc676882243911a3197a50169e"
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-version-id: luuLuzVQoV.PY17o6IZA0Oq.WTTTheHL
via: 1.1 3a42f75e219a9a44a54979112dcb25dc.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
x-amz-cf-pop: DUS51-P2
content-type: application/font-sfnt
x-amz-cf-id: eNTNdlXbKFqvpa1nMBIoAHtfgFP5c56X_TEYcEbLilT2rPRSYfVebg==

GET
H2 200 owl.carousel.js Show response
dk2d6nav3mn9d.cloudfront.net/assets/js/ 29 KB
7 KB 207ms
206ms Script
application/javascript 108.156.253.172
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dk2d6nav3mn9d.cloudfront.net/assets/js/owl.carousel.js?_=1653227505040
Requested by: Host: dk2d6nav3mn9d.cloudfront.net
URL: https://dk2d6nav3mn9d.cloudfront.net/assets/js/jquery-1.12.4.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.156.253.172 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-156-253-172.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 265acaa7671ecc0fb94f926ffe9d1b4661006e4924eea3234f1dc72a44ce58d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: gzip
last-modified: Fri, 03 Apr 2020 19:35:55 GMT
server: AmazonS3
x-amz-cf-pop: DUS51-P2
etag: W/"5ec575b2e4b6b9c38769dde657150908"
vary: Accept-Encoding
x-cache: Miss from cloudfront
x-amz-version-id: Wm2prL5O.MDarGtdyLpKjdzdagP0zivt
via: 1.1 191dcfd852a6f06df8cf0ecc80b99d1c.cloudfront.net (CloudFront)
cache-control: public, max-age=2592000
content-type: application/javascript
x-amz-cf-id: c5M3EWfC-w1RWqfiZvHGmDbaK56cBG4jq4ZZxo-2e4TTWhu2b8GI2Q==

GET measure.min.js
asset.pagefair.com/ 0
0

GET ads.min.js
asset.pagefair.net/ 0
0

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-54405b784485010e/ 1 KB
585 B 257ms
248ms Script
application/javascript 2.18.232.170
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-54405b784485010e/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.170 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-170.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e179f1a58f6627329c2bc698715570d56d01ce7370fc31498d4ed7150f8e539a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: gzip
etag: 662010203--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public, max-age=52, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 411

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 89 B
249 B 244ms
221ms Script
application/javascript 2.18.232.170
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=628a3ff1cd1a3f36&bkl=0&bl=1&pdt=1744&sid=628a3ff1cd1a3f36&pub=ra-54405b784485010e&rev=v8.28.8-wp&ln=en&pc=men&cb=0&ab=-&dp=gofobo.com&fp=sweepstakes%2FTikiTunesSpeaker&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&colc=1653227505552&jsl=8321&uvs=628a3ff16ae885de000&skipb=1&callback=addthis.cbs.jsonp__85961259914479120
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.232.170 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-232-170.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe3dea17b401a40973129b87e70fe0d9a58d326e614c0ea2b3fbf04d4d89296c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:45 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 89
content-type: application/javascript;charset=utf-8

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame B581 0
0

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html Show response
s7.addthis.com/static/ Frame 24F6 71 KB
26 KB 41ms
40ms Document
text/html 2.18.232.170
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.232.170 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-232-170.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, max-age=86313600
content-encoding: gzip
content-length: 26421
content-type: text/html
date: Sun, 22 May 2022 13:51:45 GMT
etag: W/"5f971164-11adc"
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
p3p: CP="NON ADM OUR DEV IND COM STA"
server: nginx/1.15.8
strict-transport-security: max-age=15724800; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding
x-host: s7.addthis.com

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/svg+xml

POST
H3 200 collect Show response
www.google-analytics.com/j/ 4 B
24 B 64ms
27ms XHR
text/plain 2a00:1450:4001:811::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1501914715&t=pageview&_s=1&dl=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&ul=en-us&de=UTF-8&dt=The%20Perfect%20Sound%20and%20Ambiance%20View%20Our%20Merchandise%20Sweepstakes&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=166089786&gjid=483648665&cid=576990179.1653227506&tid=UA-145160-3&_gid=1174943239.1653227506&_r=1&_slc=1&z=944837896

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://gofobo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.f31ba00513b7ef8234d1.js Show response
script.hotjar.com/ 243 KB
63 KB 510ms
186ms Script
application/javascript 99.86.4.101
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.f31ba00513b7ef8234d1.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-6292.js?sv=3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

99.86.4.101 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-99-86-4-101.fra6.r.cloudfront.net

Software

Resource Hash

5475ef880793a875564088fea38154cee107eede5a2af036f3774a3dec5e48e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 16:09:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 164559
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 63712
access-control-allow-origin: *
last-modified: Fri, 20 May 2022 16:08:12 GMT
etag: "bb85a92d3aefdabfa0ed466815889fc6"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 04599a8a3c6eb66f23e5ae02d1ec4cf2.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: d_trZ_Da0JXVrR4XWqChyVuUU7cG8veK3ZRB50OPskWAq1wBgLEwhA==

GET
H/1.1 200
OK widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html Show response
platform.twitter.com/widgets/ Frame 1AA3 319 KB
104 KB 25ms
25ms Document
text/html 2606:2800:234:59:254c:406:2366:268c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fgofobo.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:234:59:254c:406:2366:268c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECS (amb/6BA0) /
Resource Hash: c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 162933
Cache-Control: public, max-age=315360000
Content-Encoding: gzip
Content-Length: 105433
Content-Type: text/html; charset=utf-8
Date: Sun, 22 May 2022 13:51:45 GMT
Etag: "8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified: Sun, 15 May 2022 20:03:39 GMT
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server: ECS (amb/6BA0)
Server-Timing: "x-cache;desc= HIT,x-tw-cdn;desc=VZ",edge;dur=1
Vary: Accept-Encoding
X-Cache: HIT
x-tw-cdn: VZ

GET
H2 200 box-4924254a9ce4dc9b959b6e4a9b662d60.html Show response
vars.hotjar.com/ Frame 4EED 2 KB
1 KB 105ms
23ms Document
text/html 143.204.215.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-6292.js?sv=3
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-118.fra53.r.cloudfront.net
Software: /
Resource Hash: 67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 3380559
cache-control: max-age=31536000
content-encoding: br
content-length: 1044
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 13 Apr 2022 10:49:06 GMT
etag: "1635635016e428baa170305e9282c34a"
last-modified: Wed, 13 Apr 2022 10:48:29 GMT
vary: Accept-Encoding
via: 1.1 befe3b8553d90339ecf78e5d7cefa60a.cloudfront.net (CloudFront)
x-amz-cf-id: k5aAG24Rw9p0q3EpAFjdMpQ0V-6wsDJv9_32R8rm19RGXZJIOJh8ow==
x-amz-cf-pop: FRA53-C1
x-cache: Hit from cloudfront
x-robots-tag: none

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
435 B 100ms
33ms XHR
text/plain 2a00:1450:400c:c0c::9b
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-145160-3&cid=576990179.1653227506&jid=166089786&gjid=483648665&_gid=1174943239.1653227506&_u=IEBAAEAAAAAAAC~&z=1000243549

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9b Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Sun, 22 May 2022 13:51:45 GMT
content-type: text/plain
access-control-allow-origin: https://gofobo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 settings Show response
syndication.twitter.com/ Frame 1AA3 278 B
461 B 184ms
138ms Fetch
application/json 104.244.42.200
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://syndication.twitter.com/settings?session_id=eea6d1f52b0808367407f23d120856286a1c13c3

Requested by

Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.bbd13993eb53d3a11ac08f5e8cf9d6a4.html?origin=https%3A%2F%2Fgofobo.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.200 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

d342be7b065b36dd1e6856bcf5a432b5d2c277d27555391ddefbf1df3edb0fc4

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://platform.twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-response-time: 118
date: Sun, 22 May 2022 13:51:45 GMT
content-encoding: gzip
last-modified: Sun, 22 May 2022 13:51:45 GMT
server: tsa_o
vary: Origin
strict-transport-security: max-age=631138519
content-type: application/json; charset=utf-8
access-control-allow-origin: https://platform.twitter.com
cache-control: must-revalidate, max-age=600
access-control-allow-credentials: true
x-connection-hash: da46e46f9657759695efed1bb02a14bd36d4fc4e7a65340fd21cebb300d1f166
content-length: 179

GET
H2 200 layers.fa6cd1947ce26e890d3d.js Show response
s7.addthis.com/static/ 263 KB
76 KB 44ms
43ms Script
application/javascript 2.18.232.170
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.fa6cd1947ce26e890d3d.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.232.170 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-232-170.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: W/"5f971164-41cf5"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=86313600
date: Sun, 22 May 2022 13:51:45 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77617

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 82 KB
29 KB 560ms
185ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: global.proper.io
URL: https://global.proper.io/gofobo.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

d9cbcfeb9b6e64526967c4cd689a6bf25404c437fecff623856da96d292e8e65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28589
x-xss-protection: 0
server: sffe
etag: "1222 / 995 of 1000 / last-modified: 1653084277"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 22 May 2022 13:51:46 GMT

GET
H2 200 latest.js Show response
global.proper.io/payloads/ 512 KB
126 KB 46ms
46ms Script
application/javascript 2606:4700::6811:4f22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://global.proper.io/payloads/latest.js
Requested by: Host: global.proper.io
URL: https://global.proper.io/gofobo.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4f22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c543985155ec9d4a38342a017e372037db393e26e3c16a291f9eee793f6b93a0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Tue, 03 May 2022 18:46:45 GMT
server: cloudflare
age: 1440186
etag: W/"62717895-7ffe8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=300
cf-ray: 70f607493bdd2355-ZRH
expires: Sun, 22 May 2022 13:56:46 GMT

GET
H2 200 px.gif
abcheck.proper.io/ 842 B
979 B 410ms
401ms Image
image/gif 2606:4700::6811:4f22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://abcheck.proper.io/px.gif?ch=1&rn=8.874691060793122
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4f22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48d611c460406f0653185a1447f5bf797eec3afa7c080b74205f4a8ea2729f3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
cf-cache-status: MISS
last-modified: Thu, 06 Jan 2022 18:51:44 GMT
server: cloudflare
x-amz-request-id: QMFH8P7GZHJYV82Y
etag: "04b36c8411ae7bf7a8c369fa94b30e56"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 70f607494beb2355-ZRH
content-length: 842
x-amz-id-2: WqfPhKNiNIdxiMC0tiuhwEgnt1avUsYPsmcWH5xd1xwzPspFhFyRVfhlaAeaSJIfrn1biu0eVI8=
expires: Sun, 22 May 2022 17:51:46 GMT

GET
H2 200 px.gif
abcheck.proper.io/ 842 B
1 KB 393ms
384ms Image
image/gif 2606:4700::6811:4f22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://abcheck.proper.io/px.gif?ch=2&rn=8.874691060793122
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4f22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48d611c460406f0653185a1447f5bf797eec3afa7c080b74205f4a8ea2729f3c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
cf-cache-status: MISS
last-modified: Thu, 06 Jan 2022 18:51:44 GMT
server: cloudflare
x-amz-request-id: QMFSH4A1NH758NQA
etag: "04b36c8411ae7bf7a8c369fa94b30e56"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 70f607494bed2355-ZRH
content-length: 842
x-amz-id-2: trMYeB8f1V6vYEEL/ag1ng1t/bJcj3DYh0Ge8vYQCRStXxuKaA0J8kDHeYRxWiWll0vb7+jVF8U=
expires: Sun, 22 May 2022 17:51:46 GMT

POST
H2 204 collect Show response
d.clarity.ms/ 0
66 B 346ms
346ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: https://gofobo.com
date: Sun, 22 May 2022 13:51:45 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 quant.js Show response
secure.quantserve.com/ 24 KB
10 KB 121ms
35ms Script
application/javascript 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: gzip
etag: "u2JtyZzqnTXwzBUswy2r+w=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
expires: Sun, 29 May 2022 13:51:46 GMT

GET
H2 200 localstore.js Show response
script.4dex.io/ 483 B
963 B 140ms
54ms Script
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/localstore.js
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1870
content-type: application/javascript
x-amz-request-id: tx868aa8ceaf494ff0b1336-00627a3731
x-amz-id-2: tx868aa8ceaf494ff0b1336-00627a3731
last-modified: Tue, 10 May 2022 09:57:32 GMT
server: cloudflare
etag: W/"922cffdd75f7192f75231d92684885aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QPapbB1VnLKqkceD69iFh8OLOhm6Nynfl8IjiHvvdme1pMkiwIcjLWdDTxE6hSJULCbMkzzSxn8bvytUox3NNG3CToDdxgw42zkggZZ9YSU%2F4nMIluu0d5x25IlTSVxwy4x7yLHdL6q9wX6z"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 1652176652152482
cache-control: public, max-age=1800
cf-ray: 70f6074a8f753746-MXP
expires: Sun, 22 May 2022 14:21:46 GMT

GET
H/1.1 200
OK a-00jp Show response
i.liadm.com/s/c/ Frame 7D2D 1 KB
1 KB 534ms
125ms Document
text/html 52.6.156.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://i.liadm.com/s/c/a-00jp?s=&cim=&ps=true&ls=true&duid=0304f7a82132--01g3p0khgs41fzj1x3kbsh1nvf&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&

Requested by

Host: b-code.liadm.com
URL: https://b-code.liadm.com/sync-container.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.6.156.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-6-156-194.compute-1.amazonaws.com

Software

Resource Hash

95a7324e1d08d27d92485048d4d9345607b8d60f95ee69f0ba19e76709a00e1f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-cache, max-age=0
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 668
Content-Type: text/html; charset=UTF-8
Date: Sun, 22 May 2022 13:51:45 GMT
ETag: 1.61803398874
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding

GET
H/1.1 200
OK baker
sli.gofobo.com/ 19 B
363 B 219ms
54ms Image
image/gif 95.101.20.27
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sli.gofobo.com/baker?dtstmp=1653227506211
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.20.27 Milan, Italy, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-20-27.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Expires: Sun, 22 May 2022 13:51:46 GMT
Connection: keep-alive
Content-Length: 19
Content-Type: image/gif

GET
H2 200 rules-p-mEzuYq24VEJ-3.js Show response
rules.quantcount.com/ 3 KB
2 KB 167ms
43ms Script
application/javascript 2600:9000:206f:7a00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-mEzuYq24VEJ-3.js
Requested by: Host: secure.quantserve.com
URL: https://secure.quantserve.com/quant.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:7a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8838c15a093042dda8446ae18d93db16218d1c8810dae5cfa21e0e889dc0ec68

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:00:04 GMT
content-encoding: gzip
age: 3103
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
last-modified: Wed, 03 Nov 2021 22:03:49 GMT
server: AmazonS3
etag: W/"ebff52074a206856b4f1993710373d93"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 b3dc72c60418e8887de31f772538f118.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: RxEe4PD4NF6-YqKHMnZW8GPz56BFBlhNvAfsNjzESh8w4x5TGiGeug==

GET
H2 200 adagio.js Show response
script.4dex.io/ 72 KB
23 KB 177ms
97ms Fetch
application/javascript 2606:4700:20::681a:9a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.4dex.io/adagio.js
Requested by: Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:9a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b55131eaef425cb84b957a28df5881c3c83eb11ca9c01e3abccb00baf0e377b6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 21731
access-control-max-age: 3000
access-control-allow-methods: GET
x-amz-request-id: tx19a3dcf08f904372afa4c-00627a37ef
x-amz-id-2: tx19a3dcf08f904372afa4c-00627a37ef
last-modified: Tue, 10 May 2022 09:57:31 GMT
server: cloudflare
etag: W/"2430496689c00115831347992a974246"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i4aWcTFAUmvPb7R1A423P7GdntudemC0iSzgqKbJKhQcUp9XtkQ9hpUfNXvj%2FSPZKG3CVlL7gauTII%2FJrTpcBFnZGgkFOlFVmUDDW0m8ddyFqLwSfmjbjuLBFOrcK%2F%2BJ%2FclJAXA9ooyBptMz"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1800
access-control-allow-credentials: true
x-amz-version-id: 1652176651393042
cf-ray: 70f6074b6a763753-MXP
access-control-allow-headers: Authorization

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/6292/ 147 B
322 B 177ms
49ms XHR
application/json 52.49.46.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/6292/visit-data?sv=3
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.f31ba00513b7ef8234d1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.49.46.73 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-49-46-73.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3e8e76a70b5ec0a97f60491364274ab39aebd8f949b6a310a174633b015d4738

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: br
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 200 pixel;r=1521675208;rf=0;a=p-mEzuYq24VEJ-3;url=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker;uht=2;fpan=1;fpa=P0-917301026-1653227506499;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;c...
pixel.quantserve.com/ 35 B
372 B 45ms
26ms Image
image/gif 2620:116:800d:21:ee05:6a01:4b41:8c89
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=1521675208;rf=0;a=p-mEzuYq24VEJ-3;url=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker;uht=2;fpan=1;fpa=P0-917301026-1653227506499;pbc=;ns=0;ce=1;qjs=1;qv=a98acd33-20220316110313;cm=;gdpr=0;ref=;d=gofobo.com;je=0;sr=1600x1200x24;dst=0;et=1653227506498;tzo=0;ogl=

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ee05:6a01:4b41:8c89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:46 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control: private, no-cache, no-store, proxy-revalidate
content-type: image/gif
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 135 KB
37 KB 94ms
27ms Script
application/javascript 108.138.3.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.3.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-3-177.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:42:50 GMT
content-encoding: gzip
age: 535
x-cache: Hit from cloudfront
timing-allow-origin: *
server: Server
x-amz-rid: 10BYE8VJPD0ZNDS1M6JD
etag: 4abd427e43cd6822329a2c05539e321f
vary: Accept-Encoding
x-amz-version-id: STlSjRvyyTgJyl_raxUeHIFBn6F5DqB3
via: 1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
cache-control: public, max-age=900
x-amz-cf-pop: FRA56-P6
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: J92fsOlbo5eVILQmlQMdFPAWLTftqoewKpO19SmnvmLPbgUUX9vvVA==

GET
H2

200

usersync Show response
usync.proper.io/v1/
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fusync.proper.io%2Fv1%2Fusersync%3Fbidder%3Dmediagrid%26proper_uid%3D6c496af9-dbd5-4011-b97b-bace923c0ec5%26uid%3D%24%7BBSW_UUID%7D?&callback=window....
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fusync.proper.io%2Fv1%2Fusersync%3Fbidder%3Dmediagrid%26proper_uid%3D6c496af9-dbd5-4011-b97b-bace923c0ec5%26uid%3D%24%7BBSW_UUID%7D?&callback=w...
https://usync.proper.io/v1/usersync?bidder=mediagrid&proper_uid=6c496af9-dbd5-4011-b97b-bace923c0ec5&uid=2bf88976-163f-4cb8-ade4-2939d9634265

183 B
386 B

560ms
184ms

Script
text/javascript

54.186.212.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usync.proper.io/v1/usersync?bidder=mediagrid&proper_uid=6c496af9-dbd5-4011-b97b-bace923c0ec5&uid=2bf88976-163f-4cb8-ade4-2939d9634265
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Server: 54.186.212.217 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-186-212-217.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: a4d3f3141136ee811a467f7bb924c27de137703dd7deb3a2264ee1cb1b457e6e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 22 May 2022 13:51:47 GMT
server: nginx/1.18.0
content-length: 183
content-type: text/javascript

Redirect headers

Location: https://usync.proper.io/v1/usersync?bidder=mediagrid&proper_uid=6c496af9-dbd5-4011-b97b-bace923c0ec5&uid=2bf88976-163f-4cb8-ade4-2939d9634265
Date: Sun, 22 May 2022 13:51:46 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2

200

usersync Show response
usync.proper.io/v1/
Redirect Chain

https://ups.analytics.yahoo.com/ups/58355/sync?redir=true&callback=window.proper_f51d8174_ca7c8ec7_2
https://ups.analytics.yahoo.com/ups/58355/sync?redir=true&callback=window.proper_f51d8174_ca7c8ec7_2&verify=true
https://usync.proper.io/v1/usersync?bidder=verizon_media_s2s&uid=y-uylWTAhE2uFO0bmFhnYldmsNvFf4PITU~A

151 B
361 B

606ms
183ms

Script
text/javascript

54.186.212.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usync.proper.io/v1/usersync?bidder=verizon_media_s2s&uid=y-uylWTAhE2uFO0bmFhnYldmsNvFf4PITU~A
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Server: 54.186.212.217 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-186-212-217.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 94bd1524ea4229e5af13df4383fcc1e8d0cc488ef3c8b74a323477dd784d494e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: *
date: Sun, 22 May 2022 13:51:47 GMT
server: nginx/1.18.0
content-length: 151
content-type: text/javascript

Redirect headers

location: https://usync.proper.io/v1/usersync?bidder=verizon_media_s2s&uid=y-uylWTAhE2uFO0bmFhnYldmsNvFf4PITU~A
date: Sun, 22 May 2022 13:51:46 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 204
No Content merge Show response
ce.lijit.com/ 0
311 B 106ms
33ms Script
text/plain 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ce.lijit.com/merge?pid=263069&3pid=6c496af9-dbd5-4011-b97b-bace923c0ec5&location=https%3A%2F%2Fusync.proper.io%2Fv1%2Fusersync%3Fbidder%3Dsovrn_outstream%26proper_uid%3D6c496af9-dbd5-4011-b97b-bace923c0ec5%26uid%3D%5BSOVRNID%5D&&callback=window.proper_84fd7e20_44908cee_3
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:46 GMT
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
Expires: Fri, 20 Mar 2009 00:00:00 GMT
X-MERGE: GDPR Optout true
X-Sovrn-Pod: ad_ap3ams1
P3P: CP="CUR ADM OUR NOR STA NID"

POST
H/1.1 200 445.json Show response
id5-sync.com/g/v2/ 213 B
617 B 84ms
25ms XHR
application/json 141.95.98.69
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/445.json

Requested by

Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

141.95.98.69 , France, ASN16276 (OVH, FR),

Reverse DNS

ns3216534.ip-141-95-98.eu

Software

Resource Hash

134c27cc8df6d4030546f251bd64b16794a5bb7c09b46fe7103dfe628781b26c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://gofobo.com
date: Sun, 22 May 2022 13:51:45 GMT
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
transfer-encoding: chunked
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-type: application/json;charset=UTF-8

GET
H2 451 envelope Show response
api.rlcdn.com/api/identity/ 0
249 B 505ms
175ms XHR
text/plain 34.120.133.55
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://api.rlcdn.com/api/identity/envelope?pid=72
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.133.55 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 55.133.120.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:47 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://gofobo.com
access-control-allow-credentials: true
access-control-allow-headers: Accept, Authorization, Content-Type, Cookie, Origin, X-Requested-With
content-length: 0

POST
H/1.1 200
OK bidding Show response
bids.proper.io/api/ 0
171 B 751ms
189ms XHR
application/octet-stream 52.88.218.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bids.proper.io/api/bidding
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.218.108 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-218-108.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 22 May 2022 13:51:47 GMT
Connection: keep-alive
Content-Length: 0
Content-Type: application/octet-stream

GET
H2 200 main.js Show response
player.propervideo.io/new_rtp/ 124 KB
28 KB 552ms
199ms Script
application/javascript 2606:4700::6812:9fea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://player.propervideo.io/new_rtp/main.js
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:9fea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 25c142f7703a2c89cc00bbac6ce2eaf031c568d2a56e4ace61a5399ee56d792a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:47 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 09 May 2022 21:05:25 GMT
server: cloudflare
age: 1097162
etag: W/"62798215-2e5ad"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
expires: Sun, 22 May 2022 13:56:47 GMT
cache-control: public, max-age=300
cf-polished: origSize=189869
cf-ray: 70f6074f1f490225-ZRH
cf-bgj: minify

POST
H2 200 24 Show response
web.hb.ad.cpe.dotomi.com/s2s/header/ 346 B
527 B 128ms
30ms XHR
application/json 2a02:fa8:8806:16::1460
VCLK-EU-SE

General

Check archive.org

Show headers Download Go to

Full URL: https://web.hb.ad.cpe.dotomi.com/s2s/header/24
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a02:fa8:8806:16::1460 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software: nginx /
Resource Hash: f9483ee652e489e62b1bc6e40ddeecc466ae021012d2e48ff867d01b79fab2ea

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:46 GMT
server: nginx
content-type: application/json
access-control-allow-origin: https://gofobo.com
cache-control: no-cache
access-control-allow-credentials: true
content-length: 346
expires: 0

POST
H2 200 auction Show response
tlx.3lift.com/header/ 19 B
551 B 133ms
44ms XHR
application/json 52.29.205.29
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=6.20.0&referrer=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&tmax=550

Requested by

Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.29.205.29 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-29-205-29.eu-central-1.compute.amazonaws.com

Software

Resource Hash

0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:46 GMT
accept-ch: sec-ch-ua-full-version,sec-ch-dpr,sec-ch-device-memory,sec-ch-save-data,sec-ch-ua-mobile,sec-ch-downlink,user-agent,sec-ch-ect,sec-ch-width,sec-ch-prefers-color-scheme,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-arch,sec-ch-rtt,sec-ch-viewport-height,sec-ch-ua-platform,sec-ch-viewport-width,sec-ch-ua-platform-version,sec-ch-ua-model
x-auction-status: 12, 12, 12
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofobo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-length: 19
x-xss-protection: 0
expires: Thu, 15 Oct 1992 20:10:00 GMT

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 45 B
579 B 101ms
38ms XHR
application/json 72.251.249.9
VOXEL-DOT-NET

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_6.20.0
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 72.251.249.9 Amsterdam, Netherlands, ASN29791 (VOXEL-DOT-NET, US),
Reverse DNS
Software: /
Resource Hash: 56b4524563fead04c205538321b377bf2b8591947fd49955458eca31d90de036

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sun, 22 May 2022 13:51:46 GMT
Content-Encoding: gzip
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://gofobo.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap3ams1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 64

GET
H/1.1 200
OK fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 470 B
2 KB 390ms
279ms XHR
application/json 2602:803:c003:200::51
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=8777&site_id=145710&zone_id=686076&size_id=15%3B15%3B2&alt_size_ids=2%2C57%3B2%2C57%3B&rp_floor=0.1&rp_secure=1&tk_flint=pbjs_lite_v3.2.0&x_source.tid=d9a4dbed-cc7a-4909-82e8-bb5d68dfa4f6%3B98b6ff90-bec2-4e55-a14b-083e7ff788b5%3Bf1334ac7-b70e-4c67-a1ca-9356b12f02f4&p_screen_res=1600x1200&tg_fl.eid=686076-1%3B686076-2%3B686076-4&rf=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&x_source.pchain=proper.io%3Ae5962152-eb92-11e9-a488-69e3386c7506&ppuid=6c496af9-dbd5-4011-b97b-bace923c0ec5&eid_pubcid.org=6c496af9-dbd5-4011-b97b-bace923c0ec5%5E1&rp_schain=1.0%2C1!proper.io%2Ce5962152-eb92-11e9-a488-69e3386c7506%2C1&slots=3&rand=0.9457711322276448
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 2602:803:c003:200::51 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 346cb5466b79671a2aac23d174850962275dc097fb226dcf8c89e30c792af3ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:47 GMT
Server: nginx/1.21.4
Vary: Accept-Encoding
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin: https://gofobo.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json
Content-Length: 470
Expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
179 B 270ms
111ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 762119b95d3a79dde286105237e1dcf285092e786aa0c966e7a277fa87ac3b60

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofobo.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
179 B 269ms
111ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 6ac8b08159f3059b7cba26d8464c8d1aa96f184480a395253925bdf2f7503a08

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofobo.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
338 B 268ms
111ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 803a0ef0354a28ed76c5fedf15bbc32b76628997f6447435913183edb4ad61c8

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofobo.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
178 B 290ms
133ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 83b9d45b0adf0225242deb2c285b3050db90d3c6332bc657b955d43c7458c27f

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofobo.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 200 hb Show response
ssc.33across.com/api/v1/ 87 B
179 B 284ms
126ms XHR
application/json 34.149.20.76
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ssc.33across.com/api/v1/hb
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.20.76 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 76.20.149.34.bc.googleusercontent.com
Software: / 33Across
Resource Hash: 3b97df7576d1f0401feb5b7011240f01f359adca61caeb10c3972a89aa5d3583

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: gzip
status: 200 OK
x-powered-by: 33Across
vary: Accept-Encoding, Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gofobo.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 google

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
110 B 114ms
30ms XHR
text/plain 18.157.66.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.157.66.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-157-66-51.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://gofobo.com
date: Sun, 22 May 2022 13:51:46 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
109 B 129ms
45ms XHR
text/plain 18.157.66.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.157.66.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-157-66-51.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://gofobo.com
date: Sun, 22 May 2022 13:51:46 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
109 B 212ms
128ms XHR
text/plain 18.157.66.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.157.66.51 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-157-66-51.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://gofobo.com
date: Sun, 22 May 2022 13:51:46 GMT
access-control-allow-credentials: true
vary: Origin

POST
H2 204 hb Show response
hb.undertone.com/ 0
444 B 546ms
471ms XHR
text/plain 99.86.4.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://hb.undertone.com/hb?pid=3520&domain=gofobo.com
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-28.fra6.r.cloudfront.net
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:46 GMT
via: 1.1 1277de71b2472d19ca0bfc510db9ec54.cloudfront.net (CloudFront)
server: istio-envoy
x-amz-cf-pop: FRA6-C1
x-cache: Miss from cloudfront
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSDo OUR BUS UNI COM NAV"
access-control-allow-origin: https://gofobo.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
x-envoy-upstream-service-time: 1
x-amz-cf-id: 3SQUKuoZXkTVAIKWdfM2TqmxWyZI54IcoLO5eKIV4ZRYR-fd0CS6Ag==
expires: Mon, 26 Jul 1997 05:00:00 GMT

POST
H2 200 xhr Show response
pre.ads.justpremium.com/v/2.0/t/ 52 B
252 B 220ms
114ms XHR
application/json 18.185.167.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pre.ads.justpremium.com/v/2.0/t/xhr?i=1653227506723
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.167.12 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-167-12.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: fe8ca232f5c57f634b10b341de746de8c25ce6c7979b6c0bf9dff4ccd43da4bc

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://gofobo.com
date: Sun, 22 May 2022 13:51:46 GMT
cache-control: public, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-encoding: gzip
content-type: application/json

POST
H2 204 mvo Show response
tag.1rx.io/rmp/82082/0/ 0
166 B 110ms
39ms XHR
text/plain 213.19.147.43
LEVEL3

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.1rx.io/rmp/82082/0/mvo?z=1r&hbv=6.20,2.1
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 213.19.147.43 Utrecht, Netherlands, ASN3356 (LEVEL3, US),
Reverse DNS
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://gofobo.com
pragma: no-cache
date: Sun, 22 May 2022 13:51:46 GMT
cache-control: private, max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: Tengine

GET
H/1.1 200
OK trinity.json Show response
apex.go.sonobi.com/ 230 B
791 B 134ms
28ms XHR
application/json 178.162.133.150
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL

https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2264fb291b6e94be836bdb%22%3A%2264fb291b6e94be836bdb%7C728x90%7C0.1%22%2C%22a7ed1445f63ff290b23b%22%3A%22a7ed1445f63ff290b23b%7C728x90%7C0.1%22%2C%22a3d3f63c0ffec8084675%22%3A%22a3d3f63c0ffec8084675%7C728x90%7C0.1%22%2C%22bbb6e6bdbf16a49bf453%22%3A%22bbb6e6bdbf16a49bf453%7C300x250%7C0.1%22%2C%22b6fd1dc87a0742d83627%22%3A%22b6fd1dc87a0742d83627%7C970x250%7C0.1%22%2C%229faa42e585d1b8098851%22%3A%229faa42e585d1b8098851%7C970x250%7C0.1%22%7D&ref=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&s=3b37c3d9-1d35-4407-bfc1-5f0eb375e44e&pv=f9124d55-2ca0-4415-ad92-1db677771993&vp=desktop&lib_name=prebid&lib_v=6.20.0&us=1&ius=1&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%226c496af9-dbd5-4011-b97b-bace923c0ec5%22%2C%22atype%22%3A1%7D%5D%7D%5D&userid=%7B%22pubcid%22%3A%226c496af9-dbd5-4011-b97b-bace923c0ec5%22%7D&schain=%7B%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22hp%22%3A1%2C%22asi%22%3A%22proper.io%22%2C%22sid%22%3A%22e5962152-eb92-11e9-a488-69e3386c7506%22%7D%5D%2C%22complete%22%3A1%7D

Requested by

Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.150 Rijswijk, Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-apex.go.sonobi.com

Software

sonobi-go /

Resource Hash

de8fa1541a9f715d875c14c31415f7729959d0cec5db96c318c7de293d15a905

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:46 GMT
Content-Encoding: gzip
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: apex-ams-1-6-132
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: https://gofobo.com
Cache-Control: no-cache, no-store, private
Access-Control-Allow-Credentials: true
Tcn: Choice
Content-Type: application/json
Content-Length: 182
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 17 KB
9 KB 205ms
150ms XHR
application/json 37.252.172.249
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.249 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

cb22515a5cf4192297522d69f3586a00ba61de349a03505fb0ca1ef0588f9800

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sun, 22 May 2022 13:51:46 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 193.27.14.40; 193.27.14.40; 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: f720cccf-ac2c-4f3d-8abc-1c28abf1befc
Server: nginx/1.21.3
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: https://gofobo.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 arj Show response
propermedia-d.openx.net/w/1.0/ 73 B
375 B 157ms
54ms XHR
application/json 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://propermedia-d.openx.net/w/1.0/arj?ju=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&ch=UTF-8&res=1600x1200x24&ifr=true&tws=1600x1200&aus=728x90%2C300x250%2C970x250%7C728x90%2C300x250%2C970x250%7C728x90&auid=539109007%2C539109008%2C539109012&aumfs=100%2C100%2C100&dddid=9ffbeded-c7ce-4197-b7ba-1a7a7dd00b25%2C8f2e3822-11ce-4cd1-9948-c383b02b739f%2Cb805750c-8e1c-4ce0-a474-62b1833c7cdb&divIds=openx-93a69b34-7800-4321-a1c7-7c62ab942481%2Copenx-085da573-b9e5-46e3-acb1-9d5c243d5a3f%2Copenx-05999b41-1440-404f-89e5-6ae80464441a&be=1&bc=hb_pb_3.0.1&nocache=1653227506726&schain=1.0%2C1!proper.io%2Ce5962152-eb92-11e9-a488-69e3386c7506%2C1&_pubcid=6c496af9-dbd5-4011-b97b-bace923c0ec5
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 689186408fd8ece557b754a36950896a6aff7b8345097af77ccaf7da69316771

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: gzip
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
access-control-allow-origin: https://gofobo.com
cache-control: private, max-age=0, no-cache
access-control-allow-credentials: true
content-type: application/json
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 cygnus Show response
htlb.casalemedia.com/ 58 B
347 B 110ms
31ms XHR
application/json 104.92.100.195
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://htlb.casalemedia.com/cygnus?s=362743&v=7.2&ac=j&sd=1&r=%7B%22id%22%3A%2262ca0597-3d9e-4167-b1a7-6019989650f6%22%2C%22site%22%3A%7B%22ref%22%3A%22%22%2C%22page%22%3A%22https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker%22%7D%2C%22ext%22%3A%7B%22source%22%3A%22prebid%22%2C%22ixdiag%22%3A%7B%22msd%22%3A0%2C%22msi%22%3A0%2C%22sn%22%3A0%7D%7D%2C%22imp%22%3A%5B%7B%22id%22%3A%22728x90-1-aG92x%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22728x90-1-aG92x%22%2C%22siteID%22%3A%22362743%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A728%2C%22h%22%3A90%7D%7D%2C%7B%22id%22%3A%22728x90-2-rDId5%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22728x90-2-rDId5%22%2C%22siteID%22%3A%22362743%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A728%2C%22h%22%3A90%7D%7D%2C%7B%22id%22%3A%22728x90-3-G50E0%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22728x90-3-G50E0%22%2C%22siteID%22%3A%22362743%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A728%2C%22h%22%3A90%7D%7D%2C%7B%22id%22%3A%22970x90-1-PFRxO%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22970x90-1-PFRxO%22%2C%22siteID%22%3A%22362743%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A970%2C%22h%22%3A90%7D%7D%2C%7B%22id%22%3A%22970x90-2-HvfbY%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22970x90-2-HvfbY%22%2C%22siteID%22%3A%22362743%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A970%2C%22h%22%3A90%7D%7D%2C%7B%22id%22%3A%22300x250-1-z2XdN%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22300x250-1-z2XdN%22%2C%22siteID%22%3A%22362743%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A300%2C%22h%22%3A250%7D%7D%2C%7B%22id%22%3A%22300x250-2-5kVnU%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22300x250-2-5kVnU%22%2C%22siteID%22%3A%22362743%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A300%2C%22h%22%3A250%7D%7D%2C%7B%22id%22%3A%22970x250-1-U5agJ%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22970x250-1-U5agJ%22%2C%22siteID%22%3A%22362743%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A970%2C%22h%22%3A250%7D%7D%2C%7B%22id%22%3A%22970x250-2-xmAAo%22%2C%22bidfloor%22%3A0.1%2C%22bidfloorcur%22%3A%22USD%22%2C%22ext%22%3A%7B%22sid%22%3A%22970x250-2-xmAAo%22%2C%22siteID%22%3A%22362743%22%7D%2C%22banner%22%3A%7B%22topframe%22%3A1%2C%22w%22%3A970%2C%22h%22%3A250%7D%7D%5D%2C%22source%22%3A%7B%22ext%22%3A%7B%22schain%22%3A%7B%22ver%22%3A%221.0%22%2C%22nodes%22%3A%5B%7B%22hp%22%3A1%2C%22asi%22%3A%22proper.io%22%2C%22sid%22%3A%22e5962152-eb92-11e9-a488-69e3386c7506%22%7D%5D%2C%22complete%22%3A1%7D%7D%7D%7D
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.92.100.195 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-100-195.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 4b9774a0ddc7f90f7f506530f9d058b02ea277a0d99fd1dec942b75d59f65d59

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:46 GMT
x-ak-initial-geo: CC:[DE], RC:[HE], CN:[EU], CIP:[193.27.14.40], XFF:[]
server: Apache
content-type: application/json
access-control-allow-origin: https://gofobo.com
x-cs-client-geo: 12
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 58
x-ak-client-geo: 12
expires: Sun, 22 May 2022 13:51:46 GMT

POST
H2 204 translator Show response
hbopenbid.pubmatic.com/ 0
112 B 720ms
243ms XHR
text/plain 204.237.133.116
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 204.237.133.116 West Chester, United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: https://gofobo.com
date: Sun, 22 May 2022 13:51:46 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true

GET
H/1.1

200
OK

659f00da20064a8d94f26475dff43c8f
i.liadm.com/s/e/a-00jp/0/ Frame 7D2D
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=36&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-00jp%2F0%2F659f00da20064a8d94f26475dff43c8f%3Fmpid%3D7156%26muid%3D%5BMM_UUID%5D&360a4f29-d87a-4eb2-9ec2-8a0...
https://i.liadm.com/s/e/a-00jp/0/659f00da20064a8d94f26475dff43c8f?mpid=7156&muid=142b628a-3ff3-4700-a19a-c55798d2844f

43 B
257 B

99ms
99ms

Image
image/gif

52.6.156.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/e/a-00jp/0/659f00da20064a8d94f26475dff43c8f?mpid=7156&muid=142b628a-3ff3-4700-a19a-c55798d2844f

Requested by

Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00jp?s=&cim=&ps=true&ls=true&duid=0304f7a82132--01g3p0khgs41fzj1x3kbsh1nvf&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&

Protocol

HTTP/1.1

Server

52.6.156.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-6-156-194.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Sun, 22 May 2022 13:51:47 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Date: Sun, 22 May 2022 13:51:47 GMT
Server: MT3 4419 e1034d5 master nrt-pixel-x4 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://i.liadm.com/s/e/a-00jp/0/659f00da20064a8d94f26475dff43c8f?mpid=7156&muid=142b628a-3ff3-4700-a19a-c55798d2844f
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Sun, 22 May 2022 13:51:46 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 7D2D 70 B
265 B 150ms
46ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=liveintent&ttd_tpi=1
Requested by: Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00jp?s=&cim=&ps=true&ls=true&duid=0304f7a82132--01g3p0khgs41fzj1x3kbsh1nvf&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:46 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200
OK

52164
i.liadm.com/s/ Frame 7D2D
Redirect Chain

https://x.bidswitch.net/syncd?dsp_id=256&user_group=2&user_id=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
https://x.bidswitch.net/ul_cb/syncd?dsp_id=256&user_group=2&user_id=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5&redir=%2F%2Fi.liadm.com%2Fs%2F52176%3Fbidder_id%3D5298%26bidder_uuid%3D%24%7BBSW_UID%7D
https://i.liadm.com/s/52176?bidder_id=5298&bidder_uuid=97aee1f4-a063-444e-9e03-f92c3ce36ae4
https://x.bidswitch.net/sync?ssp=liveintent&user_id=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5
https://pool.admedo.com/sync?ssp=bidswitch&bidswitch_ssp_id=liveintent&bsw_custom_parameter=97aee1f4-a063-444e-9e03-f92c3ce36ae4
https://pool.admedo.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=liveintent&bsw_custom_parameter=97aee1f4-a063-444e-9e03-f92c3ce36ae4
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=733f6966-bccc-4948-973e-895666979e8e&user_group=1&ssp=liveintent&bsw_param=97aee1f4-a063-444e-9e03-f92c3ce36ae4
https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=97aee1f4-a063-444e-9e03-f92c3ce36ae4

43 B
419 B

114ms
114ms

Image
image/gif

52.6.156.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=97aee1f4-a063-444e-9e03-f92c3ce36ae4

Requested by

Protocol

HTTP/1.1

Server

52.6.156.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-6-156-194.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Sun, 22 May 2022 13:51:47 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: //i.liadm.com/s/52164?bidder_id=5298&licd=&bidder_uuid=97aee1f4-a063-444e-9e03-f92c3ce36ae4
Date: Sun, 22 May 2022 13:51:47 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

659f00da20064a8d94f26475dff43c8f
i.liadm.com/s/e/a-00jp/0/ Frame 7D2D
Redirect Chain

https://dpm.demdex.net/ibs:dpid=127444&dpuuid=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-00jp%2F0%2F659f00da20064a8d94f26475dff43c8f%3Fmpid%3D82775%26muid%3D%2...
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=127444&dpuuid=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5&redir=https%3A%2F%2Fi.liadm.com%2Fs%2Fe%2Fa-00jp%2F0%2F659f00da20064a8d94f26475dff43c8f%3Fmp...
https://i.liadm.com/s/e/a-00jp/0/659f00da20064a8d94f26475dff43c8f?mpid=82775&muid=75795502720138132730861060950017137617

43 B
257 B

117ms
117ms

Image
image/gif

52.6.156.194
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.liadm.com/s/e/a-00jp/0/659f00da20064a8d94f26475dff43c8f?mpid=82775&muid=75795502720138132730861060950017137617

Requested by

Protocol

HTTP/1.1

Server

52.6.156.194 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-6-156-194.compute-1.amazonaws.com

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Sun, 22 May 2022 13:51:47 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

DCS: dcs-prod-irl1-1-v031-055e58f9d.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: AzXVLUgKQJk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://i.liadm.com/s/e/a-00jp/0/659f00da20064a8d94f26475dff43c8f?mpid=82775&muid=75795502720138132730861060950017137617
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2

200

live_intent_sync
x.dlx.addthis.com/e/ Frame 7D2D
Redirect Chain

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5
https://x.dlx.addthis.com/e/live_intent_sync?na_exid=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5&rd=Y

43 B
604 B

296ms
295ms

Image
image/gif

104.92.72.137
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/live_intent_sync?na_exid=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5&rd=Y

Requested by

Protocol

Server

104.92.72.137 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-92-72-137.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:47 GMT
cache-control: max-age=0, no-cache, no-store
expires: Sun, 22 May 2022 13:51:47 GMT
content-length: 43
strict-transport-security: max-age=2628000
content-type: image/gif

Redirect headers

location: https://x.dlx.addthis.com/e/live_intent_sync?na_exid=360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5&rd=Y
pragma: no-cache
date: Sun, 22 May 2022 13:51:47 GMT
cache-control: max-age=0, no-cache, no-store
content-length: 0
strict-transport-security: max-age=2628000
expires: Sun, 22 May 2022 13:51:47 GMT

GET
H2 200 /
trc.taboola.com/sg/liveintent/1/cm/ Frame 7D2D 43 B
238 B 87ms
32ms Image
image/gif 2a04:4e42:600::300
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trc.taboola.com/sg/liveintent/1/cm/
Requested by: Host: i.liadm.com
URL: https://i.liadm.com/s/c/a-00jp?s=&cim=&ps=true&ls=true&duid=0304f7a82132--01g3p0khgs41fzj1x3kbsh1nvf&ppid=0&euns=0&ci=0&version=sc-v0.2.0&nosync=false&monitorExternalSyncs=false&
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:600::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx /
Resource Hash: 0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-vcl-time-ms: 9
pragma: no-cache
date: Sun, 22 May 2022 13:51:46 GMT
via: 1.1 varnish
server: nginx
x-timer: S1653227507.833972,VS0,VE9
x-served-by: cache-fra19158-FRA
x-cache: MISS
cache-control: no-cache, no-store
accept-ranges: bytes
x-cache-hits: 0

GET
H/1.1

200
OK

35004
i6.liadm.com/s/ Frame 7D2D
Redirect Chain

https://b1sync.zemanta.com/usersync/liveintent/?cb=%2F%2Fi.liadm.com%2Fs%2F35004%3Fbidder_id%3D98254%26bidder_uuid%3D__ZUID__
https://i.liadm.com/s/35004?bidder_id=98254&bidder_uuid=
https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=

43 B
419 B

327ms
100ms

Image
image/gif

2600:1f18:444a:4680:8e84:2ba7:9e48:8cf5
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=

Requested by

Protocol

HTTP/1.1

Server

2600:1f18:444a:4680:8e84:2ba7:9e48:8cf5 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://i.liadm.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Sun, 22 May 2022 13:51:47 GMT
Cache-Control: no-store
Connection: keep-alive
Content-Length: 43
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/gif

Redirect headers

Location: https://i6.liadm.com/s/35004?bidder_id=98254&bidder_uuid=
Date: Sun, 22 May 2022 13:51:47 GMT
Connection: keep-alive
Content-Length: 0
Strict-Transport-Security: max-age=31536000; includeSubDomains

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 112ms
34ms XHR
application/javascript 108.138.3.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.3.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-3-177.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: aaJeHz3g2a7aWr9hYquBq.aDaObnNoK3
content-encoding: gzip
etag: W/"a4d296427fc806b21335359e398c025c"
age: 16783
x-cache: Hit from cloudfront
access-control-max-age: 3000
access-control-allow-origin: *
last-modified: Thu, 28 Apr 2022 01:41:20 GMT
server: AmazonS3
date: Sun, 22 May 2022 09:12:03 GMT
vary: Origin
access-control-allow-methods: GET
content-type: application/javascript
via: 1.1 22ec86e3f4ec676e17ef8eea76eefba2.cloudfront.net (CloudFront)
cache-control: public, max-age=86400
x-amz-cf-pop: FRA56-P6
x-amz-cf-id: rbcFaAC78hCcMoIomSec9KRRlos1uazHg7NFlBAIYt8WwXwyK9Xkjw==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 1 KB
2 KB 24ms
24ms XHR
application/json 108.138.3.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fgofobo.com&pubid=cb3b5777-430d-4622-b7fc-358cfa27d518
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.3.177 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-3-177.fra56.r.cloudfront.net
Software: Server /
Resource Hash: 2e95bcc1d51302added6bad654c12c789b25780c0d03b1e7e54aac653a66a55b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 10:20:59 GMT
via: 1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
server: Server
age: 12646
x-cache: Hit from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://gofobo.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-pop: FRA56-P6
content-length: 1405
x-amz-cf-id: Kjl9CtPH9YS3yCbLW0_K9Mpj-vKtZ29dRCfRN1GwwLJaFitX7SlPDQ==

GET
H2 200 bid Show response
c.amazon-adsystem.com/e/dtb/ 58 B
523 B 62ms
62ms XHR
text/javascript 108.138.3.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://c.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&pid=wYu0xx46cMbqh&cb=0&ws=1600x1200&v=7.75.0&t=550&slots=%5B%7B%22sd%22%3A%22desktop-1%22%2C%22s%22%3A%5B%22728x90%22%2C%22300x250%22%2C%22970x250%22%5D%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A10%7D%2C%7B%22sd%22%3A%22desktop-2%22%2C%22s%22%3A%5B%22728x90%22%2C%22300x250%22%2C%22970x250%22%5D%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A10%7D%2C%7B%22sd%22%3A%22desktop-4%22%2C%22s%22%3A%5B%22728x90%22%5D%2C%22fc%22%3A%22USD%22%2C%22fp%22%3A10%7D%5D&schain=1.0%2C1!proper.io%2Ce5962152-eb92-11e9-a488-69e3386c7506%2C1%2C%2C%2C&pubid=cb3b5777-430d-4622-b7fc-358cfa27d518&gdprl=%7B%22status%22%3A%22no-cmp%22%2C%22cmpTimeout%22%3A100%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.3.177 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-3-177.fra56.r.cloudfront.net

Software

Server /

Resource Hash

a1467c6ed682df808cf830c429ebaec42c32c2033369aa48446fb9e7f592769d

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
via: 1.1 0e37105a96e87c22ff4981659a6dc176.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: SAQW1X3JZ10FMH35HP24
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://gofobo.com
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
strict-transport-security: max-age=47474747; includeSubDomains; preload
timing-allow-origin: *
content-length: 58
x-amz-cf-id: AuVCu08FKoMRzg3zVBUQ30gDW-2qUUNKUjLBIuCtxiakCxHutf8iLw==

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 77ms
34ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=393879024716738&ev=Microdata&dl=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&rl=&if=false&ts=1653227506789&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22The%20Perfect%20Sound%20and%20Ambiance%20%20%20%20%20%20%20%20%20View%20Our%20Merchandise%20Sweepstakes%22%7D&cd[OpenGraph]=%7B%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.60&r=stable&ec=2&o=30&fbp=fb.1.1653227505286.2064374363&it=1653227505155&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Sun, 22 May 2022 13:51:46 GMT

GET
H2 200 ats.js Show response
ats.rlcdn.com/ 109 KB
37 KB 112ms
26ms Script
application/x-javascript 108.157.4.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ats.rlcdn.com/ats.js
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-107.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id: qhkEQKrW4Gg_gxbK41emvSsDXWYdvDMl
content-encoding: gzip
etag: W/"148e21f812b555a13b2a9c6b616141f4"
age: 31628
x-amz-server-side-encryption: AES256
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:eu-west-1:469675294282:build/ATSLibrary-prod:598424ed-c6de-48e8-8068-45662e39c3ce
x-cache: Hit from cloudfront
x-amz-meta-codebuild-content-md5: 58acf9e97c03c481f490be71338f7f57
last-modified: Tue, 17 May 2022 11:35:33 GMT
server: AmazonS3
date: Sun, 22 May 2022 05:04:39 GMT
vary: Accept-Encoding
x-amz-meta-codebuild-content-sha256: 57180e34d853b9e6be67670dae22a049fb237e6bca37c60f7ba138272a8487cc
via: 1.1 f47fcc9b2aa47ced36c40c318e6f006a.cloudfront.net (CloudFront)
cache-control: must-revalidate,public,max-age=86400
x-amz-cf-pop: DUS51-P2
content-type: application/x-javascript
x-amz-cf-id: CVRiNd8mW-v_-c4wCeZn7dJ1wIKg_sVEp7JH_bhc5PQTl0GZTxozBg==

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 53 KB
17 KB 147ms
32ms Script
application/javascript 104.83.151.205
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.83.151.205 Milan, Italy, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-83-151-205.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 17:06:57 GMT
server: Apache
etag: "d398-5c3b75e9ebb41-gzip"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=900
accept-ranges: bytes
content-length: 17087
expires: Sun, 22 May 2022 14:06:46 GMT

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 40 KB
11 KB 157ms
68ms Script
text/javascript 46.105.202.126
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

46.105.202.126 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:35:34 GMT
content-encoding: br
x-cacheable: Matched cache
x-cdn-pop-ip: 137.74.120.0/27
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/javascript;charset=utf-8
cache-control: max-age=3600
x-cdn-pop: sbg
content-disposition: attachment;filename="id5-api.js"
strict-transport-security: max-age=63072000; includeSubDomains; preload
accept-ranges: bytes
content-length: 11181
x-request-id: 713660293

GET
H3 200 pubads_impl_2022051701.js Show response
securepubads.g.doubleclick.net/gpt/ 366 KB
124 KB 104ms
34ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

sffe /

Resource Hash

3bd4eb2ece0fe98f279a14bb2b61ecbbcd501a598b50f1f8b211f76ecd420996

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 12:43:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4114
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127273
x-xss-protection: 0
last-modified: Tue, 17 May 2022 08:34:42 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 22 May 2023 12:43:12 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 129 B
123 B 71ms
28ms XHR
application/json 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=gofobo.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

abf440a9ab6162de645583f9c615018ecb6ac8da7d52ea90e5b6c218e9ea32e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 22 May 2022 13:51:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 98
x-xss-protection: 0
expires: Sun, 22 May 2022 13:51:46 GMT

GET
H2 200 / Show response
geo.privacymanager.io/ 30 B
595 B 80ms
24ms Fetch
application/json 65.9.63.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.privacymanager.io/
Requested by: Host: ats.rlcdn.com
URL: https://ats.rlcdn.com/ats.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.63.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-63-43.fra56.r.cloudfront.net
Software: /
Resource Hash: e257df7266563e157bb7df93fd09c6d13afb1c9554468b21c7378e09a94d3250

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 02:03:36 GMT
via: 1.1 4360596ad590d8363ce70eb7bf282e42.cloudfront.net (CloudFront), 1.1 2fc0d20914c32e5cd76477ed042298d0.cloudfront.net (CloudFront)
age: 42491
x-amzn-requestid: 390d7ba1-6ca3-4132-b223-08a171220d4b
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type: application/json
access-control-allow-origin: *
x-amzn-trace-id: Root=1-628999f8-473cebd80f0431b0486645b4;Sampled=0
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA56-P3, FRA56-C1
x-amz-apigw-id: SgT-2FWSDoEFyXw=
content-length: 30
x-amz-cf-id: zmBLi9RigmS6l9z8KjTSN_17TS0rMzGV04pV0ukRMP1igXG9mjL48Q==
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token

POST
H2 204 collect Show response
d.clarity.ms/ 0
48 B 127ms
126ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: https://gofobo.com
date: Sun, 22 May 2022 13:51:46 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

POST
H2 200 s2s Show response
eb.proper.io/ 373 B
880 B 501ms
489ms XHR
application/json 2606:4700::6811:4f22
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://eb.proper.io/s2s
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:4f22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2d7f3b9adb8df2d51539f2f90a001c09afb1d99db29fe9d9b8f23c251005b9ec

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:47 GMT
content-encoding: br
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://gofobo.com
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-timing: dur:439
cf-ray: 70f60751e9cf2355-ZRH
expires: -1

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 126ms
37ms Script
application/javascript 2a00:1450:4014:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=gofobo.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4014:80f::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 22 May 2022 13:51:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 76ms
24ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=gofobo.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 22 May 2022 13:51:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 76 KB
23 KB 493ms
493ms XHR
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4187508081850335&correlator=3930732840363256&output=ldjh&gdfp_req=1&vrg=2022051701&ptt=17&impl=fifs&tfcd=0&iu_parts=5376056%3A4323148%2Cgofobo_main_1%2Cgofobo_main_2%2Cgofobo_sticky_dynamic%2Cdynamic_1&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2F4&prev_iu_szs=1x1%7C728x90%7C970x250%7C970x90%7C300x250%2C1x1%7C728x90%7C970x250%7C970x90%7C300x250%2C1x1%7C728x90&ifi=1&adks=788573710%2C3266753822%2C2297967860&sfv=1-0-38&ecs=20220522&fsapi=false&prev_scp=proper_slot%3D1%26proper_floor%3D0.10%26proper_bidder%3Dgofobo_appnexus%26proper_bid%3D0.15%26refresh_count%3D0%7Cproper_slot%3D2%26proper_floor%3D0.10%26refresh_count%3D0%7Cproper_slot%3D5.01%26proper_sticky%3Dtrue%26proper_floor%3D0.10%26refresh_count%3D0&eri=1&cust_params=post_id%3Dunknown%26member%3Dno%26category%3D%26split_version%3D13248%26proper_site%3Dgofobo%26proper_page%3D1%26s_depth%3D1%26tags%3Dunknown_desktop%252Cunknown&ppid=6c496af9-dbd5-4011-b97b-bace923c0ec5&sc=1&cookie_enabled=1&abxe=1&dt=1653227507602&lmt=1653227507&dlt=1653227504875&idt=2141&biw=1600&bih=1200&adxs=800%2C330%2C-12245933&adys=149%2C687%2C-12245933&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&nvt=1&url=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&frm=20&vis=1&scr_x=0&scr_y=0&psz=1600x0%7C940x0%7C0x-1&msz=1600x0%7C940x0%7C0x-1&fws=0%2C0%2C640&ohw=0%2C0%2C0&ga_vid=576990179.1653227506&ga_sid=1653227508&ga_hid=1501914715&ga_fc=true&btvi=0%7C0%7C-1&topics=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

18c62a36baa8ec966d109d8b6d9e5cb9a7db2834414bc5af422b81018c00c263

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23490
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://gofobo.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 20CC 6 KB
4 KB 332ms
135ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 22 May 2022 13:51:47 GMT
expires: Mon, 22 May 2023 13:51:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=2165A4CBCA99467AA738F89E17042D12&RedC=c.clarity.ms&MXFR=1E643DCEB38166B802632C62B7816869
https://c.clarity.ms/c.gif?CtsSyncId=2165A4CBCA99467AA738F89E17042D12&MUID=3FB49F759FD86F7204758ED99E0A6E9E

42 B
370 B

28ms
28ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=2165A4CBCA99467AA738F89E17042D12&MUID=3FB49F759FD86F7204758ED99E0A6E9E
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:47 GMT
last-modified: Fri, 18 Mar 2022 19:39:54 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "8120eaf0ff3ad81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:47 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 115E77F8999F4D2F8819BFA6590AD815 Ref B: FRAEDGE1206 Ref C: 2022-05-22T13:51:48Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=2165A4CBCA99467AA738F89E17042D12&MUID=3FB49F759FD86F7204758ED99E0A6E9E
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 14 KB
11 KB 69ms
24ms XHR
application/json 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022051701&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7208350a17ed4fa8b0c871601473aab5114d61744498821845793303e2c1db5e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 22 May 2022 13:51:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10532
x-xss-protection: 0

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 46ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 22 May 2022 13:51:48 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A177 13 KB
5 KB 27ms
8ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 667
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 22 May 2022 13:40:41 GMT
expires: Mon, 22 May 2023 13:40:41 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame D135 783 B
1 KB 89ms
17ms Document
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

27e33e146294acf3937549d44385b341ea8b18553cac74088b1b30df78c51657

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2z7UZVquIjqqWqpvL4gv9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-2z7UZVquIjqqWqpvL4gv9A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 22 May 2022 13:51:48 GMT
expires: Sun, 22 May 2022 13:51:48 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012204292129000/ Frame 56B4 220 KB
61 KB 51ms
7ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8438fcae135714383f2e8b95e9a173d7dae352e433c16c07ab158e6c88c489d0

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 483577
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61295
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 23:32:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "c00c4adb72e5cb7f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 23:32:11 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame 56B4 14 KB
5 KB 61ms
17ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

42bd99c9d9c85bebd6419be0bc7cab4bbdd98f3743d9c0bf7e3e62cd627cb581

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 516214
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5188
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 14:28:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "176361d496ccc411"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 14:28:14 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame 56B4 94 KB
28 KB 63ms
19ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a05fdfb3e658a59c3b08dc4d5787cf76826988866a1be0bac3710c7753640d1f

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 516213
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28840
x-xss-protection: 0
server: sffe
date: Mon, 16 May 2022 14:28:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4b15b3c971f95798"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 16 May 2023 14:28:15 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame 56B4 5 KB
2 KB 66ms
22ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

742106aba0be6db1086baa20c675ca18298baf0eecf4f0ad7a99111be6796446

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65498
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1906
x-xss-protection: 0
server: sffe
date: Sat, 21 May 2022 19:40:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "a2652581fdabc981"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 21 May 2023 19:40:10 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012204292129000/v0/ Frame 56B4 40 KB
13 KB 65ms
21ms Script
text/javascript 2a00:1450:4001:80f::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012204292129000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

151ca0dbdad0610cbb5b206a106dd32b5a5915325c96ec690652e0e47abf8465

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 65498
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12953
x-xss-protection: 0
server: sffe
date: Sat, 21 May 2022 19:40:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "8a2450dae6a66803"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Sun, 21 May 2023 19:40:10 GMT

GET
DATA 200
OK truncated
/ Frame 56B4 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 417f25d95312044ac3baf5172d878a2bd5c923056ff87821f65d074e305e8f4f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 14701499774221531914
tpc.googlesyndication.com/daca_images/simgad/ Frame 56B4 80 KB
80 KB 13ms
12ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/14701499774221531914

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe3403dc22da937cd7a4b6fbbb8391ec1f507e5f83f12c60237e7b08f3139b68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 04:00:52 GMT
x-content-type-options: nosniff
age: 35456
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81423
x-xss-protection: 0
last-modified: Wed, 20 Apr 2022 22:14:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 22 May 2023 04:00:52 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 56B4 2 KB
2 KB 12ms
11ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 09:41:38 GMT
x-content-type-options: nosniff
server: cafe
age: 15010
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 23 May 2022 09:41:38 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 56B4 295 B
319 B 12ms
11ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 14323
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 23 May 2022 09:53:05 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 56B4 0
0 43ms
17ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQfWCfBVJ331mrtsUdk0i45NS0tB2IBNMtRmfPezBjYucA9s5xcyG0k8bVrmcESeM3d5n5gbBCcnPhzSklfIf2o4o7vmw
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 56B4 0
0 50ms
49ms Image
text/html 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CrLMq8z-KYr6ZKcTH3gOoz7CgBa_V3Zlq-MeP6KkQ3NkeEAEg2Oq2IGCV2qKCsAegAZuI0Z8DyAECqQKAvcgMx7ixPuACAKgDAcgDCKoE_wFP0EzGxyKg9k1ClT4Q8k_wtEgxP3ExrX_SvvZEf43540UBg4ynDppD6JHHv2p3bRTw3aMOon3z_E1mTD8libEjx2rNENf5AWHclSDN0qP4uTX2uTVbYaleZR3bBpa1uFLbf-luqt3USRE193WHiobbvHvtRZ7wVcP5dd_YpnNAy-o_ZBhg4IvYkP5H8AO6vQc_MNFazhRl_NNfCqQmmd0BLPyGJuLHWN4ORxF0gAKDO_qVf3KuH0oO0Fti9aHoZTFibrxBwGgspqe3YZitRo_27e0bkeGdzEFt3lZ5kNe9fl3d8MR_DYWdvwk9xbrtBv3Q0jdcq4DlEbdI_2-6anLABITg5cmdBOAEAZIFBAgEGAGSBQQIBRgEoAYCgAfN965gqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwQQ879F0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi02MzM1MDcxNzY4NDU3MjQ5gAoDyAsB2BMM0BUBmBYBgBcBshceChwIABIUcHViLTY4OTc5MDIxOTE3MTQ4MzMY0JwS&sigh=b7wH-q61YyI&uach_m=[UACH]
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 container.html Show response
6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 58FD 6 KB
3 KB 23ms
8ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 22 May 2022 13:51:47 GMT
expires: Mon, 22 May 2023 13:51:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame C9A8 6 KB
3 KB 19ms
8ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022051701.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, immutable, max-age=31536000
content-encoding: gzip
content-length: 3108
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 22 May 2022 13:51:47 GMT
expires: Mon, 22 May 2023 13:51:47 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 352F 624 B
340 B 160ms
130ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCbv6ABGLCB3ccBMAE&v=APEucNVEQpd8RYnWrdVyfq57eWLBH2MSKP8nY4m9i2WXdrU4sO9tC1hRQFlpGt56Ye2CkaLNzDmrO4ZaShK1GSh9KCNOuogUhRxNHqQIrZxh57Psk-hoUY0pYPxaPQhkrLQeR2urfRzwQXAR_k5k-5wVR3IrNcDdN-_AaoUINv8lIM3Kn9wyOgVhh_5B3DQ4j9k3zx0hAIIZ

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 22 May 2022 13:51:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 58FD 27 KB
16 KB 180ms
153ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DMGVJ8MNRNUncDHX438pbRHJcwAIGUGOg1DdqM5n7_dbQo3_0NqdsPB0sVgnm_S_yu35k4_FYxLXG4AF9LtmMa2mQt0GMGKbkuYaHsR70vQ03KJY9WkMD_AMJRk3URv-EC29X4pxO0mUKSP1eAyRRRu2Gp_w&cry=1&dbm_d=AKAmf-C0IuYOEeSdlypluJ0O2ezE-rYF8olEavKZQRFhZrqwS6fbbfar820ZSYlw3xELDoMdzu38wy8IxCmV9AR4qwdZURx3AHmy71WLxTzD52e0nu3YXfSyVSLU2pTk2VJbEXMSxcSrRHBcNEMAPpMI29yCkOUq2Cn4LZbmrVio6VOLWUCbIt8oD3SA3ON2WJa8hB8ong93Hx4eWU2D6tjmAhhRyZgAj6Kpi2oIHtIDHubYHy1jZfQzqzay9i0c38hjxyPA2LAcKY6eLUvX9y_GkEDNo31FnsvBOnLi1lkq7YPlXfW8QdXNQcah4qR6k9P3b5CVLHRtdXer4eQLoRp3Yc1htx96x02W6IHhwWi-V0Dhq2aa8b3NtUFJJ-YDCa3iTO82veo6OZ-fr19sUCcEI3VUf8q5u2ZeY9n8RQaBQaveg6pDhvxyjmNtOQdw78Cz6JLC0WsqFv1oklnA6DY4p3k2zHG85v4QBX_Xkikw82VhFECQGZySXqjhfoSh5lSFxE4Bv4cowsg-ZMhZuEQil0bLNjRNYlcFCjDotpM3zNKEtP-w155UpUYvyGXyl0YbuYOlvQZQcN7UMzPpQ2jzhDib1csZ0e7-Hs-bXpKzFencqCco6w0r0eH1nXyDhUw3ihwYtXqjW0cFLuXWE6kSHRgOfw2k2oVLYAz7Yzo6AYVzl_JeH7EgGwt2gvULuEa6QSBVWEd0c2HU9YIwu0oXOZpnO8b4CPsZfPnWI1nT4JrBMhn3pFiubvtPeYDVb-6WvAvBlC3bQl5VQ0FVQC0XuyvX0SQh-yOJZTI18bpDOTyM4ISRNB2SThsx1FReI9WR9aF-RN4DlJY-JD3M0OGZUMcP6vNxrUlpJMwwx8zOE__tVD0jB2UUFnTSfmEAQrH8QZlMCjxOsEwhG5uOHyOAIv5_JvFYzVKgFf13TE7Lq_koenUP7LBplmdwc0-E9bShDtI42nUFerMd_mOazIfrAjJkccncnti5b8_Hs8VeM5v_O3Fsg-bESZRCngfndXswu_hRz5cqAwsE2v7V-HE-XyWxMW3c2Egj35ug7Um_F5aTS1tE8TrMMtmfAzQQnrLa0HAH2yGwio1A6XIyaiKNEvy4Udt6gPDVoJY9wtaXpuKdrQb6YLo_nO73Dotpuo0UHXSn0JgW5i-oKYM2EX_3eNXSridwXctqIIEGN8bgnQp-qHPhPoh9ep-Rqr0GdG6ER2sPs8VBM5PNL-iOX7NQFaYJsPXusmsdEBn9Bfr6MTt9aDSTr9I9I_1hnO8CljPHTyeILeFAJg8Zmc68PpqHKslEku7QCpoQY5wHm7c4wCXxxstq_fchxw6veY6NTAnGwsKwnVMUCKnlIsXa1KrKgXrIIZTRK1qkXWuAaLaYhCuoEQnifML1utAcdjuvi_m1IyqGQnMoA5NcrHy_4q3q2aWCK2c64Ol4tejPMkf0kpTiBsqvMB7Q_SwteCrQl2xuQwtmZkAfBk4A05OjuLfR1QlvvJdKHYmMnAK6pchXffhpoapvK06O1h175Wv_j2C20G5cC7ENeIgfbApB0C8GD3oua_RqesDMwzdiqSLKE0lvP2GMIgaT_2UPi25xdWGjwT4o-tII7b5yqyUTj2EMKVwi7jwamR9yTtBUEYuPR-E9JLtHnxWPVMu1M4G9fUgFyeiyATXOhq0Famf0hcSzsVNOvFdRgPeAl2NM95AhOReFkLfNvijw7grrBQ4z5moOtEiNgwDTEFqmxZ6ux3EYWC-y2M1nx1nE3VDLwCFKMh2Lsn2YkNmjZSChfBBoSgw1zLCH9c6X9WJ6FFP6EEE0795LLDEqC52blvRKgHiAzqqSfawbiRH_KuGouyuKYFL1ttkKVpsp_qyz_anAPdD0MPQXU4ebIiMYxwtnvvBfoaQDJ6a5p_Sht4OVlowEF8g1j3UF9JMqIQvQzlaBY-kzqz0rwOJL5OaMH-aIseskNWnnO8ThIKKLNVn9FDQ84jeGq8e3-7ievpBiEXxTkegMStWjhUhcNCKaicvIXI1brw494lcIeIYLkFKsvyu1_NS-1PAUsUdU5C6HuMRDXAXyC6Gp-z5xYxWKRRJqnL-s8-mH9mG-71hOGrtL1EAtF_TMs88zhTL7ZaAhahhtUonoDHv-1VzZIyNXntKPTsxVUEgATyWqdw7BtzzBr0Ju6NN0ttyLGvA6qtnIGhaCxDpjF79Bs0rfm_0MtX2pFgM628C2BYP9QwQBQdwtCmGySba-26dWOSj3fzDsXy5MP-T95c9_pQVBTCCtrX_my0z11BeS3CAxr187tq3XiUgAOwMqsza40n8LLt4VnWtd4kktAA7l74qHKgGPQ6IWQGrT4blcNvLe4vvUgpocu0v4pj9Y4lP4qUc12AxNRtfG1wMVTdAYFXLvC9flpV5Uc9-UKSv43PqKNoG-GpiNHLiqnii_8IH5umlmeXG1QOcQugvTDo9wSmdNThIeG7VHJ08r3Y-mvinQiQXIJ1mxTo2bOz_kSSDlip6eWqUUupVbR6K4co6B_7TpuitRQ9_Ec50kufkm_YoFM39mf4me27EgsWjdjbGm8mUb_l9YbOGX6f6hSGabJSQ7rCeJsZ41s3wcel0Vs5sqGAWf3fXZc6I4TSYr3mtyIucIZ-heZRxDC6YiQ9f64g58-seUvHhdNwAFf9bEv88_NWrWHmbrVJ0lbXJP91ORIZ4viNmMQk_KdT2QGfGPXcAGIOrVLbYwHCSa3TzpHrwQRjpZw_zRV72YN0VPY6IxpLaZjPIaW0A-owgKESlYHfXQgf_KGhQyelAjMbtwN7FwxIltUeqpbLvjhdHSS5WknT8JuYpfvr7Vuzi5HiK51dgtKbuLU4b1SBIJNxDDmU1yMwt661ZYnhwAl1feHvfEa3KzPyrm3xmidPnx-e6vqoh9HlNgTTl3_Nfnrdw26EIKbPcsoyNvEE65r_Ey4uHFM_5MJ15i4I1cGveEEmuaXrzTAVatBWgw9JNtggqUZTcHhVkgQdGBeO3zYVHucpqSjtU3vmaG9j13pXbnIT6BwZC4e3Yfq5OydrviutDXwtxoDNG3JuYobAeM_iz80DzJ9nTRGPxAtHuZUpQc2U5qNg4NhDoWjynZyzpS7bAQBxClWdQUDRPyaekvU1tryM6W4YG9QMYpzJ8xJgVKo0kuZtncPjp_2NKglyD9yUJpD9KG-apRO3bZrRAF85tLrTcCAbw6TL-AK8mKiDGkpC1uY_cq0Q&cid=CAASKORoGILQsvmGeji3oXrnxb_s4Zmj6hWoYnXqM7YCFtwpccuotKK36hY&rfl=1%2Chttps%253A%252F%252Fgofobo.com%252F%240

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

dbbb8ba91ff52c96903588c8381f6da323def88e4a261d3a01df91d3e526a0bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16377
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 58FD 42 B
63 B 58ms
40ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-APrdMBjBJcOpE9B79MkG1H63OrvHO27RzoOxocVqdTcl081kmB1L2z2Z_56vcse_Ss-dpPa3HPduTRlpMmy5PXSJ_pxaDnj-H9VsLcrRjRwF8cqns

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ Frame 58FD 24 KB
10 KB 44ms
6ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8066520d4f9a10b94ecaab59ccd265803acf8a1c1d1de3769ab889e95a77dd4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 12:59:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3159
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9377
x-xss-protection: 0
last-modified: Wed, 11 May 2022 14:39:46 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Sun, 22 May 2022 13:59:09 GMT

GET
H2 200 jload Show response
pixel.adsafeprotected.com/ Frame 58FD 47 KB
13 KB 190ms
37ms Script
application/javascript 54.247.26.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.adsafeprotected.com/jload?anId=10933&advId=27804846&campId=16808042297&pubId=1&chanId=29796730690&placementId=418857136&adsafe_par&impId=ABAjH0iFuwDHX_yBoz24gE_-3L_1&bidurl=https://gofobo.com/sweepstakes/TikiTunesSpeaker
Requested by: Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.247.26.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-247-26-77.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: f1fb4f218ac0e46a9745ee9172ebb4459308a9a4ee0902cef26fa7eb5e3e2b43

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: pixel.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220518/r20110914/client/ Frame 58FD 3 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220518/r20110914/client/window_focus_fy2019.js

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:49:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 161
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Jun 2022 13:49:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 58FD 135 KB
42 KB 58ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35d962f44b1208c783395315f2793914f30a7df4aed795e62885e30675532830

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42375
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652873336749811"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 22 May 2022 13:51:48 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220518/r20110914/client/ Frame 58FD 17 KB
7 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220518/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1be78b79774b196d2500f7bd3bb3ca7269ec444158f0e545d4d313bcf40e1310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:47:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7211
x-xss-protection: 0
server: cafe
etag: 2988716039725867132
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Jun 2022 13:47:21 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 58FD 0
0 36ms
19ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTxNwDXjFCPzMVfX1wpdoHVwjJspJ4o4vuZUlun3Ew2YFo_2ovvkX7KWL78vq9Zcm8svJC-UeYl6qvRmFWDC7S7iSpBMg
Requested by: Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 947B 624 B
733 B 154ms
130ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjv0dHKATAB&v=APEucNVgeEP8gHZbpQnLB8nu0S0dBC_hOoU87Pq_ntFX4ZMvmeprLi6l-c1uARGSreVDVdc7ndG1H1SBHPTUxAYQdmJCNUWlPKiwAWyqGOp3aNRS0fAAIsv9dAzN0pJIq8TEjDCqi4sKKfpfUxP7j3kxfWDK1IW0cYg9CE9b8kmJEWY1l7PlGkwq4HjMjjY03MLlklBPu-du

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: gzip
content-length: 276
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 22 May 2022 13:51:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C9A8 89 KB
35 KB 279ms
256ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BnTcaczGOe3TCzvyKQe1kSCLK2SFgidCtqR533EUODG36WbonQir7658SiF1U0eNwfKnLQQvydM4XHL6B-BDfyHXi26x0lGKwE5M4YKAEa3UWjNvt2nnK8aGKVNv4AUheLEl-r9u_I9Jtep_1xCFyZW52hEA&dbm_d=AKAmf-BGMn5vPM1sp8C8scytQcNr9mHAj4Utc2Fy8Gz-Nmufx8lHT48b7LI5TlnX8N5L8bnRbQDiLkj00JFuC2Qq9W6ARyQUcABlrOzW7NAFqz50bmGgxeUgaf7AG5MGh5aVO4XdQ-qHB23IgFs4A91oNFfJx3CAcv1ioPHubmOjgoY16xWz2tn8DvKFiuij4L7AU5jrqAtjOglj9ozYSgEcNvJA4pScGR7kbjzrizuJU0bZkHeM5GxQ_zZK0kw2SCnUoUPwSbCisjkWGzK1pQxgJGcYuM_kigOAd01MvVbW1wivtD0ThUT_u9muUrju7ld2GscNEN7KjNFaucQO0eLmLVKqLn14j-nMbxi8HZb19LealvoeJVdFzxhzeIfGQ7b-qD65EErZZdCXJybDA4al0-2m02g9BGnDTSAG7vPaA8nvCoTNPiPA9CEn5FjB8xiEG7J4GgFNOy1F86TAfqc52KphpgcvIq4uL1BzrSGd07m_74SGEk4nDVnLz-xQsEpKoly5pxJYWoMsTyElzf_IcG0nuNANbvfv3LXecsTYWBly0b5SULczXoCeQAlLial8wU6qMnB51UMcHykDALUiiWXWEdOC54LR92JinPDv3Dhpq951c5iXblws5d_vU8S7LYxfel7RVYbNQz4Yl1GuVI1rkGIY_pkjbhFyUHr17L92eIcpCAVj3af2lgBzFNlc8DbZiC_qGYwZx2aEerUe0BkiYBdFRz-vpWuXQuguoYG_u5QI9jCUytO8Ork7oyBtO0Bi6ZOQFKm8ligHV6M8oTWb9vqVQBQXnf-BE4skmYFJVT7qiXs7DBAxKLkT6viXTz7foBP3XS6DnapLs_2clu_yDTCLk2st82hWpyXq5CbwMGOzpX3_XAVqgQqqBR9PqgSsaTOFNdiohZ8PX--nVNldNNO_sG_jx6yInoEOF6Znh-JP3WGdkl8_AFtmqR1VDGoxIIZqZZuYe8v0XxuiVtbkTI_SVi8AOGNbE_czsaJxJdtzlDwgI3I9rRuggTB5o6mC_mO21sTJcMbpRMJyUSFD6VQWTjkUseF7qXGMrzdo-e_7wgNbwPu1jviSmh2TGkmqXM5yamun0hg9AUopyEk948ZIHYW7YSnbNbTTNOHsYdQvdyQW-II79OfqcaQ5AGOWYk8-YXAEe3SZUKAuLIKzYWRDhlG8BtG9bbR-OmE3iXAsuK6ylbKJra1Me-80DcrXomeAL1EFu3294Hncv7fTYUv2XLKBxgR_vOxymgLJREz004gxz1koh3mChRIy1ZkyCIJRD7YpLdC2qHvf6wm0RBlInJcfWnpeBXJfXzBN9V0IBceM7cYG0iqJd-cFTgzC625O4H62eJ9x4SLZS3p-LyFtWvG08CbATcKzrYDkznRYJxMz6oycXTlcikHmqNCACKeJYkAwMrpJzTqlY7F7DNB4X9VzO1mJxWH0FN2zzl0UgJAQDkm7ylgj1PSqnUgPkyv_Ma9VeuK2pkl9DKyDwCEB2ROnRNHcVkGYBvIyeAwaBg-dWKUbNXYq39KDq7sjBnt28WsEWQnmpQYlfgzUz0hkD8-pHizFKGzNuRFQRIL10SCvoxR3i5_ffcPeRFligRjVppjRyfFg68NutPTO-eNtbv-THf4ai5FS4_KInxVSa5aPfkfc-QMDk4Pl5zqinQJlEXH5Tvu3MxnNVGyqXS_Hk1TUeNhcY-yDwXF1Fn2CDXDEgozevrgK4Am1u9FInHY3uhu0velpJKRIoN-T2litv9EdHj2Xt_e8j6u9Dg1VJ4XdQbtHpzWQiw5N5zCp-daslSBhvMClxLISyJPvW-16ldnbTqUe0d8u9XsBSGYCHiyW1oS84QwWrHjcOyFJ4DeMmH_BYFsBPS2rtzO_LMyJi5TDqAwLHrhFuNbJ9NILxAoXC3_vPvdc2vdHHMQfFY3AZUfbwsGrRHFPhyv7HIBFs5ChVN_7ojPKileSAiwyCJoK3IGmOdJgQsue1yChBN9vGTKKkS9oeqxUdmoxWVlCN0qGwzZ_Iwg3dQzUfkJ-zsB9024MKc4x8t_7Q5lcg53x25C4e1O9DYfGHl4f9OIpJhPqrIucpPlYULjChSpr-5jKK3u3NyaWmBVzC-swINM_Yq6IzQ8nR68OnFNscbqxFy6g_ZUuHAXNoU3pCPr-tTKW7pq2sPg07ZiGkbg1pic-u8HExSWDW69RZjhvY6XOfRkkjkaF0Ysa9hC3hM4aPHgWniFxLqMZ2cWO7QbGQgJZmCN4uL3bC2J0LjxeUD-ySjCtj07Ltyj6UWJEqcYXPSH9Xf205uxyP0_KpuAlkJ21IjKe8Dus4OUxsNqlT95HdzaxqwMS230yCbFFxasy_euvh_ZL0KubZ09LAeIxd73N3pzryzdSlxLmbiulBrFqtzPH6hPSsCnpfr-K0rvPVcCmG_tZ4G0o67ivruZO2zhPXt4zAt0yOERE421kPRj1XpQ-B5tFqZ1-OrrPxnzIdgfcgJj4qsNGmU0P7Ge60qtCdFuPrujKOtLbBgbmaQDTtMoCqlqxut33DSJmuvrvDSWz9kD8ndvWu8cZbW2_9tw_S0caOocf9xqqIBzVPsJmN-BY06M_FtYRnMyM6PeFR5gHzTojdFwbB2ZP2PUiZq0DUHq6iiE-8v2Y73qVbR3fhy9XZmJcLmw6NbX6TN2BobguP9omUAZcwFCv5lOEPmGbcGHuLoYg1Lm1naIoIwP_4MrxvMuyetwYfj6qXJ6GfctN4DBzcXIQWr9D9ti24rYjzoZOoC2vVmXzaTkdZ4km_BXgcWvBGEbF-ePwH4Vuj2INZabmEx0jkstCXXTWb3uxs_qFqdPRaBItrER3BLKzXqaluqv1-awX0L_fLPdnjjUioJOlhvy7hYqkIVSxRfSXC-vkukfciIQEkDIWw7ALVXZ6dX8T5IBDODCxgAhQRXi7oTxaEtQkhDOFDvoEC--5gawFG9Fub0-V5dl9t8kwOuBfen3g2PI2tFcTtCW4pqb5YjABz7OMqqPrKZ3KguaWbGiGyh2F0EyqZjppnJL3EPpK7--7B3e2tF0BdYGpByfyR4B0lIxv2tdXGSM5o06qSkPXdjS0jO6UZuneZCnIJ_lj32sfhxB7JoNqZRVp_Onvc6fZO_4z-x3NEfVIFN-5gcXtbh02A2mjhiAc8qHv2p8dap7uodQo5qPc6Lc8Y_G5wARyYR7znajsrcRDZ5IBF1SqAzFY9z8oQlKKTpgv0A&cid=CAASKORoUv5kc5pMA08hkZdP_RTXtc0Bv1d2Q-VJpJLFkNGp0nGUguOjspI&rfl=1%2Chttps%253A%252F%252Fgofobo.com%252F%240

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

702cbacedb71cc454f6a0c632fd80c717e97b760dbda6fe612422b147e0b042f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35464
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9A8 42 B
63 B 54ms
40ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CfKYtgDC8TKp8FiDCuv6DiM8Makb7HfPBqZSs_j-cTUjCU9Cch2D7r8vQ2FqtQuKWYP6nlVlgPed1cwiWRcGaAAfaLDkeJNHTAiheXJxZC3Kr7en4

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220518/r20110914/client/ Frame C9A8 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220518/r20110914/client/window_focus_fy2019.js

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:49:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 161
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Jun 2022 13:49:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C9A8 135 KB
41 KB 63ms
29ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

35d962f44b1208c783395315f2793914f30a7df4aed795e62885e30675532830

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42375
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1652873336749811"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Sun, 22 May 2022 13:51:48 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220518/r20110914/client/ Frame C9A8 17 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220518/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1be78b79774b196d2500f7bd3bb3ca7269ec444158f0e545d4d313bcf40e1310

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:47:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 267
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7211
x-xss-protection: 0
server: cafe
etag: 2988716039725867132
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Jun 2022 13:47:21 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame C9A8 0
0 34ms
20ms Image
text/html 2a00:1450:4001:812::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTH56X8k1oxuMFbVsT1QRjWsEqjdAljkpgg5z3ZRuPhTs7am3NnOkD-bhAeBmFFgUUM0D88upK3lT5edhVPyUMGLhkBYQ
Requested by: Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H3 200 AAcrpHDydyl_zLrsUqLIoJaIpM6fuyfNuw3JGtq9cUA.js Show response
pagead2.googlesyndication.com/bg/ Frame A177 35 KB
13 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AAcrpHDydyl_zLrsUqLIoJaIpM6fuyfNuw3JGtq9cUA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00072ba470f277297fccbaec52a2c8a09688a4ce9fbb27cdbb0dc91adabd7140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 21:24:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59243
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13604
x-xss-protection: 0
last-modified: Tue, 17 May 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 May 2023 21:24:25 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame D135 0
0 75ms
74ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022051701&jk=4187508081850335&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H2

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 56B4
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

265ms
264ms

Image
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Protocol: H2
Server: 2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Redirect headers

date: Sun, 22 May 2022 13:51:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 14701499774221531914
tpc.googlesyndication.com/daca_images/simgad/ Frame 56B4 80 KB
80 KB 9ms
9ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/daca_images/simgad/14701499774221531914

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fe3403dc22da937cd7a4b6fbbb8391ec1f507e5f83f12c60237e7b08f3139b68

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 04:00:52 GMT
x-content-type-options: nosniff
age: 35456
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 81423
x-xss-protection: 0
last-modified: Wed, 20 Apr 2022 22:14:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 22 May 2023 04:00:52 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 56B4 2 KB
2 KB 11ms
10ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 09:41:38 GMT
x-content-type-options: nosniff
server: cafe
age: 15010
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 23 May 2022 09:41:38 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 56B4 295 B
319 B 11ms
10ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/rtv/012204292129000/amp4ads-v0.mjs

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 14323
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 23 May 2022 09:53:05 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 947B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1&C=1

43 B
894 B

34ms
34ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjv0dHKATAB&v=APEucNVgeEP8gHZbpQnLB8nu0S0dBC_hOoU87Pq_ntFX4ZMvmeprLi6l-c1uARGSreVDVdc7ndG1H1SBHPTUxAYQdmJCNUWlPKiwAWyqGOp3aNRS0fAAIsv9dAzN0pJIq8TEjDCqi4sKKfpfUxP7j3kxfWDK1IW0cYg9CE9b8kmJEWY1l7PlGkwq4HjMjjY03MLlklBPu-du
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 22 May 2022 13:51:48 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:48 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Sun, 22 May 2022 13:51:48 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 947B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yoo-9NpAM9v.32-4kWHCdQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1&google_hm=2

43 B
894 B

28ms
27ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjv0dHKATAB&v=APEucNVgeEP8gHZbpQnLB8nu0S0dBC_hOoU87Pq_ntFX4ZMvmeprLi6l-c1uARGSreVDVdc7ndG1H1SBHPTUxAYQdmJCNUWlPKiwAWyqGOp3aNRS0fAAIsv9dAzN0pJIq8TEjDCqi4sKKfpfUxP7j3kxfWDK1IW0cYg9CE9b8kmJEWY1l7PlGkwq4HjMjjY03MLlklBPu-du
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 22 May 2022 13:51:48 GMT

Redirect headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 947B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHWgOLiCPe5XGdf5roWWLxg&google_cver=1

43 B
1014 B

16ms
15ms

Image
image/gif

37.252.172.249
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHWgOLiCPe5XGdf5roWWLxg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjv0dHKATAB&v=APEucNVgeEP8gHZbpQnLB8nu0S0dBC_hOoU87Pq_ntFX4ZMvmeprLi6l-c1uARGSreVDVdc7ndG1H1SBHPTUxAYQdmJCNUWlPKiwAWyqGOp3aNRS0fAAIsv9dAzN0pJIq8TEjDCqi4sKKfpfUxP7j3kxfWDK1IW0cYg9CE9b8kmJEWY1l7PlGkwq4HjMjjY03MLlklBPu-du

Protocol

HTTP/1.1

Server

37.252.172.249 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:48 GMT
X-Proxy-Origin: 193.27.14.40; 193.27.14.40; 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: eff8825c-cde4-42bd-b753-0ff355f7168f
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHWgOLiCPe5XGdf5roWWLxg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 947B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU5NDc0MzY4MDAxNzgwOTUxOA%3D%3D

170 B
243 B

45ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU5NDc0MzY4MDAxNzgwOTUxOA%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:48 GMT
X-Proxy-Origin: 193.27.14.40; 193.27.14.40; 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 0184c37a-0065-4f5c-97eb-b089338e33e0
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU5NDc0MzY4MDAxNzgwOTUxOA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 352F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1&C=1

43 B
1014 B

47ms
30ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCbv6ABGLCB3ccBMAE&v=APEucNVEQpd8RYnWrdVyfq57eWLBH2MSKP8nY4m9i2WXdrU4sO9tC1hRQFlpGt56Ye2CkaLNzDmrO4ZaShK1GSh9KCNOuogUhRxNHqQIrZxh57Psk-hoUY0pYPxaPQhkrLQeR2urfRzwQXAR_k5k-5wVR3IrNcDdN-_AaoUINv8lIM3Kn9wyOgVhh_5B3DQ4j9k3zx0hAIIZ
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 22 May 2022 13:51:48 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:48 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 308
Expires: Sun, 22 May 2022 13:51:48 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 352F
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yoo-9LB0IwD3dHK4a9HxUQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1

43 B
894 B

28ms
28ms

Image
image/gif

23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCbv6ABGLCB3ccBMAE&v=APEucNVEQpd8RYnWrdVyfq57eWLBH2MSKP8nY4m9i2WXdrU4sO9tC1hRQFlpGt56Ye2CkaLNzDmrO4ZaShK1GSh9KCNOuogUhRxNHqQIrZxh57Psk-hoUY0pYPxaPQhkrLQeR2urfRzwQXAR_k5k-5wVR3IrNcDdN-_AaoUINv8lIM3Kn9wyOgVhh_5B3DQ4j9k3zx0hAIIZ
Protocol: HTTP/1.1
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:48 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Sun, 22 May 2022 13:51:48 GMT

Redirect headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBQIGNW0nNOGpWR2_mQehmU&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 352F
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEHWgOLiCPe5XGdf5roWWLxg&google_cver=1

43 B
1014 B

17ms
17ms

Image
image/gif

37.252.172.249
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEHWgOLiCPe5XGdf5roWWLxg&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COHNHRCbv6ABGLCB3ccBMAE&v=APEucNVEQpd8RYnWrdVyfq57eWLBH2MSKP8nY4m9i2WXdrU4sO9tC1hRQFlpGt56Ye2CkaLNzDmrO4ZaShK1GSh9KCNOuogUhRxNHqQIrZxh57Psk-hoUY0pYPxaPQhkrLQeR2urfRzwQXAR_k5k-5wVR3IrNcDdN-_AaoUINv8lIM3Kn9wyOgVhh_5B3DQ4j9k3zx0hAIIZ

Protocol

HTTP/1.1

Server

37.252.172.249 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:48 GMT
X-Proxy-Origin: 193.27.14.40; 193.27.14.40; 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 71b550e7-0f5c-4a0a-8907-db522da09fe8
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEHWgOLiCPe5XGdf5roWWLxg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 352F
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU5NDc0MzY4MDAxNzgwOTUxOA%3D%3D

170 B
232 B

28ms
28ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU5NDc0MzY4MDAxNzgwOTUxOA%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:48 GMT
X-Proxy-Origin: 193.27.14.40; 193.27.14.40; 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 8c7d020d-d2a5-494c-ac54-58855e017d63
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MzU5NDc0MzY4MDAxNzgwOTUxOA%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A177 0
9 B 14ms
13ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?ZDW92A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

POST
H/1.1 200
OK bidding Show response
bids.proper.io/api/ 0
171 B 163ms
163ms XHR
application/octet-stream 52.88.218.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bids.proper.io/api/bidding
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.88.218.108 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-88-218-108.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: *
Date: Sun, 22 May 2022 13:51:48 GMT
Connection: keep-alive
Content-Length: 0
Content-Type: application/octet-stream

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220518/r20110914/ Frame 58FD 27 KB
10 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220518/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DMGVJ8MNRNUncDHX438pbRHJcwAIGUGOg1DdqM5n7_dbQo3_0NqdsPB0sVgnm_S_yu35k4_FYxLXG4AF9LtmMa2mQt0GMGKbkuYaHsR70vQ03KJY9WkMD_AMJRk3URv-EC29X4pxO0mUKSP1eAyRRRu2Gp_w&cry=1&dbm_d=AKAmf-C0IuYOEeSdlypluJ0O2ezE-rYF8olEavKZQRFhZrqwS6fbbfar820ZSYlw3xELDoMdzu38wy8IxCmV9AR4qwdZURx3AHmy71WLxTzD52e0nu3YXfSyVSLU2pTk2VJbEXMSxcSrRHBcNEMAPpMI29yCkOUq2Cn4LZbmrVio6VOLWUCbIt8oD3SA3ON2WJa8hB8ong93Hx4eWU2D6tjmAhhRyZgAj6Kpi2oIHtIDHubYHy1jZfQzqzay9i0c38hjxyPA2LAcKY6eLUvX9y_GkEDNo31FnsvBOnLi1lkq7YPlXfW8QdXNQcah4qR6k9P3b5CVLHRtdXer4eQLoRp3Yc1htx96x02W6IHhwWi-V0Dhq2aa8b3NtUFJJ-YDCa3iTO82veo6OZ-fr19sUCcEI3VUf8q5u2ZeY9n8RQaBQaveg6pDhvxyjmNtOQdw78Cz6JLC0WsqFv1oklnA6DY4p3k2zHG85v4QBX_Xkikw82VhFECQGZySXqjhfoSh5lSFxE4Bv4cowsg-ZMhZuEQil0bLNjRNYlcFCjDotpM3zNKEtP-w155UpUYvyGXyl0YbuYOlvQZQcN7UMzPpQ2jzhDib1csZ0e7-Hs-bXpKzFencqCco6w0r0eH1nXyDhUw3ihwYtXqjW0cFLuXWE6kSHRgOfw2k2oVLYAz7Yzo6AYVzl_JeH7EgGwt2gvULuEa6QSBVWEd0c2HU9YIwu0oXOZpnO8b4CPsZfPnWI1nT4JrBMhn3pFiubvtPeYDVb-6WvAvBlC3bQl5VQ0FVQC0XuyvX0SQh-yOJZTI18bpDOTyM4ISRNB2SThsx1FReI9WR9aF-RN4DlJY-JD3M0OGZUMcP6vNxrUlpJMwwx8zOE__tVD0jB2UUFnTSfmEAQrH8QZlMCjxOsEwhG5uOHyOAIv5_JvFYzVKgFf13TE7Lq_koenUP7LBplmdwc0-E9bShDtI42nUFerMd_mOazIfrAjJkccncnti5b8_Hs8VeM5v_O3Fsg-bESZRCngfndXswu_hRz5cqAwsE2v7V-HE-XyWxMW3c2Egj35ug7Um_F5aTS1tE8TrMMtmfAzQQnrLa0HAH2yGwio1A6XIyaiKNEvy4Udt6gPDVoJY9wtaXpuKdrQb6YLo_nO73Dotpuo0UHXSn0JgW5i-oKYM2EX_3eNXSridwXctqIIEGN8bgnQp-qHPhPoh9ep-Rqr0GdG6ER2sPs8VBM5PNL-iOX7NQFaYJsPXusmsdEBn9Bfr6MTt9aDSTr9I9I_1hnO8CljPHTyeILeFAJg8Zmc68PpqHKslEku7QCpoQY5wHm7c4wCXxxstq_fchxw6veY6NTAnGwsKwnVMUCKnlIsXa1KrKgXrIIZTRK1qkXWuAaLaYhCuoEQnifML1utAcdjuvi_m1IyqGQnMoA5NcrHy_4q3q2aWCK2c64Ol4tejPMkf0kpTiBsqvMB7Q_SwteCrQl2xuQwtmZkAfBk4A05OjuLfR1QlvvJdKHYmMnAK6pchXffhpoapvK06O1h175Wv_j2C20G5cC7ENeIgfbApB0C8GD3oua_RqesDMwzdiqSLKE0lvP2GMIgaT_2UPi25xdWGjwT4o-tII7b5yqyUTj2EMKVwi7jwamR9yTtBUEYuPR-E9JLtHnxWPVMu1M4G9fUgFyeiyATXOhq0Famf0hcSzsVNOvFdRgPeAl2NM95AhOReFkLfNvijw7grrBQ4z5moOtEiNgwDTEFqmxZ6ux3EYWC-y2M1nx1nE3VDLwCFKMh2Lsn2YkNmjZSChfBBoSgw1zLCH9c6X9WJ6FFP6EEE0795LLDEqC52blvRKgHiAzqqSfawbiRH_KuGouyuKYFL1ttkKVpsp_qyz_anAPdD0MPQXU4ebIiMYxwtnvvBfoaQDJ6a5p_Sht4OVlowEF8g1j3UF9JMqIQvQzlaBY-kzqz0rwOJL5OaMH-aIseskNWnnO8ThIKKLNVn9FDQ84jeGq8e3-7ievpBiEXxTkegMStWjhUhcNCKaicvIXI1brw494lcIeIYLkFKsvyu1_NS-1PAUsUdU5C6HuMRDXAXyC6Gp-z5xYxWKRRJqnL-s8-mH9mG-71hOGrtL1EAtF_TMs88zhTL7ZaAhahhtUonoDHv-1VzZIyNXntKPTsxVUEgATyWqdw7BtzzBr0Ju6NN0ttyLGvA6qtnIGhaCxDpjF79Bs0rfm_0MtX2pFgM628C2BYP9QwQBQdwtCmGySba-26dWOSj3fzDsXy5MP-T95c9_pQVBTCCtrX_my0z11BeS3CAxr187tq3XiUgAOwMqsza40n8LLt4VnWtd4kktAA7l74qHKgGPQ6IWQGrT4blcNvLe4vvUgpocu0v4pj9Y4lP4qUc12AxNRtfG1wMVTdAYFXLvC9flpV5Uc9-UKSv43PqKNoG-GpiNHLiqnii_8IH5umlmeXG1QOcQugvTDo9wSmdNThIeG7VHJ08r3Y-mvinQiQXIJ1mxTo2bOz_kSSDlip6eWqUUupVbR6K4co6B_7TpuitRQ9_Ec50kufkm_YoFM39mf4me27EgsWjdjbGm8mUb_l9YbOGX6f6hSGabJSQ7rCeJsZ41s3wcel0Vs5sqGAWf3fXZc6I4TSYr3mtyIucIZ-heZRxDC6YiQ9f64g58-seUvHhdNwAFf9bEv88_NWrWHmbrVJ0lbXJP91ORIZ4viNmMQk_KdT2QGfGPXcAGIOrVLbYwHCSa3TzpHrwQRjpZw_zRV72YN0VPY6IxpLaZjPIaW0A-owgKESlYHfXQgf_KGhQyelAjMbtwN7FwxIltUeqpbLvjhdHSS5WknT8JuYpfvr7Vuzi5HiK51dgtKbuLU4b1SBIJNxDDmU1yMwt661ZYnhwAl1feHvfEa3KzPyrm3xmidPnx-e6vqoh9HlNgTTl3_Nfnrdw26EIKbPcsoyNvEE65r_Ey4uHFM_5MJ15i4I1cGveEEmuaXrzTAVatBWgw9JNtggqUZTcHhVkgQdGBeO3zYVHucpqSjtU3vmaG9j13pXbnIT6BwZC4e3Yfq5OydrviutDXwtxoDNG3JuYobAeM_iz80DzJ9nTRGPxAtHuZUpQc2U5qNg4NhDoWjynZyzpS7bAQBxClWdQUDRPyaekvU1tryM6W4YG9QMYpzJ8xJgVKo0kuZtncPjp_2NKglyD9yUJpD9KG-apRO3bZrRAF85tLrTcCAbw6TL-AK8mKiDGkpC1uY_cq0Q&cid=CAASKORoGILQsvmGeji3oXrnxb_s4Zmj6hWoYnXqM7YCFtwpccuotKK36hY&rfl=1%2Chttps%253A%252F%252Fgofobo.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7922e29fd9bbbb9e385c952731a93f50b0ba8d472cd16e65f66d18cf08ba4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10463
x-xss-protection: 0
server: cafe
etag: 17671883673189222985
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Jun 2022 13:50:35 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 58FD 41 KB
15 KB 30ms
30ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 13:38:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173613
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 May 2023 13:38:15 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1032644/63173256/ Frame C9A8 46 KB
12 KB 49ms
42ms Script
application/javascript 54.247.26.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1032644/63173256/skeleton.js
Requested by: Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.247.26.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-247-26-77.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d026f795af88e73363aef2c32110e5d44559ac32bfbe8b0857c0ba7d78c86ca7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame C9A8 106 KB
38 KB 79ms
18ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
Origin: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 07:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 21832
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 23 May 2022 07:47:56 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220518/r20110914/elements/html/ Frame C9A8 8 KB
3 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220518/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BnTcaczGOe3TCzvyKQe1kSCLK2SFgidCtqR533EUODG36WbonQir7658SiF1U0eNwfKnLQQvydM4XHL6B-BDfyHXi26x0lGKwE5M4YKAEa3UWjNvt2nnK8aGKVNv4AUheLEl-r9u_I9Jtep_1xCFyZW52hEA&dbm_d=AKAmf-BGMn5vPM1sp8C8scytQcNr9mHAj4Utc2Fy8Gz-Nmufx8lHT48b7LI5TlnX8N5L8bnRbQDiLkj00JFuC2Qq9W6ARyQUcABlrOzW7NAFqz50bmGgxeUgaf7AG5MGh5aVO4XdQ-qHB23IgFs4A91oNFfJx3CAcv1ioPHubmOjgoY16xWz2tn8DvKFiuij4L7AU5jrqAtjOglj9ozYSgEcNvJA4pScGR7kbjzrizuJU0bZkHeM5GxQ_zZK0kw2SCnUoUPwSbCisjkWGzK1pQxgJGcYuM_kigOAd01MvVbW1wivtD0ThUT_u9muUrju7ld2GscNEN7KjNFaucQO0eLmLVKqLn14j-nMbxi8HZb19LealvoeJVdFzxhzeIfGQ7b-qD65EErZZdCXJybDA4al0-2m02g9BGnDTSAG7vPaA8nvCoTNPiPA9CEn5FjB8xiEG7J4GgFNOy1F86TAfqc52KphpgcvIq4uL1BzrSGd07m_74SGEk4nDVnLz-xQsEpKoly5pxJYWoMsTyElzf_IcG0nuNANbvfv3LXecsTYWBly0b5SULczXoCeQAlLial8wU6qMnB51UMcHykDALUiiWXWEdOC54LR92JinPDv3Dhpq951c5iXblws5d_vU8S7LYxfel7RVYbNQz4Yl1GuVI1rkGIY_pkjbhFyUHr17L92eIcpCAVj3af2lgBzFNlc8DbZiC_qGYwZx2aEerUe0BkiYBdFRz-vpWuXQuguoYG_u5QI9jCUytO8Ork7oyBtO0Bi6ZOQFKm8ligHV6M8oTWb9vqVQBQXnf-BE4skmYFJVT7qiXs7DBAxKLkT6viXTz7foBP3XS6DnapLs_2clu_yDTCLk2st82hWpyXq5CbwMGOzpX3_XAVqgQqqBR9PqgSsaTOFNdiohZ8PX--nVNldNNO_sG_jx6yInoEOF6Znh-JP3WGdkl8_AFtmqR1VDGoxIIZqZZuYe8v0XxuiVtbkTI_SVi8AOGNbE_czsaJxJdtzlDwgI3I9rRuggTB5o6mC_mO21sTJcMbpRMJyUSFD6VQWTjkUseF7qXGMrzdo-e_7wgNbwPu1jviSmh2TGkmqXM5yamun0hg9AUopyEk948ZIHYW7YSnbNbTTNOHsYdQvdyQW-II79OfqcaQ5AGOWYk8-YXAEe3SZUKAuLIKzYWRDhlG8BtG9bbR-OmE3iXAsuK6ylbKJra1Me-80DcrXomeAL1EFu3294Hncv7fTYUv2XLKBxgR_vOxymgLJREz004gxz1koh3mChRIy1ZkyCIJRD7YpLdC2qHvf6wm0RBlInJcfWnpeBXJfXzBN9V0IBceM7cYG0iqJd-cFTgzC625O4H62eJ9x4SLZS3p-LyFtWvG08CbATcKzrYDkznRYJxMz6oycXTlcikHmqNCACKeJYkAwMrpJzTqlY7F7DNB4X9VzO1mJxWH0FN2zzl0UgJAQDkm7ylgj1PSqnUgPkyv_Ma9VeuK2pkl9DKyDwCEB2ROnRNHcVkGYBvIyeAwaBg-dWKUbNXYq39KDq7sjBnt28WsEWQnmpQYlfgzUz0hkD8-pHizFKGzNuRFQRIL10SCvoxR3i5_ffcPeRFligRjVppjRyfFg68NutPTO-eNtbv-THf4ai5FS4_KInxVSa5aPfkfc-QMDk4Pl5zqinQJlEXH5Tvu3MxnNVGyqXS_Hk1TUeNhcY-yDwXF1Fn2CDXDEgozevrgK4Am1u9FInHY3uhu0velpJKRIoN-T2litv9EdHj2Xt_e8j6u9Dg1VJ4XdQbtHpzWQiw5N5zCp-daslSBhvMClxLISyJPvW-16ldnbTqUe0d8u9XsBSGYCHiyW1oS84QwWrHjcOyFJ4DeMmH_BYFsBPS2rtzO_LMyJi5TDqAwLHrhFuNbJ9NILxAoXC3_vPvdc2vdHHMQfFY3AZUfbwsGrRHFPhyv7HIBFs5ChVN_7ojPKileSAiwyCJoK3IGmOdJgQsue1yChBN9vGTKKkS9oeqxUdmoxWVlCN0qGwzZ_Iwg3dQzUfkJ-zsB9024MKc4x8t_7Q5lcg53x25C4e1O9DYfGHl4f9OIpJhPqrIucpPlYULjChSpr-5jKK3u3NyaWmBVzC-swINM_Yq6IzQ8nR68OnFNscbqxFy6g_ZUuHAXNoU3pCPr-tTKW7pq2sPg07ZiGkbg1pic-u8HExSWDW69RZjhvY6XOfRkkjkaF0Ysa9hC3hM4aPHgWniFxLqMZ2cWO7QbGQgJZmCN4uL3bC2J0LjxeUD-ySjCtj07Ltyj6UWJEqcYXPSH9Xf205uxyP0_KpuAlkJ21IjKe8Dus4OUxsNqlT95HdzaxqwMS230yCbFFxasy_euvh_ZL0KubZ09LAeIxd73N3pzryzdSlxLmbiulBrFqtzPH6hPSsCnpfr-K0rvPVcCmG_tZ4G0o67ivruZO2zhPXt4zAt0yOERE421kPRj1XpQ-B5tFqZ1-OrrPxnzIdgfcgJj4qsNGmU0P7Ge60qtCdFuPrujKOtLbBgbmaQDTtMoCqlqxut33DSJmuvrvDSWz9kD8ndvWu8cZbW2_9tw_S0caOocf9xqqIBzVPsJmN-BY06M_FtYRnMyM6PeFR5gHzTojdFwbB2ZP2PUiZq0DUHq6iiE-8v2Y73qVbR3fhy9XZmJcLmw6NbX6TN2BobguP9omUAZcwFCv5lOEPmGbcGHuLoYg1Lm1naIoIwP_4MrxvMuyetwYfj6qXJ6GfctN4DBzcXIQWr9D9ti24rYjzoZOoC2vVmXzaTkdZ4km_BXgcWvBGEbF-ePwH4Vuj2INZabmEx0jkstCXXTWb3uxs_qFqdPRaBItrER3BLKzXqaluqv1-awX0L_fLPdnjjUioJOlhvy7hYqkIVSxRfSXC-vkukfciIQEkDIWw7ALVXZ6dX8T5IBDODCxgAhQRXi7oTxaEtQkhDOFDvoEC--5gawFG9Fub0-V5dl9t8kwOuBfen3g2PI2tFcTtCW4pqb5YjABz7OMqqPrKZ3KguaWbGiGyh2F0EyqZjppnJL3EPpK7--7B3e2tF0BdYGpByfyR4B0lIxv2tdXGSM5o06qSkPXdjS0jO6UZuneZCnIJ_lj32sfhxB7JoNqZRVp_Onvc6fZO_4z-x3NEfVIFN-5gcXtbh02A2mjhiAc8qHv2p8dap7uodQo5qPc6Lc8Y_G5wARyYR7znajsrcRDZ5IBF1SqAzFY9z8oQlKKTpgv0A&cid=CAASKORoUv5kc5pMA08hkZdP_RTXtc0Bv1d2Q-VJpJLFkNGp0nGUguOjspI&rfl=1%2Chttps%253A%252F%252Fgofobo.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:50:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Jun 2022 13:50:22 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220518/r20110914/ Frame C9A8 27 KB
10 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220518/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eb7922e29fd9bbbb9e385c952731a93f50b0ba8d472cd16e65f66d18cf08ba4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:50:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10463
x-xss-protection: 0
server: cafe
etag: 17671883673189222985
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Jun 2022 13:50:35 GMT

GET
H3 200 impl_v88.js Show response
www.googletagservices.com/dcm/ Frame 58FD 54 KB
21 KB 43ms
15ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v88.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b225a72c3c0f0ce054225cf8748508f69d7315568bb5aacb38491e006a4372d5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 18 May 2022 09:59:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 359559
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21405
x-xss-protection: 0
last-modified: Mon, 02 May 2022 13:48:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-dcm-tag"
vary: Accept-Encoding
report-to: {"group":"ads-dcm-tag","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-dcm-tag"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 18 May 2023 09:59:09 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame C63B 22 KB
8 KB 18ms
18ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 173612
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 20 May 2022 13:38:16 GMT
expires: Sat, 20 May 2023 13:38:16 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C9A8 41 KB
15 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Fri, 20 May 2022 13:38:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 173613
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 20 May 2023 13:38:15 GMT

GET
DATA 200
OK truncated
/ Frame C9A8 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 48a086094524c66c8c9246eba9e22ce3353f9092009a7cd3aa501527f03f0dcb

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 main.gr.19.8.309.js Show response
static.adsafeprotected.com/ Frame C9A8 191 KB
61 KB 97ms
21ms Script
application/javascript 2600:9000:224a:4400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.309.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/1032644/63173256/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:4400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9f2e24b95c962fffb41eede228d0c5c7681cf9bc3dd3ece2440412ec4246d84e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:42:44 GMT
content-encoding: gzip
age: 1444145
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 05 May 2022 17:31:51 GMT
server: AmazonS3
etag: W/"25d0c2239b60642eaeddad303e621bd4"
vary: Accept-Encoding
x-amz-version-id: mjEd7PtHn1L574wGfHZ2vjRyhTR.v7IU
via: 1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-P1
content-type: application/javascript
x-amz-cf-id: VSLTzWPqADr8OT7PjVymLnyt8z5o8HvydfmYGfROVEKiPpOSgQWjrA==

GET
H2 200 B27526613.332839555;dc_ver=88.258;dc_eid=40004000;sz=300x250;u_sd=1;dc_adk=3690638943;ord=ew5irg;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCenqq8z-KYr-ZKcTH3gOoz7C... Show response
ad.doubleclick.net/ddm/adj/N7121.3325855MIQ/ Frame 58FD 47 KB
24 KB 106ms
45ms Script
text/javascript 142.250.184.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adj/N7121.3325855MIQ/B27526613.332839555;dc_ver=88.258;dc_eid=40004000;sz=300x250;u_sd=1;dc_adk=3690638943;ord=ew5irg;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCenqq8z-KYr-ZKcTH3gOoz7CgBdGesuNp9K3q77wPwI23ARABINjqtiBgldqigrAHoAGCs_T_AsgBCagDAaoE6AFP0HXLAZXs4BCMb59x7molBaxPbwKRAHalXD9vzkvQoJM3_ktOlLXs3IJJ090l34z2CXMgv0CYK7NiEja8jiFj4X6jHkOoVAJisdPaS8CQ3oa3_UNT8Xe3T8trzsqmeqBfckxx_Yx3NIYt2QhqOPxQRwRQAsXIUUXPxGLV1RctPNtTYKuQheWCi4wNTa3NHglNs7XXAwGBQtqH3XBtDVWXfwP26A9zQDofsr3AGmm_ffyq7xrhdL2R75D8riU3qCmPc_qcC2277h4OcHspLr8ZZgHSLg33FCYvyWTDUoveXxR5ogURElYDwASn1d6H8wPgBAOQBgGgBk2AB-bMi4ABqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi02MzM1MDcxNzY4NDU3MjQ5gAoDmAsByAsBgAwBsBOx7JcP0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORoGILQsvmGeji3oXrnxb_s4Zmj6hWoYnXqM7YCFtwpccuotKK36hY%26sig%3DAOD64_2gluZBCYrXzD9hgEeOqB5yv1LZyQ%26client%3Dca-pub-6897902191714833%26dbm_c%3DAKAmf-AmgxSwMxKcZ737QsiUDClBj5oFp2kXX2XCE6XJsJ-XEPu7VskUptT5KOXbegOJyfCQN40-bWNm3Uu7uZ_dKeXsAXWGq4XROX_TXJRxZ7kYNgh1MoNWO_6Oyr0NlmvmSNDCJi96OnNvGFoMWEs_PeMoyqJIpQ%26cry%3D1%26dbm_d%3DAKAmf-A5ZC786AX5dK9wMYm1DNLIv5DNxQEDXZ1tpqIV3YrgIr21EUddO5WkXt08D-nmRue-Zqo592nJZOEGYKi_-IjvhdL0TQfAo6QE10X3vPjsRlmvrtn9Sq5YGiKta04Z9x5nEZL71sL18e2G-3JNdDifOPCzQFSrL3307fgx9GjV4gbpT_v3R_VQI0eFQGD4gRPl86S73DLGJTIghvlsCSg6aVYYkwiB23UNRuBgyalXLEcmWe329NT97xepi7OgnESfSecEOC2DaDAfQWMqGhi-w0gT0Djhb-V_qkviBeHCgxXV5wRnZ800Q-IlydeyqamDz5_nANQ-mpEB_eN8KQrqoRR5TiR6p33Yr433IB6HTmbXWyrSTkhFqoqRPj4UthorNvTRxCBzvIIVdR1GDkMPsQY6Jr_dQmP7nocqSvxjRp4zSPuDZOo1Q5lMO-N9StKTzovntwthRH6V1DMbBFMyFWMA8CS5k9uklI4Uf4a7BsD5fqM%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fgofobo.com%2F$0;xdt=1;crlt=!Ol'z6LCZ';stc=1;chaa=1;sttr=66;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v88.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f6.1e100.net

Software

cafe /

Resource Hash

0f4ff7b7fe2f052b73262818ffe648cff52765e383ffef69e7d96a0fcbd31a3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24300
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F625 22 KB
8 KB 19ms
19ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 173612
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 20 May 2022 13:38:16 GMT
expires: Sat, 20 May 2023 13:38:16 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 AAcrpHDydyl_zLrsUqLIoJaIpM6fuyfNuw3JGtq9cUA.js Show response
pagead2.googlesyndication.com/bg/ Frame C63B 35 KB
13 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AAcrpHDydyl_zLrsUqLIoJaIpM6fuyfNuw3JGtq9cUA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00072ba470f277297fccbaec52a2c8a09688a4ce9fbb27cdbb0dc91adabd7140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 21:24:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59243
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13604
x-xss-protection: 0
last-modified: Tue, 17 May 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 May 2023 21:24:25 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/ Frame 3076 11 KB
3 KB 43ms
16ms Document
text/html 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d60a69b01468f844cd87a518f2543118de363ac38becfb8aabbd1f2805e38c35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 80537
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 3245
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 21 May 2022 15:29:31 GMT
expires: Sun, 22 May 2022 15:29:31 GMT
last-modified: Fri, 13 May 2022 13:39:16 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame C9A8 0
622 B 134ms
70ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssrVuSjXXolyQxv-or3TOOLoWXFkBC4mpms683KQjinN8jeTKfiAGhUDglbzFkT9-_Rfe1BmEDQ-Y0Fxjj5kcUqrddDbVpIpVKQ5Nf1zIINXGAepi_6hKs0DEg24Au7jsAIaCpYeCJyKm-7ormXdAVf_yreZ_isTuVv-8RcihK8kPlPXrI8bmb5ukb9h3I5h1jQ_m48i2B0fTBra07qDGcblFgq0nhnDfZxVHcbXY1ro6axHd07t6CwoXJLw3EiBSY_DCc6jvg00FK_l0PkE1F0-hnHAq16ovVd1Nof4DUWzl9ZOkAYWzY6R-qMjGV1kN1zV0mF96-j-Xjlq8_glrsmeA79egwQbkut4Sddbg5E6mEAXmemrLSKD2oEfijJOwLduXrLq9irc6lhdnuzKc0kGTzTLJPVOilALW5JrZnld_5ogksxZ-D8e2Wy2kSFdlMXWudSqMwh7r8eZ8YCDOdBOtKjFooEavGdKPK67OX9VXBSruw_QdcOd-gFi77EcccBeo6DVdePbJwF-ob-6T19PjytCAwmWxYIXEYXBmIxedDSFwJ5hEMlKga7V11_y13_23UVNUasNgCWw7n-s7u6CCLBlTo9fdVpLuNCm9pIwNiJLlU4A7NOcLq6IMAm3eKQ4xVWTZzaeySh581yACUUChO6S3HwwGn9AGLKZI24JF6UM_nnV5feECKf6tUdrmsxi6fRMIHq1KVGPEkDGVJLmi2_jtiM7tJuIr7u-ZbHJfqYuMa8esKxbE6BJiK-vcm_K431w-oJQW6MgqMM1fPKLTn-5QdEfX9A_nw_E_3NFVGBOBjx6zBD7fPLuL475OJ1iZ0bjVJTcvVWM_vSK6QSEljhXQK8eTqZvet9OjwXYB3vN8jqD7KpyudiwttLyKgvcGfTVlnPqkbFITav7BVR6cNgh0jGUpbAIpRA4Q16kDIS4liw32xZ5oqNybb98Sb42JExLhNDDXdGT3kBSXB5JmLO3BHqKjAXPAao08uMnZJuOUwZeCKUtRV9RMAIi4_uE2-tIyaqKdwlpEacv-A_b7vG1PyTZQpkeUoz-AwJs3T790pRAhKaZhMya9xG8-YB1lXTC-OzIcrucEsy8l-N-iJaWbBCy2Z8Q4eFNEyNSJ2AT_J7j5whuZYNlcv_0J5I4-v1rZTsS7pJRRLqUTZg-JhIvwBXFUlaLm7aiG0zBeRMAobO4-K1TSkcNWgDZl5zhexpafMxYuNYDHGBQd9iT4Konv1t69C4CtPEvVVC-NyrlQ&sai=AMfl-YQgAY9CvOAfC4WBZxDH4QR0RzVSSxxurlEWha_W5j3irIebTYypYUwgXI6u3SehCfR-r48bbyq0wxqQclvCUy5rNzGNqJj43ovKatJqfcN-INAf_r-RGJSofp7Yw0Lc1wiYAjIQabVGLNSwD4jV6drsKfNldPkXc6YLY5pEaIo5JVgUc7TlSsDznmvwL0l1mq7b642f72Y-gB8uzITNW7bWQTe5S-EnFA&sig=Cg0ArKJSzJQhLStK8PnLEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=108&cbvp=1&cstd=105&cisv=r20220518.64721&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
date: Sun, 22 May 2022 13:51:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 AAcrpHDydyl_zLrsUqLIoJaIpM6fuyfNuw3JGtq9cUA.js Show response
pagead2.googlesyndication.com/bg/ Frame F625 35 KB
13 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AAcrpHDydyl_zLrsUqLIoJaIpM6fuyfNuw3JGtq9cUA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00072ba470f277297fccbaec52a2c8a09688a4ce9fbb27cdbb0dc91adabd7140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 21:24:25 GMT
content-encoding: br
x-content-type-options: nosniff
age: 59243
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13604
x-xss-protection: 0
last-modified: Tue, 17 May 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 May 2023 21:24:25 GMT

GET
H3 200 bg.jpg
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 35 KB
35 KB 17ms
17ms Image
image/jpeg 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/bg.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ee14badfe8b2093f05b63769fa0db97cde0cdfe069a465a911cb627cde29713

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35659
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 dark.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 7 KB
7 KB 25ms
24ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/dark.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6f4376f7e583187bc89f9cb58da2ca679361f7676f232d55662ebb3d4585ca87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6729
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 stoerer.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 2 KB
2 KB 24ms
22ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/stoerer.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

78579e9354b641dcc6b632a9df96b2d1385b0720f04b97be41fa07816f44d051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2116
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 text1.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 1 KB
1 KB 41ms
40ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/text1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f9c5605f6a8f8baa769584296c47e53557e9ac757cabeb4fd3d7ff9be22703f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1406
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 text2.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 2 KB
2 KB 40ms
39ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/text2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c267fca06e8a22f41acd399747eca63c6837786194451d20705de6de74505561

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2244
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 text3.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 3 KB
3 KB 40ms
38ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/text3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

000d42df44ebb3ddcbe2874e16443dbe3a34045f858a6accd5065cddd9b0ad4e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2585
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 legal1.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 14 KB
14 KB 24ms
23ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/legal1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f93be29278e2de77e955f9820b1a73c7eca832641082c674afb6f02f7c7375d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14352
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 legal2.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 7 KB
7 KB 44ms
43ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/legal2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83073195ba0d039784adb30802fb44acf6c7a76995010889bdb809549921cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6782
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 text4.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 3 KB
3 KB 42ms
41ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/text4.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e800376de9f3795eec1d38ceba28601bb912bcaec763332d63dc8649d4d055f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2589
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 cta1.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 643 B
667 B 44ms
42ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/cta1.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c44994f34ca3902d3f9f3ea4e1736e4ed54fa9fe1d4578e8cee11078e50488d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 643
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 cta2.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 644 B
668 B 45ms
43ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/cta2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b34ec433b2d145ca6a4d5389228c7f97b82fef035a67e2b2aed708e2f5ac644b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 644
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 cta3.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 645 B
669 B 41ms
40ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/cta3.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6cfe3eb2409433a900a0715241233fc46d4af0b64c9e5d9ab4c67179089228

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 645
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 logo.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 1 KB
1 KB 43ms
42ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e5ba908058634c4da73eec02f7a0ad1f8a56e7ee63cd22ab3b614ae90406bf4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1038
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 klimaneutral.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 2 KB
2 KB 41ms
40ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/klimaneutral.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7e2f7e6132fd1fcffd09eea9041f2bbd74feea33743c80b4fcaa27415b88eea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2199
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 logo2.png
s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/ Frame 3076 1 KB
1 KB 40ms
39ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/img/logo2.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

739d20d4cfd43a616f0e4164d5c42f0deb2f75b73386bcaf870a4fd6b2939098

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 15:29:31 GMT
x-content-type-options: nosniff
age: 80537
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1077
x-xss-protection: 0
last-modified: Fri, 13 May 2022 13:39:16 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 15:29:31 GMT

GET
H3 200 tweenmax_1.19.0_643d6911392a3398cb1607993edabfa7_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 3076 109 KB
37 KB 29ms
29ms Script
text/javascript 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_1.19.0_643d6911392a3398cb1607993edabfa7_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36c0ec05d79bd9d3164effc3eca0f1962cd6f82bb1f41cb212e080910be24153

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/9758366/1652449156163/29-IWE-eSUV3-Leaderboard-728x90-Zukunft1/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37530
x-xss-protection: 0
last-modified: Tue, 06 Sep 2016 20:51:14 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 22 May 2022 13:51:48 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220518/r20110914/elements/html/ Frame 58FD 8 KB
3 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220518/r20110914/elements/html/omrhp.js

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N7121.3325855MIQ/B27526613.332839555;dc_ver=88.258;dc_eid=40004000;sz=300x250;u_sd=1;dc_adk=3690638943;ord=ew5irg;click=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCenqq8z-KYr-ZKcTH3gOoz7CgBdGesuNp9K3q77wPwI23ARABINjqtiBgldqigrAHoAGCs_T_AsgBCagDAaoE6AFP0HXLAZXs4BCMb59x7molBaxPbwKRAHalXD9vzkvQoJM3_ktOlLXs3IJJ090l34z2CXMgv0CYK7NiEja8jiFj4X6jHkOoVAJisdPaS8CQ3oa3_UNT8Xe3T8trzsqmeqBfckxx_Yx3NIYt2QhqOPxQRwRQAsXIUUXPxGLV1RctPNtTYKuQheWCi4wNTa3NHglNs7XXAwGBQtqH3XBtDVWXfwP26A9zQDofsr3AGmm_ffyq7xrhdL2R75D8riU3qCmPc_qcC2277h4OcHspLr8ZZgHSLg33FCYvyWTDUoveXxR5ogURElYDwASn1d6H8wPgBAOQBgGgBk2AB-bMi4ABqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi02MzM1MDcxNzY4NDU3MjQ5gAoDmAsByAsBgAwBsBOx7JcP0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORoGILQsvmGeji3oXrnxb_s4Zmj6hWoYnXqM7YCFtwpccuotKK36hY%26sig%3DAOD64_2gluZBCYrXzD9hgEeOqB5yv1LZyQ%26client%3Dca-pub-6897902191714833%26dbm_c%3DAKAmf-AmgxSwMxKcZ737QsiUDClBj5oFp2kXX2XCE6XJsJ-XEPu7VskUptT5KOXbegOJyfCQN40-bWNm3Uu7uZ_dKeXsAXWGq4XROX_TXJRxZ7kYNgh1MoNWO_6Oyr0NlmvmSNDCJi96OnNvGFoMWEs_PeMoyqJIpQ%26cry%3D1%26dbm_d%3DAKAmf-A5ZC786AX5dK9wMYm1DNLIv5DNxQEDXZ1tpqIV3YrgIr21EUddO5WkXt08D-nmRue-Zqo592nJZOEGYKi_-IjvhdL0TQfAo6QE10X3vPjsRlmvrtn9Sq5YGiKta04Z9x5nEZL71sL18e2G-3JNdDifOPCzQFSrL3307fgx9GjV4gbpT_v3R_VQI0eFQGD4gRPl86S73DLGJTIghvlsCSg6aVYYkwiB23UNRuBgyalXLEcmWe329NT97xepi7OgnESfSecEOC2DaDAfQWMqGhi-w0gT0Djhb-V_qkviBeHCgxXV5wRnZ800Q-IlydeyqamDz5_nANQ-mpEB_eN8KQrqoRR5TiR6p33Yr433IB6HTmbXWyrSTkhFqoqRPj4UthorNvTRxCBzvIIVdR1GDkMPsQY6Jr_dQmP7nocqSvxjRp4zSPuDZOo1Q5lMO-N9StKTzovntwthRH6V1DMbBFMyFWMA8CS5k9uklI4Uf4a7BsD5fqM%26adurl%3D;uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.;dc_rfl=1,https%3A%2F%2Fgofobo.com%2F$0;xdt=1;crlt=!Ol'z6LCZ';stc=1;chaa=1;sttr=66;prcl=s

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:50:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 05 Jun 2022 13:50:22 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 58FD 0
63 B 57ms
57ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssAyeoXGA7DR7XgdOP353feYAhUJH2wrvywZmINfFnXEAdhbro7njBVtize8bp0EGRAcKOZm06ENmobeJeAkRdU0fGLYfPPaDHXyVrKFCQ8B0oCnlKTQjiEoqEV4tnv9KBB4LGHP8qBPMDSWRM1&sig=Cg0ArKJSzFTy-jnxOjMYEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20220518.92778&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 22 May 2022 13:51:48 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 CNF_VB1_BN-S_300x250_Essentials_DE.png
s0.2mdn.net/9918812/ Frame 58FD 23 KB
23 KB 17ms
16ms Image
image/png 2a00:1450:4001:827::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/9918812/CNF_VB1_BN-S_300x250_Essentials_DE.png

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

403812ccdc5753cc504a465ca23250ded14603fac90ee474733a85db62ce7103

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 05:02:19 GMT
x-content-type-options: nosniff
age: 31769
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24020
x-xss-protection: 0
last-modified: Wed, 30 Mar 2022 06:37:49 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 23 May 2022 05:02:19 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 44C9 22 KB
8 KB 20ms
19ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 173612
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Fri, 20 May 2022 13:38:16 GMT
expires: Sat, 20 May 2023 13:38:16 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 main.gr.19.8.309.js Show response
static.adsafeprotected.com/ Frame 58FD 191 KB
61 KB 20ms
20ms Script
application/javascript 2600:9000:224a:4400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.309.js
Requested by: Host: pixel.adsafeprotected.com
URL: https://pixel.adsafeprotected.com/jload?anId=10933&advId=27804846&campId=16808042297&pubId=1&chanId=29796730690&placementId=418857136&adsafe_par&impId=ABAjH0iFuwDHX_yBoz24gE_-3L_1&bidurl=https://gofobo.com/sweepstakes/TikiTunesSpeaker
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:4400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9f2e24b95c962fffb41eede228d0c5c7681cf9bc3dd3ece2440412ec4246d84e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Thu, 05 May 2022 20:42:44 GMT
content-encoding: gzip
age: 1444145
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 05 May 2022 17:31:51 GMT
server: AmazonS3
etag: W/"25d0c2239b60642eaeddad303e621bd4"
vary: Accept-Encoding
x-amz-version-id: mjEd7PtHn1L574wGfHZ2vjRyhTR.v7IU
via: 1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-P1
content-type: application/javascript
x-amz-cf-id: ckyShcWR_wB-hyvKa5zZDBJfbMxUprAwsymJ6n-Ny5mN7AwvG7tXVw==

GET
DATA 200
OK truncated
/ Frame 58FD 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 47792698e91f1b7e4227480189d3fc515cab29b4183ca2d4b9c48125c1edf5b1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame C9A8
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1032644/63173256/skeleton.js?adsafe_url=https%3A%2F%2Fgofobo.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyn...
https://static.adsafeprotected.com/skeleton.js

17 B
463 B

20ms
20ms

Script
application/javascript

2600:9000:224a:4400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Server: 2600:9000:224a:4400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Wed, 07 Jul 2021 08:35:57 GMT
via: 1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
age: 27580552
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-P1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: IQL_A-DclyO0yZnk-10fdw_fNAe1e1C9sfNzldm9RR6aaQLT0DB71A==

Redirect headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
x-server-name: app16.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 7E3A 80 KB
21 KB 21ms
21ms Script
application/javascript 2600:9000:224a:4400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:4400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 08:34:34 GMT
content-encoding: gzip
age: 537435
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-P1
content-type: application/javascript
x-amz-cf-id: gKpuKcTWAVGF_XltGm-zRl0xipUPVVNjHs5j5ppHMNrdIHj5eJDm2g==

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 58FD 0
26 B 80ms
50ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 22 May 2022 13:51:48 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C9A8 0
26 B 55ms
51ms Ping
image/gif 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssrVuSjXXolyQxv-or3TOOLoWXFkBC4mpms683KQjinN8jeTKfiAGhUDglbzFkT9-_Rfe1BmEDQ-Y0Fxjj5kcUqrddDbVpIpVKQ5Nf1zIINXGAepi_6hKs0DEg24Au7jsAIaCpYeCJyKm-7ormXdAVf_yreZ_isTuVv-8RcihK8kPlPXrI8bmb5ukb9h3I5h1jQ_m48i2B0fTBra07qDGcblFgq0nhnDfZxVHcbXY1ro6axHd07t6CwoXJLw3EiBSY_DCc6jvg00FK_l0PkE1F0-hnHAq16ovVd1Nof4DUWzl9ZOkAYWzY6R-qMjGV1kN1zV0mF96-j-Xjlq8_glrsmeA79egwQbkut4Sddbg5E6mEAXmemrLSKD2oEfijJOwLduXrLq9irc6lhdnuzKc0kGTzTLJPVOilALW5JrZnld_5ogksxZ-D8e2Wy2kSFdlMXWudSqMwh7r8eZ8YCDOdBOtKjFooEavGdKPK67OX9VXBSruw_QdcOd-gFi77EcccBeo6DVdePbJwF-ob-6T19PjytCAwmWxYIXEYXBmIxedDSFwJ5hEMlKga7V11_y13_23UVNUasNgCWw7n-s7u6CCLBlTo9fdVpLuNCm9pIwNiJLlU4A7NOcLq6IMAm3eKQ4xVWTZzaeySh581yACUUChO6S3HwwGn9AGLKZI24JF6UM_nnV5feECKf6tUdrmsxi6fRMIHq1KVGPEkDGVJLmi2_jtiM7tJuIr7u-ZbHJfqYuMa8esKxbE6BJiK-vcm_K431w-oJQW6MgqMM1fPKLTn-5QdEfX9A_nw_E_3NFVGBOBjx6zBD7fPLuL475OJ1iZ0bjVJTcvVWM_vSK6QSEljhXQK8eTqZvet9OjwXYB3vN8jqD7KpyudiwttLyKgvcGfTVlnPqkbFITav7BVR6cNgh0jGUpbAIpRA4Q16kDIS4liw32xZ5oqNybb98Sb42JExLhNDDXdGT3kBSXB5JmLO3BHqKjAXPAao08uMnZJuOUwZeCKUtRV9RMAIi4_uE2-tIyaqKdwlpEacv-A_b7vG1PyTZQpkeUoz-AwJs3T790pRAhKaZhMya9xG8-YB1lXTC-OzIcrucEsy8l-N-iJaWbBCy2Z8Q4eFNEyNSJ2AT_J7j5whuZYNlcv_0J5I4-v1rZTsS7pJRRLqUTZg-JhIvwBXFUlaLm7aiG0zBeRMAobO4-K1TSkcNWgDZl5zhexpafMxYuNYDHGBQd9iT4Konv1t69C4CtPEvVVC-NyrlQ&sai=AMfl-YQgAY9CvOAfC4WBZxDH4QR0RzVSSxxurlEWha_W5j3irIebTYypYUwgXI6u3SehCfR-r48bbyq0wxqQclvCUy5rNzGNqJj43ovKatJqfcN-INAf_r-RGJSofp7Yw0Lc1wiYAjIQabVGLNSwD4jV6drsKfNldPkXc6YLY5pEaIo5JVgUc7TlSsDznmvwL0l1mq7b642f72Y-gB8uzITNW7bWQTe5S-EnFA&sig=Cg0ArKJSzJQhLStK8PnLEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=352&vt=11&dtpt=244&dett=3&cstd=105&cisv=r20220518.64721&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0.&adurl=

Requested by

Host: gofobo.com
URL: https://gofobo.com/sweepstakes/TikiTunesSpeaker

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

timing-allow-origin: *
date: Sun, 22 May 2022 13:51:48 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame C9A8 43 B
301 B 291ms
90ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1032644&asId=8f6e22b8-949e-debd-9938-9aea3074e2d4&tv=%7Bc:dlPwkF,pingTime:-3,time:281,type:v,im:%7Bpci:%7Btdr:50%7D%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:234%7D,%7Bpiv:-1,vs:n,r:,t:280%7D,%7Bpiv:0,vs:o,r:l,t:281%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:281,n:1,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:233,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B59~0%5D,as:%5B59~728.90%5D%7D%7D,%7Bsl:n,t:280,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~1,0~0%5D,as:%5B1~728.90%5D%7D%7D,%7Bsl:o,t:281,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t6zs92g+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1c21%7C1c3%7C1d*.1032644-63173256%7C1d1%7C1d21%7C1d3,idMap:1d*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Requested by: Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:49 GMT
X-Server-Name: dt43.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame C9A8 43 B
301 B 310ms
97ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1032644&asId=8f6e22b8-949e-debd-9938-9aea3074e2d4&tv=%7Bc:dlPwkG,pingTime:-6,time:282,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:282,n:1,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:233,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B59~0%5D,as:%5B59~728.90%5D%7D%7D,%7Bsl:n,t:280,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~1,0~0%5D,as:%5B1~728.90%5D%7D%7D,%7Bsl:o,t:281,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B2~0%5D,as:%5B2~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t6zs92g+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1c21%7C1c3%7C1d*.1032644-63173256%7C1d1%7C1d21%7C1d3,idMap:1d*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&tpiLookup=ao:gofobo.com*&br=c
Requested by: Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:49 GMT
X-Server-Name: dt47.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame C9A8 43 B
301 B 304ms
117ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1032644&asId=8f6e22b8-949e-debd-9938-9aea3074e2d4&tv=%7Bc:dlPwlc,pingTime:-2,time:314,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:381,bdZ:431,beA:465,beZ:466,mfA:683,cmA:684,inA:684,inZ:688,prA:688,prZ:694,si:699,poA:700,poZ:712,cmZ:712,mfZ:712,loA:747,loZ:749,ltA:778,ltZ:778%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:234%7D,%7Bpiv:-1,vs:n,r:,t:280%7D,%7Bpiv:0,vs:o,r:l,t:281%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:314,n:1,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:233,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B59~0%5D,as:%5B59~728.90%5D%7D%7D,%7Bsl:n,t:280,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~1,0~0%5D,as:%5B1~728.90%5D%7D%7D,%7Bsl:o,t:281,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B33~0%5D,as:%5B33~728.90%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t6zs92g+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c1%7C1c21%7C1c3%7C1d*.1032644-63173256%7C1d1%7C1d21%7C1d3,idMap:1d*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:1,renddet:XIFRAME.qs.lf,sinceFw:77,readyFired:true%7D&br=c
Requested by: Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:49 GMT
X-Server-Name: dt45.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 6cqjaYtYR5p4aS5jA8U1PYkQZtxk_S9KNOFLKIL9tps.js Show response
pagead2.googlesyndication.com/bg/ Frame 44C9 35 KB
13 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/6cqjaYtYR5p4aS5jA8U1PYkQZtxk_S9KNOFLKIL9tps.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9caa3698b58479a78692e6303c5353d891066dc64fd2f4a34e14b2882fdb69b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sat, 21 May 2022 17:43:46 GMT
content-encoding: br
x-content-type-options: nosniff
age: 72482
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13723
x-xss-protection: 0
last-modified: Tue, 17 May 2022 14:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 21 May 2023 17:43:46 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C63B 0
20 B 58ms
57ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BMIu69D-KYsPWDqSy9u8P5YGn4A4AAAAAOAHgBAI&bg=!c3ClcDTNAAZ4vKt9WLw7ACkAdvg8Wvc-e64fqfKqWahu2TS-VVHg2ASJNru8xX_eeIJ-kgYbU37GMAIAAAEBUgAAAAJoAQeZAuD9QV4PxlMMbtL9MWpLqPtw4_0mjk5vMB70gBA4rqZxj5LMj8neIQl7Kc86oXdibobTIrFe3rQ0QeGi_BQtz1OPNBiLlFImku8Or0fcMV3PRHHlUD0XXJkHjFOA5v-iGM3tJFkFGyi3YeZ3EJCHNI4j6eUFQwB-P5DWdapZpLwqXAqdGdNwR9GCSGp_yMV3-1_8uBlOHPQvwekr0K60RLkNnqKEfvxtBoVPU0W_qB-b8t8gD1iCwxlkXbRv9Vvai-pWdCeTvZ0hP6OFzzUWZQX1zgjI4dSkK0nwEz1HK1gsRPbCQ4JZoX7DeWJetkZahlyZoiZWENsAnCK4EEhwZ1Sw_IK0Niw02kkPtVlygTM52e7cReRp_T3ytmjXQ0QFMamTp-dXaak1bARPNm3ctLvSbqQw7C1xAI4lcOKtgzG_13qlqh27i_SFgDXIDZw8X-koa2Gkj-eKVCZcZ9SujEB-iTKwY1g2-nFA0dqN2QF2ksN30QTxensxzYq6W0bI0pt6MouOP2yacM_-pTPGF_NDouHWvKR6Hh3gPod4J9ojsC-bOk2JlvYSCm5mRwDXwzicpvTc91JdlHPA8E14DcTW2a1m46WUeIv5Rk63qLaBYLlRLMsiTbw9WoXjyQzFphiOIWvdHOuWjSXcoF_KMmCEYBFCmQElZdQLLhVcSSLh58B6savnUtvbehDx9oWjEfxycUZecNTMcpTDapT0vCjLyW8MGkrXbFotBjGUv1dmvC2kDGNVIf0l-qvgNdghBV_lpmHuTmFXeyCCFzRj1crLUZWbw7pzi20eX86y0X9dj9HKXApUgND7yxwtLqHqZsOpnAY2iMpPpnOnb_OdrWq_Wgakgh34YQsl2TaFTymKjjn0-S2eWmTGjvw5BrmGUwW__uLJfuNS1cJQuMyMZj7ws1towJuU9c1A1-4jELxH1mY0Yv5oAkw8zldF-I6qkaNZY6_6z-GFANUnvJnLiVcj

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:48 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 2FA9 80 KB
21 KB 23ms
22ms Script
application/javascript 2600:9000:224a:4400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:224a:4400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Mon, 16 May 2022 08:34:34 GMT
content-encoding: gzip
age: 537435
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 cca0e030e1fac6fb27702d182fb6a74a.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: DUS51-P1
content-type: application/javascript
x-amz-cf-id: JEkzY_ZwSzs3FH35hDJDm6MD-4hImwwYBAxZbQXwurC1MRegRUC5og==

GET
H2 200 mon
pixel.adsafeprotected.com/ Frame 58FD 43 B
216 B 47ms
46ms Image
image/gif 54.247.26.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.adsafeprotected.com/mon?anId=10933&advId=27804846&campId=16808042297&pubId=1&chanId=29796730690&placementId=418857136&adsafe_par&impId=ABAjH0iFuwDHX_yBoz24gE_-3L_1&bidurl=https://gofobo.com/sweepstakes/TikiTunesSpeaker&adsafe_url=https%3A%2F%2Fgofobo.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2F6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2F6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html&adsafe_type=d&adsafe_jsinfo=,id:1125e8e0-3285-53b9-9381-6f38e20b3f5e,c:dlPwlS,sl:na,em:true,fr:false,thd:1,mn:jsserver-primary-58499bf7cc-7x2vw,rg:ie,pt:1-5-15,br:c,abv:na,an:n,oam:0,scm:publ1.grpm1,nbld:0,mtim:151,fm:t6zs95s+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c*.10933%7C1c1%7C1c2%7C1c3%7C1d1%7C1d21%7C1d3%7C1d4,idMap:1c*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:1,renddet:IMG.qs,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,tt:jload,et:158,oid:5332a816-d9d6-11ec-928f-6e610e97ed11,v:19.8.309,sp:1,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.247.26.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-247-26-77.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:49 GMT
x-server-name: app15.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
cache-control: no-cache
content-type: image/gif
content-length: 43
server: nginx

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 63ms
63ms Image
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2022051701&jk=4187508081850335&bg=!Tk2lTQnNAAZ4vKt9WLw7ACkAdvg8WifJTFHlo7JTPA2huJ-OM4gL1bSMmeJBawmf0k76Mpy_IjBacAIAAABwUgAAAAFoAQeZAp-F6Ee9oIP9TzE0KUHmwTs5lMS4_oL5sEeEmMLMTQMXkZhusqIVMx2TorDcWGQnx4o_CHon1H5Gvpx4cipW12CDuLS8R60T6AKLJbzX6aD4oMn-gqqbHKfxdSrde5aqnCmYJ_7sPe_4-t_w4OPrmGxcyi3-fhVnZykuPn6nuWjt6NcGGnJiCEInUo-Mr5YmyMFLNaklzNkkEA-WGnb5AE1nfIZWhnyP63fybmwV8vX6VNx4Z50uJgUCcPI5_dZV8gMRyW2KESwJE-EwkshUd_KZVt653nbj7BuZf1uPMnRiEU5fyO0n967bboN5yWOWtJbrJlgiQE23R2sF0EGBmPTGyQZzmNy98u84E360jpM-xznYk1KtXg3amAUDX8aQ6qrBKCdLrw5y9H1OKEgsCihnMB0XULsDCKTePwSAPyltWL8xTS2PHFrD2tJfF5XIVZNII7NRNQJ60BqxbD1pBeUEu3q1_XPvtH65TkLjRYwE-v-QQVuq-FzQEmJET_GGkQU-IVKDfXiaAvsHHkO1y63s7IBy6Enta4ihKyv6ikDKG1haWYRtfo598dLltLqd-lHg9Fa_YQVp2j751p7TRwtohcN-gIldDbdV7OCNrtL4ewRxfRTbbX3plgOwJszdgUq8oIZ8Q-KOqJHthTpydeyGYPg5LNKFQYyOFtP_YVgDEymTD_QlaKlmEw4X7Jil7TWwON7zgtWqCPlrfeEnSpauRRnIQzRZZBaS88NrfDbm_PcDt1Uhp288lQesjyPYRxSsn08W3rwZzxknBvvqlU7fcdP3PygT8SISvPWYNS49xH1Xzu2dYfvsxfOksPqiex5wQ9ttXbtJnrysFREgJ0aqphFEQsyIS5Ionc7Sx8yjSvphjTODw5K1OjSgy9uh1A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 58FD 43 B
301 B 279ms
95ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=1125e8e0-3285-53b9-9381-6f38e20b3f5e&tv=%7Bc:dlPwmh,pingTime:-3,time:183,type:v,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:158%7D,%7Bpiv:0,vs:o,r:l,t:183%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:183,n:183,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:158,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B32~1,0~0%5D,as:%5B32~300.250%5D%7D%7D,%7Bsl:o,t:183,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B0~0%5D,as:%5B0~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:t6zs95s+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c*.10933%7C1c1%7C1c2%7C1c3%7C1d1%7C1d21%7C1d3%7C1d4,idMap:1c*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:49 GMT
X-Server-Name: dt41.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 58FD 43 B
301 B 276ms
92ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=1125e8e0-3285-53b9-9381-6f38e20b3f5e&tv=%7Bc:dlPwmh,pingTime:-6,time:183,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:0,o:184,n:183,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:158,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B32~1,0~0%5D,as:%5B32~300.250%5D%7D%7D,%7Bsl:o,t:183,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B1~0%5D,as:%5B1~300.250%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:jload,dtt:0,fm:t6zs95s+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c*.10933%7C1c1%7C1c2%7C1c3%7C1d1%7C1d21%7C1d3%7C1d4,idMap:1c*,rmeas:1,rend:1,renddet:IMG.qs%7D&tpiLookup=ao:gofobo.com*&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:49 GMT
X-Server-Name: dt52.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 58FD 43 B
301 B 273ms
90ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=1125e8e0-3285-53b9-9381-6f38e20b3f5e&tv=%7Bc:dlPwmq,pingTime:-2,time:192,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:667,beZ:668,mfA:818,cmA:818,inA:818,inZ:819,prA:819,prZ:822,si:825,poA:825,poZ:832,cmZ:832,mfZ:832,loA:850,loZ:852,ltA:859,ltZ:859%7D%7D,sca:%7Bdfp:%7Bdf:2,sz:300.250,dom:img%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:158%7D,%7Bpiv:0,vs:o,r:l,t:183%7D,%7Bpiv:99,vs:i,r:,t:191%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1,o:191,n:183,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:158,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B32~1,0~0%5D,as:%5B32~300.250%5D%7D%7D,%7Bsl:o,t:183,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B8~0%5D,as:%5B8~300.250%5D%7D%7D,%7Bsl:i,t:191,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:99,obst:0,th:0,reas:,bkn:%7Bpiv:%5B2~75%5D,as:%5B2~300.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:0,fm:t6zs92g+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c*.10933%7C1c1%7C1c2%7C1c3%7C1d.1032644-63173256%7C1d1%7C1d21%7C1d3%7C1d4,idMap:1c*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:1,renddet:IMG.qs,sinceFw:34,readyFired:true%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:49 GMT
X-Server-Name: dt43.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F625 0
20 B 52ms
51ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BPWIo9D-KYrTSDoWk3gONt4TAAwAAAAA4AeAEAg&bg=!19Sl1JDNAAZ4vKt9WLw7ACkAdvg8WlgshxppkxyQH6egqpnf4jlzcFzPWDhlV8-XWhMnpPm-kLivggIAAAEhUgAAAAZoAQeZAu6X9aXXDRVdlksQRP20Dwz4zABUK7Mu-ScKPYV-P_o3ryYE8TaOgXBGCRPJEEYUvYhgwu6dGdIlyt91NTTUJLwoyKoZChUsSb_R-DQRCPO0ojZp3xnJk4rkwdXr02zcCkMgj0TIOvR082tInfRlIZOTg7vaOn-HWjKu0XOh2C-hPKUosM6D5ykbGnQ5WJFtYyzWXNOz9HX4Sz8eTFrqPXCo8N2EJZ5pK02PthfDS2YseDMtech_uicACH9LYSDvD_J2AXKys8UC9sf88KzonV5s7T64gPKp3QVE9p1WNx3W1GUL37ExJm_aupAFnnxqTpUxBdLGmVXONfu6bqgHzbmOcwBk0k2t0ojupAs50jkNnKEdEkpkekuXFjugnzCpAGXb4EaNl_9OyDjNkSrh5QW1BY-OZpGiyoPa7dbmmXShdd0IMIx_Rgzu7kNjSHueN5Hv1YEekbQOEsyCo5a3VPO5X5atLm8LJiADcQrZWjU_E3Ii2Wzazbzk8nYu8LCr85TkKpX7RAGD753Ug7aIeRHdyyvgwRwenakCpbfdLBP1J3Boy3cRgLquqcy5h384yDjVlHEk5uOTigbCs4Q9NEtXe2exeZoG4e5iuu5G5xSVG8Mc8kH7RRv607KVRUCLfh5sRE4zcW9pae0vAVplB80VQeN3aUFjdkLCZQL6YbN-St9LYLZTh9ZwK4jZNlULm60Pjp7iNiTvr2D1TISF5Fl5mvIqexcaoZVImSxLt_W4Q8vQoMcg2USI3oUyymPaRhoi5pVn78II-6AbtOkcDTcSZMZRCLGiEDMRzQA4909d8C1CNvGTD6jrcSxAyTau3TrvN3Duz0PjOqbOpRcu74_-_AE56Tk1BY_BOv1EKZUWpOCzDRXEOvtARNUr7eOfLLQpKS3ePyFcMbTV5YTT4M-1JfIe9iwZIPp4PzZjmYpLfGgWv6Fagdc3Rtiqg7JeyZQhRXzJLSwnR2gBUximbrWYYA0pIsByL0JBCUIEBPs

Requested by

Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame C9A8 43 B
301 B 210ms
99ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1032644&asId=8f6e22b8-949e-debd-9938-9aea3074e2d4&tv=%7Bc:dlPwnR,time:479,type:e,im:%7Bimprf:%7Bttecl:468,ecd:96,tsecr:53%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:165,o:314,n:1,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:233,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B59~0%5D,as:%5B59~728.90%5D%7D%7D,%7Bsl:n,t:280,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~1,0~0%5D,as:%5B1~728.90%5D%7D%7D,%7Bsl:o,t:281,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B33~0%5D,as:%5B34~728.90%5D%7D%7D,%7Bsl:i,t:314,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B166~100%5D,as:%5B165~728.90%5D%7D%7D%5D,slEventCount:4,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t6zs92g+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c.10933%7C1c1%7C1c21%7C1c3%7C1d*.1032644-63173256%7C1d1%7C1d21%7C1d3,idMap:1d*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Requested by: Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:49 GMT
X-Server-Name: dt39.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 44C9 0
20 B 50ms
50ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bn8l39D-KYr32KpiP3gPYiJTACgAAAAA4AeAEAg&bg=!CwilCEzNAAZ4vKt9WLw7ACkAdvg8Wmz95tBpB0P6iYRSP9nu_OQDkZ4wUr3jSJZrZlc92C4NCQC32wIAAABhUgAAAAFoAQcKAFFKKg010y-zoMvoQmvat0Gw7Q2Ux-x85VyfpEQuOq8JFVBKiwCy_fRL7a-4A6kIqPZMNg8ZrtLpz_USyccmBXbD5EUmC_bgpiVkbDVxt4RRmWqZAueth9Z3ghrwcC5muLiAtzqQRHvxp40W_uly9_kZiIV7gQKgfgA38ElwEf8QdU47YlqKS84BeezZMyKKdjXCslO8nAytyljFMuQHLJeZa-HgJSN3LfAYdhxj8zei8XjYyU9mIxgh5IXYSJxX2oxorYpYpWdL753xudc7Q-wbi2PeuS9uexsZpLSG1e3ZrWERgwNUyb2H4uweCeCziLpu-piCs-D2J-bBM2zHVIUDn6asqSwD8RelPNBjoDj3DxwbxxJ_2iOKxi3bszsVLqODK9wGXIBDLGJnSaf4fxBI7uyS_IZmN70WoRXI-15on8Oi4nSkDRBKVWUBYspIobmPeQoknE8BcAQUiqGb0AmTV_RResc_0bHa89PVgLIwCxCZ63ccAE31RzgIciyEcoVvWWJzofrC-KTXZ1OUU5sVhrhfIpIYuk2Z8LxkOvxN53XWym_Ms22c78aaQ93iaekP_FJRf5dMk0BKZpUKFq0JsBhl1YCwQfx4cq1xQUOT3TCdWr-J95PPLfoaf_VS7DcqQbOj_iH_FXWwezMnDlXDDxsn34EtgGa574ukFt7TacGUAnyPglev2AT6-loCN170st-7J0ExaPP-IgkW68vsJ2zdw3D95t7PRnyc0H60T-AHctxcxthAbsRG1ZOZrxaUqYSbi4KOLFTKSdsVS3it6-F5__uX8D_KG_UTqXhXjCAqELMTIm_f1wTyKFPeN9GFOfoP8goFBbyOXW45zadlWS-8eFr5RvEcTCLra3oS7hRBYJUoZaREGNVjXAGMvXYsuSBewshxKBSufzVf6s7ZjYZX3GILhetSAXKQCs7TdwBp8WAUSgKa0ipOtiSpMosOyGMw9h6seE3hrOwTgYglsKecQAZq_-UFM81SZPjOrXXhLb0UbFhzqeIZ5d36Pj8T0-ZY9IS9o1zWOnT8QKMEflnTC2VnmOIXAlOajLG7a_CoHpSOHTgokk1M3nIeQjmLbjwQoL2c4juNmQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect Show response
d.clarity.ms/ 0
48 B 300ms
299ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: https://gofobo.com
date: Sun, 22 May 2022 13:51:48 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame C9A8 43 B
301 B 93ms
93ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1032644&asId=8f6e22b8-949e-debd-9938-9aea3074e2d4&tv=%7Bc:dlPwqV,pingTime:-10,time:669,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDEuMC40OTUxLjY0IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1653227509277%7C%7Ceb9b32115ea407044dfa7b45182e731c%7C%7C20974fba76ac68d3b08560343ae2118a%7C%7C65eb60e40ad4fa06454575e2122dc700%7C%7C555d8ecbd63cb2a7f3f6a2b2b27b7b3a%7C%7C02fdb0c6d9a2047e2cddd14a61ba8035%7C%7C0db5a384d26b261e66d777857a62e930%7C%7C12ee804f11f1b4c6a2e23e547e91c9ec%7C%7C1629390669%7D
Requested by: Host: 6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
URL: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:49 GMT
X-Server-Name: dt43.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame 56B4 42 B
64 B 58ms
57ms Image
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsseyWYASgPqt4nIKwTltBi4LXy0fwvZtsYn8I3Lez-nd9htRPtoOdEl-68lLAsc43Rupxxhq5laAPX-6AfJ12oc9HjlaMH0lMHKtK-Aog0_7l-DAo4oNeoAnpLE&sai=AMfl-YTHUDdFzFyYa_9XXQDgl7WmUFrXHiicfw_kt2c-ck0cW6MNNkOG0GIBKIsS_61MdZbjyNNUmlfLKF0qs6LY6SoURTTXs1IaSr01EyOiDxDIjDVBUNaRC2G9EGKGRZii&sig=Cg0ArKJSzLzbCm5Po465EAE&id=ampim&o=315,149&d=970,250&ss=1600,1200&bs=1600,1200&mcvt=1000&mtos=0,0,0,1000,1000&tos=0,0,0,1000,0&tfs=207&tls=1207&g=100&h=100&tt=1207&r=v&avms=ampa&uap=&uapv=&uaa=&uam=&uafv=&uab=&uafvl=%5B%5D&uaw=false&adk=788573710

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gofobo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 58FD 43 B
301 B 89ms
88ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=1125e8e0-3285-53b9-9381-6f38e20b3f5e&tv=%7Bc:dlPwuy,pingTime:-10,time:696,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDEuMC40OTUxLjY0IFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1653227509277%7C%7Ceb9b32115ea407044dfa7b45182e731c%7C%7C20974fba76ac68d3b08560343ae2118a%7C%7C65eb60e40ad4fa06454575e2122dc700%7C%7C555d8ecbd63cb2a7f3f6a2b2b27b7b3a%7C%7C02fdb0c6d9a2047e2cddd14a61ba8035%7C%7C0db5a384d26b261e66d777857a62e930%7C%7C12ee804f11f1b4c6a2e23e547e91c9ec%7C%7C1629390669,sca:%7Bspg:8f6e22b8-949e-debd-9938-9aea3074e2d4%7D%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:49 GMT
X-Server-Name: dt43.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C9A8 42 B
64 B 86ms
51ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuoifeGn2qCyohIcnISv3ZqjRRmcclQjvuwSTU-NSRCrQmQuwq78REYH8Dba5w7o0lON79dQmqPaxwhWcc6xWo5KhrmLcIBVEj0A7qgDI5y2hXIuJiDSFPIKFt1&sai=AMfl-YQ3LYZHrno0zkTTmFVdq2OSdLk54UUWKkiy2KtHOjA0WUtYhmrQtYoyLWqMDcrOsehhq6DW4vDRy930h47pdGzlmnc2gI-_uWwZ0tBLN64eMOoswJAS4zs6O3ZvNI3a&sig=Cg0ArKJSzJxIR5f_BGKGEAE&cid=CAASKORoUv5kc5pMA08hkZdP_RTXtc0Bv1d2Q-VJpJLFkNGp0nGUguOjspI&id=lidar2&mcvt=1000&p=1095,436,1185,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220518&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=2297967860&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1653227508144&rpt=444&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 58FD 42 B
64 B 44ms
43ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst9Kh_tv1ktgrNoN6wGR7lm_IBLrQuyq9N8a1UGO9qhTVOm8jSvwWoVTYqjedfHqgtl99B_GahqjZN3oezslys11gFd1khMPpoGKgUERMuve8eTVilHCFbpxTU4&sai=AMfl-YTkPpHiUKUvt8EVP9ZC9W8zRHpx3X5wrC6ugi890m1CPrMyLLpiVzEncQMiMFRtz4Jww6oCjSihk8QnNWGMg0NE4yoVG8e0HTkAds_hKxVyPu8YI-jXPs5wZ2Ci4JOt&sig=Cg0ArKJSzGo9dUpQfoXxEAE&cid=CAASKORoGILQsvmGeji3oXrnxb_s4Zmj6hWoYnXqM7YCFtwpccuotKK36hY&id=lidar2&mcvt=1000&p=952,650,1206,950&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20220518&bin=7&avms=nio&bs=0,0&mc=0.98&if=1&vu=1&app=0&itpl=20&adk=3266753822&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1653227508139&rpt=720&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 58FD 42 B
64 B 40ms
40ms Fetch
image/gif 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuqlR_VWyFqNq1We7gKdRCTSzlyhXThyEeWw1yKmO9h4wk8yTLlEluL0FDXqI3ZnirkK39JUopkF1d3uVmk9H_CPdXdhTrLcWA&sig=Cg0ArKJSzOpJf9ORZm4fEAE&id=lidar2&mcvt=1011&p=0,0,250,300&mtos=0,1011,1011,1011,1011&tos=0,1011,0,0,0&v=20220518&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&vu=1&app=0&itpl=32&adk=3690638943&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXSxmYWxzZV0%3D&vs=4&r=v&rst=1653227508139&rpt=724&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:49 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame C9A8 43 B
301 B 92ms
91ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1032644&asId=8f6e22b8-949e-debd-9938-9aea3074e2d4&tv=%7Bc:dlPwBm,pingTime:1,time:1316,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:234%7D,%7Bpiv:-1,vs:n,r:,t:280%7D,%7Bpiv:0,vs:o,r:l,t:281%7D,%7Bpiv:100,vs:i,r:,t:314%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1002,o:314,n:1,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:233,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B59~0%5D,as:%5B59~728.90%5D%7D%7D,%7Bsl:n,t:280,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~1,0~0%5D,as:%5B1~728.90%5D%7D%7D,%7Bsl:o,t:281,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B33~0%5D,as:%5B34~728.90%5D%7D%7D,%7Bsl:i,t:314,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1003~100%5D,as:%5B1002~728.90%5D%7D%7D%5D,slEventCount:4,em:true,fr:false,e:,tt:rjss,dtt:96,fm:t6zs92g+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c.10933%7C1c1%7C1c21%7C1c3%7C1d*.1032644-63173256%7C1d1%7C1d21%7C1d3,idMap:1d*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:49 GMT
X-Server-Name: dt43.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame C9A8 43 B
301 B 97ms
96ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1032644&asId=8f6e22b8-949e-debd-9938-9aea3074e2d4&tv=%7Bc:dlPwBo,pingTime:1,time:1318,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:234%7D,%7Bpiv:-1,vs:n,r:,t:280%7D,%7Bpiv:0,vs:o,r:l,t:281%7D,%7Bpiv:100,vs:i,r:,t:314%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1004,o:314,n:1,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:233,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B59~0%5D,as:%5B59~728.90%5D%7D%7D,%7Bsl:n,t:280,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~1,0~0%5D,as:%5B1~728.90%5D%7D%7D,%7Bsl:o,t:281,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B33~0%5D,as:%5B34~728.90%5D%7D%7D,%7Bsl:i,t:314,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1004~100%5D,as:%5B1003~728.90%5D%7D%7D%5D,slEventCount:4,em:true,fr:false,e:,tt:rjss,dtt:96,fm:t6zs92g+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c.10933%7C1c1%7C1c21%7C1c3%7C1d*.1032644-63173256%7C1d1%7C1d21%7C1d3,idMap:1d*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:49 GMT
X-Server-Name: dt39.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 58FD 43 B
301 B 98ms
97ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=1125e8e0-3285-53b9-9381-6f38e20b3f5e&tv=%7Bc:dlPwCy,pingTime:1,time:1192,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:158%7D,%7Bpiv:0,vs:o,r:l,t:183%7D,%7Bpiv:99,vs:i,r:,t:191%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:1001,o:191,n:183,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:158,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B32~1,0~0%5D,as:%5B32~300.250%5D%7D%7D,%7Bsl:o,t:183,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B8~0%5D,as:%5B8~300.250%5D%7D%7D,%7Bsl:i,t:191,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:99,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1002~75%5D,as:%5B1002~300.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:94,fm:t6zs92g+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c*.10933%7C1c1%7C1c2%7C1c3%7C1d.1032644-63173256%7C1d1%7C1d21%7C1d3%7C1d4,idMap:1c*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:50 GMT
X-Server-Name: dt41.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/ib/static/usersync/v3/ Frame 3C22 995 B
1 KB 130ms
34ms Document
text/html 151.101.65.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.13.10 /
Resource Hash: 8730c26defc411dd8a51f1da47e5ae3804fab6868f7914a26b09d8e0791bbe39

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 1412847
Cache-Control: max-age=31536000
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 506
Content-Type: text/html
Date: Sun, 22 May 2022 13:51:51 GMT
ETag: W/"573e714d-3e3"
Expires: Thu, 06 May 2021 05:24:22 GMT
Last-Modified: Fri, 20 May 2016 02:07:09 GMT
Server: nginx/1.13.10
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 194520, 96125
X-Served-By: cache-lga21980-LGA, cache-hhn4033-HHN
X-Timer: S1653227511.246369,VS0,VE0

GET
H2 200 sync Show response
pre.ads.justpremium.com/v/1.0/t/ Frame CAA3 5 KB
5 KB 74ms
74ms Document
text/html 18.185.167.12
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=ahpq5np1653227506618
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.185.167.12 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-185-167-12.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 696dfecb8d4cdb60bfc82dd7348c626bf1ea8826016e3c8f2bd43d65d87099eb

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: public, no-cache, no-store, must-revalidate
content-type: text/html; charset=utf-8
date: Sun, 22 May 2022 13:51:51 GMT

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame DF16 38 KB
14 KB 526ms
173ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: c7cba051adb45bda78591c9b2f415a1009c62ca0301df36f7d92291bf5d423b4

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: public, max-age=33465
content-encoding: gzip
content-length: 13941
content-type: text/html; charset=UTF-8
date: Sun, 22 May 2022 13:51:51 GMT
etag: "1302647-96a7-5da3b2ade946f"
expires: Sun, 22 May 2022 23:09:36 GMT
last-modified: Tue, 15 Mar 2022 05:35:40 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame 9721 281 B
554 B 85ms
22ms Document
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 22 May 2022 13:51:51 GMT
ETag: "402b2-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2

200

sync Show response
eb2.3lift.com/ Frame 869B
Redirect Chain

https://eb2.3lift.com/sync?
https://eb2.3lift.com/sync?&ld=1

1 KB
1022 B

37ms
37ms

Document
text/html

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://eb2.3lift.com/sync?&ld=1
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: ecb440662506ec6360cb84121d2f558e170bb8a9c9127d32abe17a99951dec0c

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-length: 455
content-type: text/html; charset=utf-8
date: Sun, 22 May 2022 13:51:51 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Sun, 22 May 2022 13:51:51 GMT
location: /sync?&ld=1
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 9721 31 KB
10 KB 19ms
19ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: a1454ecc15be4ed4f80ea452ed9fb072fa1eac4e5561d47517a52eca69e2a5ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Sun, 22 May 2022 13:51:51 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 May 2022 17:10:31 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=57871
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9446
Expires: Mon, 23 May 2022 05:56:22 GMT

GET
H2 200 jp Show response
rtb.gumgum.com/usync/ Frame 122A 3 KB
1 KB 139ms
41ms Document
text/html 54.171.192.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Requested by: Host: pre.ads.justpremium.com
URL: https://pre.ads.justpremium.com/v/1.0/t/sync?_c=ahpq5np1653227506618
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.192.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-192-139.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 37903f84c792990367ace287d5eb65e68d8e92fa080e26b91032d064f51bd671

Request headers

Referer: https://pre.ads.justpremium.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Sun, 22 May 2022 13:51:51 GMT
etag: W/"09734de944f2c2493d4ab3a997b06eac4"
server: nginx
timing-allow-origin: *

GET
H/1.1 200
OK async_usersync Show response
secure.adnxs.com/ Frame 3C22 0
741 B 55ms
20ms Script
text/html 37.252.172.37
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/async_usersync?cbfn=AN_async_load

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/ib/static/usersync/v3/async_usersync.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.37 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:51 GMT
X-Proxy-Origin: 193.27.14.40; 193.27.14.40; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: eb884ce5-e686-408e-9caf-ceb5f50035b3
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 869B 70 B
264 B 43ms
42ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:51 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 869B
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=ODE4MDg5NjczNTk0NDcyOTc4NjQz

170 B
188 B

37ms
37ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=ODE4MDg5NjczNTk0NDcyOTc4NjQz

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=1&gdpr_consent=&us_privacy=&google_hm=ODE4MDg5NjczNTk0NDcyOTc4NjQz
date: Sun, 22 May 2022 13:51:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 869B 170 B
188 B 38ms
37ms Image
image/png 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=1&gdpr_consent=

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 869B
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=1&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=ODE4MDg5NjczNTk0NDcyOTc4NjQz

170 B
188 B

37ms
37ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=ODE4MDg5NjczNTk0NDcyOTc4NjQz

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=1&gdpr_consent=&us_privacy=&google_hm=ODE4MDg5NjczNTk0NDcyOTc4NjQz
date: Sun, 22 May 2022 13:51:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 setuid
px.ads.linkedin.com/ Frame 869B 0
590 B 447ms
209ms Image
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=818089673594472978643&dbredirect=true&gdpr=1&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:50 GMT
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: D5276DF1BA174FDDBCCC4EDF42DE9BF2 Ref B: FRAEDGE1510 Ref C: 2022-05-22T13:51:51Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-source-fabric: prod-ltx1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXfmgaQWTVlwxV+bfYEuA==

GET
H2

200

xuid
eb2.3lift.com/ Frame 869B
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/triplelift/818089673594472978643?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-jlXGwmFE2oTRIh3PuAqM0rRUBvxDSDHs1Vl728TtBg--~A&dongle=0883

37 B
354 B

20ms
20ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-jlXGwmFE2oTRIh3PuAqM0rRUBvxDSDHs1Vl728TtBg--~A&dongle=0883
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

date: Sun, 22 May 2022 13:51:51 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-jlXGwmFE2oTRIh3PuAqM0rRUBvxDSDHs1Vl728TtBg--~A&dongle=0883
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 869B 43 B
220 B 18ms
17ms Image
image/gif 18.194.159.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=triplelift&user_id=818089673594472978643&gdpr=1&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.159.8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-159-8.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Sun, 22 May 2022 13:51:51 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

200
OK

iu3
s.amazon-adsystem.com/ Frame 869B
Redirect Chain

https://s.amazon-adsystem.com/x/757c0557066e95cfd4c7?gdpr=1&gdpr_consent=&uid=818089673594472978643
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=818089673594472978643&dcc=t

0
0

104ms
103ms

Image
text/html

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=818089673594472978643&dcc=t
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Server: 52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Redirect headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:51 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 8NK6G9YAGAMPKWTWY41B
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location: https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=3lift&gdpr=1&gdpr_consent=&uid=818089673594472978643&dcc=t
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame 869B
Redirect Chain

https://b1sync.zemanta.com/usersync/triplelift?gdpr=1&gdpr_consent=
https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1

37 B
139 B

22ms
22ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:51 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

Location: https://eb2.3lift.com/xuid?mid=2460&dongle=dba8&xuid=&gdpr=1
Pragma: no-cache
Date: Sun, 22 May 2022 13:51:51 GMT
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Content-Length: 95
Content-Type: text/html; charset=utf-8

GET
H/1.1 400
Request failed due to privacy signals setuid
ib.adnxs.com/prebid/ Frame 869B 0
0 23ms
22ms Image
text/html 37.252.172.249
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=1&gdpr_consent=&uid=818089673594472978643
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?&ld=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 37.252.172.249 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),
Reverse DNS: 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eb2.3lift.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 9721
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://pr-bh.ybp.yahoo.com/sync/rubicon/ohtQou5nQRkxS4cY8DBgtw?csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=2208605081258343356

0
239 B

27ms
27ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=2208605081258343356
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Content-Type: image/gif

Redirect headers

date: Sun, 22 May 2022 13:51:51 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=2208605081258343356
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H2

200

setuid
px.ads.linkedin.com/ Frame 9721
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L3HCZ0DT-S-1XMX

0
705 B

276ms
196ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L3HCZ0DT-S-1XMX
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:50 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 64577B6B131E413F95FE41AFB2DEBAA0 Ref B: FRAEDGE1510 Ref C: 2022-05-22T13:51:51Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXfmgaQlncLez0jKZPc1A==

Redirect headers

Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=L3HCZ0DT-S-1XMX
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
aax-eu.amazon-adsystem.com/s/ Frame 9721
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=Youe9924Tn2zLU8i6sOpQQ&rk=usync-other
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Youe9924Tn2zLU8i6sOpQQ

43 B
556 B

35ms
34ms

Image
image/gif

52.94.223.37
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Youe9924Tn2zLU8i6sOpQQ

Protocol

HTTP/1.1

Server

52.94.223.37 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:51 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: 99RKZ4PFQV9CJZWT38XQ
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=Youe9924Tn2zLU8i6sOpQQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame 9721
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=7RaoPTtpSbG-LhnK_0yqUQ&rk=usync-na
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=7RaoPTtpSbG-LhnK_0yqUQ

43 B
556 B

100ms
100ms

Image
image/gif

52.46.130.91
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=7RaoPTtpSbG-LhnK_0yqUQ

Protocol

HTTP/1.1

Server

52.46.130.91 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:52 GMT
Vary: Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server: Server
x-amz-rid: ZP45B8PMP46ZE2306D5G
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy: interest-cohort=()
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Location: https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=7RaoPTtpSbG-LhnK_0yqUQ
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/ Frame 9721
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEIrUe_4Byfg7AUMQWkBdXs8&google_cver=1

0
239 B

79ms
20ms

Image
image/gif

69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEIrUe_4Byfg7AUMQWkBdXs8&google_cver=1
Protocol: HTTP/1.1
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:51 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEIrUe_4Byfg7AUMQWkBdXs8&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 326
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 9721
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NWIyZTEzMjU4YzAxMDdmMmE5NzQ1NDFhMzkxNjkwOWY1NTNiZjkwOA

170 B
188 B

32ms
32ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NWIyZTEzMjU4YzAxMDdmMmE5NzQ1NDFhMzkxNjkwOWY1NTNiZjkwOA

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:51 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NWIyZTEzMjU4YzAxMDdmMmE5NzQ1NDFhMzkxNjkwOWY1NTNiZjkwOA
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

204

v1
ads.yahoo.com/cms/ Frame 9721
Redirect Chain

https://token.rubiconproject.com/token?pid=26594
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L3HCZ0DT-S-1XMX&sigv=1&esig=2~c7ce7f25f6b65df5c6326998745d5b90dfdc8700

0
194 B

518ms
160ms

Image
text/plain

2a00:1288:80:807::1
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L3HCZ0DT-S-1XMX&sigv=1&esig=2~c7ce7f25f6b65df5c6326998745d5b90dfdc8700

Protocol

Server

2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:51 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

Location: https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=L3HCZ0DT-S-1XMX&sigv=1&esig=2~c7ce7f25f6b65df5c6326998745d5b90dfdc8700
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 611afce88997db6fdd35eb213e662871
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 rubicon
match.adsrvr.org/track/cmf/ Frame 9721 70 B
264 B 48ms
42ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/rubicon
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:51 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 122A
Redirect Chain

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
https://usersync.gumgum.com/usersync?b=apn&i=3594743680017809518

35 B
250 B

186ms
39ms

Image
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=apn&i=3594743680017809518
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: HTTP/1.1
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:51 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:51 GMT
X-Proxy-Origin: 193.27.14.40; 193.27.14.40; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 6604dded-84e8-466d-adc1-bc9e264bd7a8
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://usersync.gumgum.com/usersync?b=apn&i=3594743680017809518
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK sync
x.bidswitch.net/ Frame 122A 43 B
220 B 22ms
21ms Image
image/gif 18.194.159.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_9c3e9fa1-2131-4bf0-88e7-23fe87d05243&gdpr=1&gdpr_consent=&us_privacy=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.159.8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-159-8.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Sun, 22 May 2022 13:51:51 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2

400

pixelSync
pixel-sync.sitescout.com/dmp/ Frame 122A
Redirect Chain

https://sync.outbrain.com/redirectObuid?platformId=GUMGU18H7EL9NI653I7DPEH51&gdpr=1&gdprConsent=&platformRdUrl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dobn%26i%3D%7BOB_UID%7D%26r%3D%7BobR...
https://usersync.gumgum.com/usersync?b=obn&i=ENC%28Eytniiv5lnfDux7qDLoPVG2LABLhbn3Lue0nhNaSR37-AVqo_pnJ43GVZRWci48p%29&r=https%3A%2F%2Fsync.outbrain.com%2FsyncUser%3FplatformId%3D%7Bplatform_id%7D%...
https://sync.outbrain.com/syncUser?platformId=GUMGU18H7EL9NI653I7DPEH51&platformUid=e_9c3e9fa1-2131-4bf0-88e7-23fe87d05243&obuid=ENC(Eytniiv5lnfDux7qDLoPVG2LABLhbn3Lue0nhNaSR37-AVqo_pnJ43GVZRWci48p)
https://sync.outbrain.com/syncPartner?platformId=GUMGU18H7EL9NI653I7DPEH51
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=127&gdpr=[EXCHANGE_GDPR_MACRO]&gdpr_consent=[EXCHANGE_CONSENT_MACRO]&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcentro%26uid%3D%7Bu...

0
57 B

108ms
26ms

Image
text/plain

66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=127&gdpr=[EXCHANGE_GDPR_MACRO]&gdpr_consent=[EXCHANGE_CONSENT_MACRO]&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcentro%26uid%3D%7BuserId%7D%26obUid%3DEytniiv5lnfDux7qDLoPVG2LABLhbn3Lue0nhNaSR37-AVqo_pnJ43GVZRWci48p&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: H2
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:51 GMT
server: AC1.1

Redirect headers

Location: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=127&gdpr=[EXCHANGE_GDPR_MACRO]&gdpr_consent=[EXCHANGE_CONSENT_MACRO]&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcentro%26uid%3D%7BuserId%7D%26obUid%3DEytniiv5lnfDux7qDLoPVG2LABLhbn3Lue0nhNaSR37-AVqo_pnJ43GVZRWci48p&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING
Date: Sun, 22 May 2022 13:51:52 GMT
X-TraceId: 0c047bfec86e3dee5d453890c2870e56
Content-Length: 0

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 122A 43 B
131 B 54ms
45ms Image
image/gif 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=1&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:51 GMT
content-encoding: gzip
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK sync
sync.srv.stackadapt.com/ Frame 122A 43 B
168 B 456ms
100ms Image
image/gif 54.163.96.140
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.srv.stackadapt.com/sync?nid=1&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.163.96.140 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-163-96-140.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Sun, 22 May 2022 13:51:51 GMT
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

GET
H2

200

usersync
rtb.gumgum.com/ Frame 122A
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=1&gdpr_consent=
https://rtb.gumgum.com/usersync?b=oth&i=y-_2nOucZE2pdJCMT1Vrd88x6xBIsHu1QLmt1I~A

35 B
208 B

47ms
47ms

Image
image/gif

54.171.192.139
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/usersync?b=oth&i=y-_2nOucZE2pdJCMT1Vrd88x6xBIsHu1QLmt1I~A
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: H2
Server: 54.171.192.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-192-139.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:51 GMT
server: nginx
content-type: image/gif;charset=UTF-8
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

date: Sun, 22 May 2022 13:51:51 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://rtb.gumgum.com/usersync?b=oth&i=y-_2nOucZE2pdJCMT1Vrd88x6xBIsHu1QLmt1I~A
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 122A
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=1&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync...
https://usersync.gumgum.com/usersync?b=vnt&i=5541ff71-d9d6-11ec-8a25-c312b08c9a12

35 B
250 B

34ms
33ms

Image
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=vnt&i=5541ff71-d9d6-11ec-8a25-c312b08c9a12
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: HTTP/1.1
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:51 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

Location: https://usersync.gumgum.com/usersync?b=vnt&i=5541ff71-d9d6-11ec-8a25-c312b08c9a12
Date: Sun, 22 May 2022 13:51:51 GMT
Server: Apache-Coyote/1.1
Connection: keep-alive
Content-Length: 0
X-CI-RTID: 5541ff72-d9d6-11ec-8a25-c312b08c9a12

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 122A
Redirect Chain

https://sync.technoratimedia.com/services?srv=cs&pid=65&us_privacy=&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsnc%26i%3D%5BUSER_ID%5D
https://usersync.gumgum.com/usersync?b=snc&i=GDPR

35 B
250 B

34ms
34ms

Image
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=snc&i=GDPR
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: HTTP/1.1
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://rtb.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:51 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Type: image/gif
Content-Length: 35
Expires: 0

Redirect headers

date: Sun, 22 May 2022 13:51:51 GMT
via: 1.1 varnish
server: nginx
age: 0
location: https://usersync.gumgum.com/usersync?b=snc&i=GDPR
access-control-allow-methods: POST,GET,HEAD,OPTIONS
x-varnish: 765516279
access-control-allow-origin: https://rtb.gumgum.com/
access-control-allow-credentials: true
content-length: 0

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 0028
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=71&gdpr=1&gdpr_consent=&redir=https%3a%2f%2fusersync.gumgum.com%2fusersync%3fb%3dmmh%26i%3d%5bMM_UUID%5d
https://usersync.gumgum.com/usersync?b=mmh&i=142b628a-3ff3-4700-a19a-c55798d2844f&gdpr=1&gdpr_consent=

35 B
250 B

43ms
42ms

Document
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=mmh&i=142b628a-3ff3-4700-a19a-c55798d2844f&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Sun, 22 May 2022 13:51:51 GMT
Expires: 0
Pragma: no-cache

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Sun, 22 May 2022 13:51:51 GMT
Expires: Sun, 22 May 2022 13:51:50 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: MT3 4419 e1034d5 master nrt-pixel-x9 config:1.0.0
location: https://usersync.gumgum.com/usersync?b=mmh&i=142b628a-3ff3-4700-a19a-c55798d2844f&gdpr=1&gdpr_consent=

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 1FF2
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=1&gdpr_consent=&_test=Yoo-9wADNIuxHQAj
https://usersync.gumgum.com/usersync?b=atm&i=Yoo-9wADNIuxHQAj&gdpr=1&gdpr_consent=&_test=Yoo-9wADNIuxHQAj

35 B
250 B

45ms
44ms

Document
image/gif

34.247.233.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=atm&i=Yoo-9wADNIuxHQAj&gdpr=1&gdpr_consent=&_test=Yoo-9wADNIuxHQAj
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.247.233.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-247-233-198.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Sun, 22 May 2022 13:51:51 GMT
Expires: 0
Pragma: no-cache

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Sun, 22 May 2022 13:51:51 GMT
location: https://usersync.gumgum.com/usersync?b=atm&i=Yoo-9wADNIuxHQAj&gdpr=1&gdpr_consent=&_test=Yoo-9wADNIuxHQAj
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-cdg20753-CDG
x-timer: S1653227512.629072,VS0,VE0

GET
H3 200 pixel Show response
cm.g.doubleclick.net/ Frame FB54 170 B
188 B 35ms
34ms Document
image/png 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV85YzNlOWZhMS0yMTMxLTRiZjAtODhlNy0yM2ZlODdkMDUyNDM=&gdpr=1&gdpr_consent=

Requested by

Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 170
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Sun, 22 May 2022 13:51:51 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame BEEC 15 KB
6 KB 231ms
174ms Document
text/html 23.35.236.201
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=1&gdprConsent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.201 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-201.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=78956
content-encoding: gzip
content-length: 5549
content-type: text/html; charset=UTF-8
date: Sun, 22 May 2022 13:51:51 GMT
etag: "1300708-3de4-5d6ef246ef4cf"
expires: Mon, 23 May 2022 11:47:47 GMT
last-modified: Tue, 01 Feb 2022 06:38:00 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache/2.2.15 (CentOS)
vary: Accept-Encoding

GET
H2 200 generic Show response
match.adsrvr.org/track/cmf/ Frame 7C1C 70 B
264 B 43ms
43ms Document
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private,no-cache, must-revalidate
content-length: 70
content-type: image/gif
date: Sun, 22 May 2022 13:51:51 GMT
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma: no-cache
x-aspnet-version: 4.0.30319

GET
H2 204 um
cs.emxdgt.com/ Frame 2D34 0
0 230ms
37ms Document
text/html 18.195.155.181
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cs.emxdgt.com/um?redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Demx%26i%3D%24UID&gdpr=1&gdpr_consent=
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 0
content-type: text/html
date: Sun, 22 May 2022 13:51:51 GMT

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 7E3E
Redirect Chain

https://tg.socdm.com/aux/idsync?proto=gumgum
https://rtb.gumgum.com/usersync?b=sus&i=Yoo-.MCo8X8AADKpRFIAAAAA

35 B
208 B

36ms
36ms

Document
image/gif

54.171.192.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=sus&i=Yoo-.MCo8X8AADKpRFIAAAAA
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.192.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-192-139.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif;charset=UTF-8
date: Sun, 22 May 2022 13:51:52 GMT
expires: 0
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

Cache-Control: private
Connection: keep-alive
Content-Length: 0
Date: Sun, 22 May 2022 13:51:52 GMT
Location: https://rtb.gumgum.com/usersync?b=sus&i=Yoo-.MCo8X8AADKpRFIAAAAA
P3P: CP="See also http://www.scaleout.jp/privacy/"
Server: nginx
X-SO-Ads-Time: 1
X-SO-Cluster-ID: 20
X-SO-HostName: m-ad276.dc4p.scaleout.jp
X-SO-IP: 193.27.14.40
X-SO-Key: Yoo-.MCo8X8AADKpRFIAAAAA
X-SO-LB-Data: {"ban":false,"clean_query":"\/aux\/idsync?proto=gumgum","cluster_id":20,"gdpr":true,"ipv4":"0.0.0.0","key":"Yoo-.MCo8X8AADKpRFIAAAAA","privacy_sensitive":true,"uid":"","upstream_id":"m-ad276"}
X-SO-LB-Hostname: m-tgng27.dc4p.scaleout.jp
X-SO-Upstream-ID: m-ad276

GET
H2

200

usersync Show response
rtb.gumgum.com/ Frame 6DB4
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://rtb.gumgum.com/usersync?b=rth&i=LuLlp32uRyL2uMnzgadM&pi=gumgum&tc=1

35 B
208 B

46ms
45ms

Document
image/gif

54.171.192.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb.gumgum.com/usersync?b=rth&i=LuLlp32uRyL2uMnzgadM&pi=gumgum&tc=1
Requested by: Host: rtb.gumgum.com
URL: https://rtb.gumgum.com/usync/jp?r=https%3A%2F%2Fmatch.justpremium.com%2Fmatch%2Fgg%3Fjp_uid%3Dr-4e73d30c-90a7-4e62-9dc5-62cb62ba9362-33683-800359498%26ex_uid%3D%5BUID%5D&gdpr=1&gdpr_consent=&us_privacy=&limit=16
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.192.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-192-139.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4

Request headers

Referer: https://rtb.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif;charset=UTF-8
date: Sun, 22 May 2022 13:51:51 GMT
expires: 0
pragma: no-cache
server: nginx
timing-allow-origin: *

Redirect headers

cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
date: Sun, 22 May 2022 13:51:51 GMT Sun, 22 May 2022 13:51:51 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://rtb.gumgum.com/usersync?b=rth&i=LuLlp32uRyL2uMnzgadM&pi=gumgum&tc=1
pragma: no-cache

GET PugMaster
image6.pubmatic.com/AdServer/ Frame DF16 0
0

POST
H2 204 collect Show response
d.clarity.ms/ 0
48 B 96ms
96ms XHR
text/plain 40.76.174.66
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://d.clarity.ms/collect
Requested by: Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://gofobo.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

access-control-allow-origin: https://gofobo.com
date: Sun, 22 May 2022 13:51:51 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 usersync.html Show response
cdn.undertone.com/js/ Frame E217 9 KB
3 KB 83ms
12ms Document
text/html 2600:9000:214f:1600:1f:2473:9080:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.undertone.com/js/usersync.html
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:1600:1f:2473:9080:93a1 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8b61a4e318fc30d39680a44d64f13544e98f150b44b1a169483e792e7756f0c5

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1881
content-encoding: gzip
content-type: text/html
date: Sun, 22 May 2022 13:20:32 GMT
etag: W/"27c6103a1b7795bab6225625736c4862"
last-modified: Tue, 25 Jan 2022 14:10:45 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
x-amz-cf-id: wfJi8cyWDPDvKGeubxBMCU7pWZbxHRjSzIzwm5-ny66I1dhXn9LiQA==
x-amz-cf-pop: FRA53-C1
x-amz-replication-status: COMPLETED
x-amz-version-id: x7jgDK9Dtt0E1dfpKzaEwyQWhasJ32dk
x-cache: Hit from cloudfront

GET
H2 200 pd Show response
u.openx.net/w/1.0/ Frame ABAA 0
91 B 36ms
30ms Document
text/html 34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://u.openx.net/w/1.0/pd
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/18.1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Sun, 22 May 2022 13:51:52 GMT
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H2 200 v2 Show response
de.tynt.com/deb/ Frame C50D 75 B
347 B 379ms
106ms Document
text/html 67.202.105.31

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dVJisCpHar6P1VaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.31 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: max-age=86400
content-length: 75
content-type: text/html
date: Sun, 22 May 2022 13:51:52 GMT
expires: Mon, 23 May 2022 13:51:52 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

GET
H2 200 v2 Show response
de.tynt.com/deb/ Frame D696 75 B
347 B 377ms
105ms Document
text/html 67.202.105.31

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dIiXMspHar6P1VaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.31 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: max-age=86400
content-length: 75
content-type: text/html
date: Sun, 22 May 2022 13:51:51 GMT
expires: Mon, 23 May 2022 13:51:52 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

GET
H2 200 v2 Show response
de.tynt.com/deb/ Frame 4ECC 75 B
347 B 377ms
106ms Document
text/html 67.202.105.31

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dEJ4uepHar6P1VaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.31 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: max-age=86400
content-length: 75
content-type: text/html
date: Sun, 22 May 2022 13:51:51 GMT
expires: Mon, 23 May 2022 13:51:52 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame FE10
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=12776
https://eus.rubiconproject.com/usync.html?p=12776

281 B
554 B

13ms
12ms

Document
text/html

104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=12776
Requested by: Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://cdn.undertone.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Sun, 22 May 2022 13:51:52 GMT
ETag: "402b2-119-5d32342a551c0"
Last-Modified: Tue, 14 Dec 2021 23:07:59 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Sun, 22 May 2022 13:51:52 GMT
location: https://eus.rubiconproject.com/usync.html?p=12776
server: AkamaiGHost

GET
H/1.1 200
OK usermatch
ssum-sec.casalemedia.com/ Frame E217 0
0 73ms
29ms Image
text/html 23.35.236.247
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatch?s=197137&cb=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D57%26uid%3D
Requested by: Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.35.236.247 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-35-236-247.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.undertone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

GET
H/1.1

200
OK

sync
usr.undertone.com/userPixel/ Frame E217
Redirect Chain

https://ib.adnxs.com/getuidnb?https://usr.undertone.com/userPixel/sync?partner=appnexus&uid=$UID
https://usr.undertone.com/userPixel/sync?partner=appnexus&uid=3594743680017809518

0
154 B

665ms
102ms

Image
text/plain

52.201.208.245

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usr.undertone.com/userPixel/sync?partner=appnexus&uid=3594743680017809518
Requested by: Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol: HTTP/1.1
Server: 52.201.208.245 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.undertone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:53 GMT
x-envoy-upstream-service-time: 0
server: istio-envoy
Connection: keep-alive
Content-Length: 0

Redirect headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:52 GMT
X-Proxy-Origin: 193.27.14.40; 193.27.14.40; 534.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
AN-X-Request-Uuid: f3715d29-6006-42e5-8279-5b9f451befc3
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://usr.undertone.com/userPixel/sync?partner=appnexus&uid=3594743680017809518
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 cm
us-u.openx.net/w/1.0/ Frame E217 43 B
75 B 35ms
23ms Image
image/gif 35.244.159.8

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=fba3d144-1026-4d31-a758-943b9545e305&r=https://usr.undertone.com/userPixel/sync?partnerId=39&uid=
Requested by: Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 35.244.159.8 -, , ASN (),
Reverse DNS
Software: OXGW/18.1.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.undertone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:52 GMT
content-encoding: gzip
server: OXGW/18.1.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

sync
usr.undertone.com/userPixel/ Frame E217
Redirect Chain

https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true
https://pixel.advertising.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/58293/sync?&gdpr=&gdpr_consent=&redir=true&apid=UP55eda94e-d9d6-11ec-b6fc-0231421f89ac
https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-BtX1MhpE2uGIAOX_DafL6dp_snHcMuAE~A~UP55eda94e-d9d6-11ec-b6fc-0231421f89ac

0
154 B

604ms
107ms

Image
text/plain

52.201.208.245

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-BtX1MhpE2uGIAOX_DafL6dp_snHcMuAE~A~UP55eda94e-d9d6-11ec-b6fc-0231421f89ac
Requested by: Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol: HTTP/1.1
Server: 52.201.208.245 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.undertone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:52 GMT
x-envoy-upstream-service-time: 0
server: istio-envoy
Connection: keep-alive
Content-Length: 0

Redirect headers

location: https://usr.undertone.com/userPixel/sync?partner=verizon&uid=y-BtX1MhpE2uGIAOX_DafL6dp_snHcMuAE~A~UP55eda94e-d9d6-11ec-b6fc-0231421f89ac
date: Sun, 22 May 2022 13:51:52 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame E217 70 B
264 B 41ms
39ms Image
image/gif 15.197.193.217
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=sirnsvg&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a12b7a488abeaa9e4.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.undertone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:52 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame E217 0
239 B 13ms
11ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=12776
Requested by: Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.undertone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Content-Type: image/gif

GET
H/1.1

200
OK

sync
usr.undertone.com/userPixel/ Frame E217
Redirect Chain

https://cs.admanmedia.com/sync/undertone?url=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3Fpartner%3Dacuityads%26uid%3D%24UID
https://usr.undertone.com/userPixel/sync?partner=acuityads&uid=5d422c0bd0e5b72084e090be5575b4b4e11fbbd6

0
154 B

196ms
99ms

Image
text/plain

52.201.208.245

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usr.undertone.com/userPixel/sync?partner=acuityads&uid=5d422c0bd0e5b72084e090be5575b4b4e11fbbd6
Requested by: Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol: HTTP/1.1
Server: 52.201.208.245 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.undertone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:52 GMT
x-envoy-upstream-service-time: 0
server: istio-envoy
Connection: keep-alive
Content-Length: 0

Redirect headers

Location: https://usr.undertone.com/userPixel/sync?partner=acuityads&uid=5d422c0bd0e5b72084e090be5575b4b4e11fbbd6
Date: Sun, 22 May 2022 13:51:53 GMT
Transfer-Encoding: chunked
Server: nginx
Connection: keep-alive
X-Frame-Options: DENY
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload

GET

ImgSync
image8.pubmatic.com/AdServer/ Frame E217
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone...
https://image8.pubmatic.com/AdServer/ImgSync?p=160318&gdpr=&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D160318%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fusr.undertone...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=Qzg1NzA0QkItODAxMS00NUQzLUJDM0EtRTRDM0E2NDUzQkYx&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

0
0

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame E217 0
191 B 25ms
24ms Image
text/plain 66.155.71.149
COGECO-PEER1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=125&redir=https%3A%2F%2Fusr.undertone.com%2FuserPixel%2Fsync%3FpartnerId%3D55%26uid%3D%24UID/%257BuserId%257D
Requested by: Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software: AC1.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.undertone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 22 May 2022 13:51:52 GMT
cache-control: max-age=0,no-cache,no-store
server: AC1.1
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET
H/1.1

200
OK

sync
usr.undertone.com/userPixel/ Frame E217
Redirect Chain

https://ups.analytics.yahoo.com/ups/58545/occ
https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-2S2UFhxE2uG8uUl0koVKCrooY4z5J76pv1v6QUA-~A

0
316 B

659ms
103ms

Image
text/plain

52.201.208.245

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-2S2UFhxE2uG8uUl0koVKCrooY4z5J76pv1v6QUA-~A
Requested by: Host: cdn.undertone.com
URL: https://cdn.undertone.com/js/usersync.html
Protocol: HTTP/1.1
Server: 52.201.208.245 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cdn.undertone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date: Sun, 22 May 2022 13:51:53 GMT
x-envoy-upstream-service-time: 0
server: istio-envoy
Connection: keep-alive
Content-Length: 0

Redirect headers

location: https://usr.undertone.com/userPixel/sync?partnerId=56&uid=y-2S2UFhxE2uG8uUl0koVKCrooY4z5J76pv1v6QUA-~A
date: Sun, 22 May 2022 13:51:52 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame FE10 31 KB
10 KB 10ms
9ms Script
text/html 104.92.74.8
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-92-74-8.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: a1454ecc15be4ed4f80ea452ed9fb072fa1eac4e5561d47517a52eca69e2a5ce

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=12776
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date: Sun, 22 May 2022 13:51:52 GMT
Content-Encoding: gzip
Last-Modified: Thu, 19 May 2022 17:10:31 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=57870
Connection: keep-alive
Content-Type: text/html; charset=UTF-8
Content-Length: 9446
Expires: Mon, 23 May 2022 05:56:22 GMT

GET
H/1.1 204
No Content sync.php
pixel.rubiconproject.com/exchange/ Frame FE10 0
239 B 11ms
11ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/exchange/sync.php?p=12776&khaos=L3HCZ0DT-S-1XMX
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=12776
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 704c1e4d3fcc922a3031d436b584678b
Content-Type: image/gif

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame C9A8 43 B
301 B 90ms
90ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1032644&asId=8f6e22b8-949e-debd-9938-9aea3074e2d4&tv=%7Bc:dlPxDR,pingTime:5,time:5315,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:234%7D,%7Bpiv:-1,vs:n,r:,t:280%7D,%7Bpiv:0,vs:o,r:l,t:281%7D,%7Bpiv:100,vs:i,r:,t:314%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5001,o:314,n:1,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:233,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B59~0%5D,as:%5B59~728.90%5D%7D%7D,%7Bsl:n,t:280,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~1,0~0%5D,as:%5B1~728.90%5D%7D%7D,%7Bsl:o,t:281,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B33~0%5D,as:%5B34~728.90%5D%7D%7D,%7Bsl:i,t:314,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5001~100%5D,as:%5B5000~728.90%5D%7D%7D%5D,slEventCount:4,em:true,fr:false,e:,tt:rjss,dtt:105,fm:t6zs92g+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c.10933%7C1c1%7C1c21%7C1c3%7C1d*.1032644-63173256%7C1d1%7C1d21%7C1d3,idMap:1d*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:53 GMT
X-Server-Name: dt41.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame C9A8 43 B
301 B 101ms
101ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1032644&asId=8f6e22b8-949e-debd-9938-9aea3074e2d4&tv=%7Bc:dlPxDR,pingTime:5,time:5315,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:234%7D,%7Bpiv:-1,vs:n,r:,t:280%7D,%7Bpiv:0,vs:o,r:l,t:281%7D,%7Bpiv:100,vs:i,r:,t:314%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:5001,o:314,n:1,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:233,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B59~0%5D,as:%5B59~728.90%5D%7D%7D,%7Bsl:n,t:280,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1~1,0~0%5D,as:%5B1~728.90%5D%7D%7D,%7Bsl:o,t:281,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B33~0%5D,as:%5B34~728.90%5D%7D%7D,%7Bsl:i,t:314,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5001~100%5D,as:%5B5000~728.90%5D%7D%7D%5D,slEventCount:4,em:true,fr:false,e:,tt:rjss,dtt:105,fm:t6zs92g+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c.10933%7C1c1%7C1c21%7C1c3%7C1d*.1032644-63173256%7C1d1%7C1d21%7C1d3,idMap:1d*,rmeas:1,rend:1,renddet:XIFRAME.qs.lf%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:53 GMT
X-Server-Name: dt39.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 58FD 43 B
301 B 85ms
85ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?anId=10933&asId=1125e8e0-3285-53b9-9381-6f38e20b3f5e&tv=%7Bc:dlPxF3,pingTime:5,time:5191,type:p,clog:%5B%7Bpiv:-1,vs:n,r:,w:300,h:250,t:158%7D,%7Bpiv:0,vs:o,r:l,t:183%7D,%7Bpiv:99,vs:i,r:,t:191%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,gm:1,slTimes:%7Bi:5000,o:191,n:183,pp:0,pm:0%7D,slEvents:%5B%7Bsl:n,t:158,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:-1,obst:0,th:0,reas:,bkn:%7Bpiv:%5B32~1,0~0%5D,as:%5B32~300.250%5D%7D%7D,%7Bsl:o,t:183,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:0,obst:0,th:0,reas:l,bkn:%7Bpiv:%5B8~0%5D,as:%5B8~300.250%5D%7D%7D,%7Bsl:i,t:191,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:i,cc:NaN.NaN.300.250,piv:99,obst:0,th:0,reas:,bkn:%7Bpiv:%5B5001~75%5D,as:%5B5001~300.250%5D%7D%7D%5D,slEventCount:3,em:true,fr:false,e:,tt:jload,dtt:107,fm:t6zs92g+11%7C12%7C13%7C14%7C15%7C16%7C17%7C18%7C19%7C1a%7C1b%7C1c*.10933%7C1c1%7C1c2%7C1c3%7C1d.1032644-63173256%7C1d1%7C1d21%7C1d3%7C1d4,idMap:1c*,rmeas:1,rend:1,renddet:IMG.qs%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Pragma: no-cache
Date: Sun, 22 May 2022 13:51:54 GMT
X-Server-Name: dt43.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 v2 Show response
de.tynt.com/deb/ Frame 54CD 75 B
347 B 106ms
106ms Document
text/html 67.202.105.31

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dSbz9CpHar6P1VaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.31 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: max-age=86400
content-length: 75
content-type: text/html
date: Sun, 22 May 2022 13:51:53 GMT
expires: Mon, 23 May 2022 13:51:54 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

GET
H2 200 v2 Show response
de.tynt.com/deb/ Frame 07D1 75 B
347 B 106ms
105ms Document
text/html 67.202.105.31

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?m=xch&rt=html&id=dO6d4gpHar6P1VaKlId8sQ&gdpr_consent=undefined&us_privacy=undefined
Requested by: Host: global.proper.io
URL: https://global.proper.io/payloads/latest.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.31 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442

Request headers

Referer: https://gofobo.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: max-age=86400
content-length: 75
content-type: text/html
date: Sun, 22 May 2022 13:51:53 GMT
expires: Mon, 23 May 2022 13:51:54 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

GET PugMaster
image6.pubmatic.com/AdServer/ Frame BEEC 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: asset.pagefair.com
URL: https://asset.pagefair.com/measure.min.js

Domain: asset.pagefair.net
URL: https://asset.pagefair.net/ads.min.js

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Domain: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=7582537&p=109126&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=

Domain: image8.pubmatic.com
URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=

Domain: image6.pubmatic.com
URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=18158263&p=0&s=0&a=0&ptask=ALL&np=0&fp=0&rp=1&mpc=0&spug=1&coppa=0&gdpr=1&gdpr_consent=&us_privacy=

Verdicts & Comments Add Verdict or Comment

190 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

89 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
gofobo.com/sweepstakes	1970-01-20 03:13:47	Name: _liChk Value: 0.2605141022299222
.3lift.com/sync	1970-01-20 05:23:23	Name: sync Value: CgoIoQEQ97un4I4wCgoIgQIQ97un4I4wCgoIkQIQ97un4I4wCgoI5gEQ97un4I4wCgoIhwIQ97un4I4wCgkICRD3u6fgjjAKCQg6EPe7p-COMAoJCAsQ97un4I4wCgoIjAIQ97un4I4wCgkIXxD3u6fgjjA=
i.liadm.com/s	1970-01-20 03:56:59	Name: _li_ss Value: MgUIBhCsEjIFCAoQrBIyBQgLEKwSMgUIfhCsEjIGCIsBEKwSMgUIeRCsEjIGCIEBEKwSMgUIDBCsEjIJCP____8HEKwS
gofobo.ticktbox.com/	1970-01-20 03:23:52	Name: AWSALB Value: 40BKb0mJBGaq0cZ22qtI00R+lzVAobhrt0DBBnVwaFwAlEB7Fku7YRZrLNOVMUdGmvHJq2N/9PNLX2dRZK+kiwaRC5yCmerhoQzl+HVdZrC6g9VGNPGmirN31BF4
gofobo.ticktbox.com/	1970-01-20 03:23:52	Name: AWSALBCORS Value: 40BKb0mJBGaq0cZ22qtI00R+lzVAobhrt0DBBnVwaFwAlEB7Fku7YRZrLNOVMUdGmvHJq2N/9PNLX2dRZK+kiwaRC5yCmerhoQzl+HVdZrC6g9VGNPGmirN31BF4
gofobo.ticktbox.com/	1970-01-20 03:13:54	Name: ci_session Value: 9ujjiost1c0g6s18mt6m3ucq0dii6f8d
gofobo.com/	1970-01-20 03:13:54	Name: gfb_session Value: qli6m52a5q7s0ie4ktb9c86k1g783p1t
.gofobo.com/	1969-12-31 23:59:59	Name: _li_dcdm_c Value: .gofobo.com
.gofobo.com/	1970-01-20 20:44:59	Name: _lc2_fpi Value: 0304f7a82132--01g3p0khgs41fzj1x3kbsh1nvf
gofobo.com/	1970-01-20 03:23:52	Name: AWSALB Value: 9fcIMAHzJww8LRHLchApJfcnFpPz3FryCqzmET1Sfvi0KfEOUyixFMopTQsIpxcJ96TxcgrJC6tKxVfPnDESHGxndMTfd+EvJ4dv0B3CmLm4TJNgLD1ghAPzBe0a
gofobo.com/	1970-01-20 03:23:52	Name: AWSALBCORS Value: 9fcIMAHzJww8LRHLchApJfcnFpPz3FryCqzmET1Sfvi0KfEOUyixFMopTQsIpxcJ96TxcgrJC6tKxVfPnDESHGxndMTfd+EvJ4dv0B3CmLm4TJNgLD1ghAPzBe0a
.gofobo.com/	1970-01-20 05:23:23	Name: _fbp Value: fb.1.1653227505286.2064374363
.facebook.com/	1970-01-20 05:23:23	Name: fr Value: 0BbH7kh7LWPCcShs4..Biij_x...1.0.Biij_x.
www.clarity.ms/	1970-01-20 11:59:23	Name: CLID Value: 06f533a79bff41ad825bdf27e2c0a51e.20220522.20230522
gofobo.com/	1970-01-20 12:44:01	Name: __atuvc Value: 1%7C21
gofobo.com/	1970-01-20 03:13:49	Name: __atuvs Value: 628a3ff16ae885de000
.gofobo.com/	1970-01-20 11:59:23	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Sun+May+22+2022+13%3A51%3A45+GMT%2B0000+(GMT)&version=6.12.0&hosts=&landingPath=https%3A%2F%2Fgofobo.com%2Fsweepstakes%2FTikiTunesSpeaker&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
.gofobo.com/	1970-01-20 20:44:59	Name: _ga Value: GA1.2.576990179.1653227506
.gofobo.com/	1970-01-20 03:15:13	Name: _gid Value: GA1.2.1174943239.1653227506
.gofobo.com/	1970-01-20 03:13:47	Name: _gat Value: 1
.addthis.com/	1970-01-20 12:44:01	Name: uvc Value: 1%7C21
.liadm.com/	1970-01-20 20:44:59	Name: lidid Value: 360a4f29-d87a-4eb2-9ec2-8a0ed95b6ac5
.addthis.com/	1970-01-20 12:44:01	Name: loc Value: MDAwMDBFVURFQlkyMjk1MTkwMjAwNTAwMDBDSA==
.gofobo.com/	1970-01-20 11:59:23	Name: _clck Value: 1idlosu\|1\|f1o\|0
.gofobo.com/	1970-01-20 11:59:23	Name: _hjSessionUser_6292 Value: eyJpZCI6IjhhMDA3NmFkLWJiZmItNTY1NC1iOTRjLTlhMTNiOTQ0OGY0NCIsImNyZWF0ZWQiOjE2NTMyMjc1MDY0MDAsImV4aXN0aW5nIjpmYWxzZX0=
.gofobo.com/	1970-01-20 03:13:49	Name: _hjFirstSeen Value: 1
gofobo.com/	1970-01-20 03:13:47	Name: _hjIncludedInPageviewSample Value: 1
.gofobo.com/	1970-01-20 03:13:49	Name: _hjSession_6292 Value: eyJpZCI6ImY0ZjcwNGIwLTY4NDAtNDZhMC1hYjdjLTQzZWJlMTU0YmQ1YiIsImNyZWF0ZWQiOjE2NTMyMjc1MDY0MTIsImluU2FtcGxlIjp0cnVlfQ==
.gofobo.com/	1970-01-20 03:13:49	Name: _hjAbsoluteSessionInProgress Value: 0
.gofobo.com/	1970-01-20 03:15:13	Name: _clsk Value: bsyv7i\|1653227506514\|1\|1\|d.clarity.ms/collect
.quantserve.com/	1970-01-20 12:44:01	Name: mc Value: 628a3ff2-879cd-212e9-fa785
.gofobo.com/	1970-01-20 12:38:16	Name: __qca Value: P0-917301026-1653227506499
gofobo.com/	1970-01-20 03:13:51	Name: _lr_retry_request Value: true
gofobo.com/	1970-01-20 03:56:59	Name: _lr_env_src_ats Value: false
.yahoo.com/	1970-01-20 11:59:45	Name: A3 Value: d=AQABBPI_imICEPd7F3G4rajy6YyG2lCYxvAFEgEBAQGRi2KUYgAAAAAA_eMAAA&S=AQAAAolSVrSoafgcac4IDAKf1Ho
.lijit.com/	1970-01-20 11:59:23	Name: ljtrtb Value: eJyrrgUAAXUA%2BQ%3D%3D
.analytics.yahoo.com/	1970-01-20 11:59:23	Name: IDSYNC Value: 190z~2511
.bidswitch.net/	1970-01-20 11:59:23	Name: c Value: 1653227506
.bidswitch.net/	1970-01-20 11:59:23	Name: tuuid_lu Value: 1653227506
.go.sonobi.com/	1969-12-31 23:59:59	Name: HAPLB5A Value: s56132\|Yoo/9
.bidswitch.net/	1970-01-20 11:59:23	Name: tuuid Value: 97aee1f4-a063-444e-9e03-f92c3ce36ae4
.adnxs.com/	1970-01-20 05:23:23	Name: icu Value: ChgI0-x9EAoYASABKAEw8v-olAY4AUABSAEQ8v-olAYYAA..
.adnxs.com/	1970-01-20 05:23:23	Name: uuid2 Value: 3594743680017809518
.demdex.net/	1970-01-20 07:32:59	Name: demdex Value: 75795502720138132730861060950017137617
.dpm.demdex.net/	1970-01-20 07:32:59	Name: dpm Value: 75795502720138132730861060950017137617
gofobo.com/	1970-01-20 03:15:13	Name: _lr_geo_location Value: DE
.rubiconproject.com/	1970-01-20 11:59:23	Name: khaos Value: L3HCZ0DT-S-1XMX
.rubiconproject.com/	1970-01-20 11:59:23	Name: audit Value: 1\|naVuGyos1qoPAAQHfN5mXf+oE/PhLWQEKtLvkckcz9tQW03tTNtB7+FqJr2NIV2kgQdUaRRQhozggJ3pD4CYm1sFGYbuWwM83OlDu/ORdD8=
.addthis.com/	1970-01-20 12:44:01	Name: na_id Value: 2022052213514700011332554396
.addthis.com/	1970-01-20 12:44:01	Name: na_tc Value: Y
.addthis.com/	1970-01-20 12:44:01	Name: uid Value: 628a3ff389706d72
.addthis.com/	1970-01-20 12:44:01	Name: ouid Value: 628a3ff3000104a936daaa011a7e4e472b48de97dc7ac7077dac
.proper.io/	1970-01-20 04:40:11	Name: verizon_media Value: y-uylWTAhE2uFO0bmFhnYldmsNvFf4PITU~A
.proper.io/	1970-01-20 04:40:11	Name: mediagrid Value: 2bf88976-163f-4cb8-ade4-2939d9634265
pool.admedo.com/	1970-01-20 11:59:23	Name: tuuid Value: 733f6966-bccc-4948-973e-895666979e8e
pool.admedo.com/	1970-01-20 11:59:23	Name: c Value: 1653227507
pool.admedo.com/	1970-01-20 11:59:23	Name: tuuid_lu Value: 1653227507
.dlx.addthis.com/	1970-01-20 03:56:59	Name: na_sc_x Value: 1
.mathtag.com/	1970-01-20 12:39:42	Name: uuid Value: 142b628a-3ff3-4700-a19a-c55798d2844f
.proper.io/	1970-01-20 04:40:11	Name: __cf_bm Value: cJB3a4AqyMlFOmoDuEjCXQ1klM5C2IqT9NEEaJLxVZ8-1653227506-0-ASbC9Nmg52ja10%2BxWF5csMa%2BOMplvpf2L%2FBledCV3tU%2B4m17OUzx4HYh44qrJX6BueEWLL3qhhswzJvr5VohR7RyCW5%2FMjlrbz%2BJIpePV1Vk
.gofobo.com/	1970-01-20 12:35:23	Name: __gads Value: ID=e4fbbddfa77682c4-22f4e5529acd004e:T=1653227507:S=ALNI_MZXJXJ4QCQ9ggLxJM2G32KDzXMJbA
.c.bing.com/	1970-01-20 12:35:23	Name: SRM_B Value: 3FB49F759FD86F7204758ED99E0A6E9E
.gofobo.com/	1970-01-20 03:13:49	Name: properSessionData Value: eyJ1dWlkIjoiNWI4NzFmN2MtMTNmMC00MThiLWJiNGQtYTkwODNkNmE0MDg4IiwiZGVwdGgiOjEsInJlZmVycmVyIjoiIiwiZ2NsaWQiOiIiLCJmYmNsaWQiOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV90ZXJtIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJ1dG1fdGVtcGxhdGUiOiIiLCJ1dG1fcmVmZXJyZXIiOiIiLCJ1dG1fYWRzZXQiOiIiLCJ1dG1fc3ViaWQiOiIiLCJyZXZlbnVlIjowLjAwMDM4LCJiaWRfYXZnIjp7fSwibm9fYmlkX2NudCI6eyJhOSI6MSwiaW5kZXgiOjEsIm9wZW54IjoxLCJzb3ZybiI6MSwic29ub2JpIjoxLCJydWJpY29uIjoxLCJwdWJtYXRpYyI6MSwicmh5dGhtb25lIjoxLCJ1bmRlcnRvbmUiOjEsImNvbnZlcnNhbnQiOjEsInRyaXBsZWxpZnQiOjEsImp1c3RwcmVtaXVtIjoxLCJkaXN0cmljdG1kbXgiOjEsIml4X291dHN0cmVhbSI6MSwic2hhcmV0aHJvdWdoIjoxLCJlbXhfb3V0c3RyZWFtIjoxLCJ0aGlydHl0aHJlZWFjcm9zcyI6MSwicHVibWF0aWNfb3V0c3RyZWFtIjoxLCJyaHl0aG1vbmVfb3V0c3RyZWFtIjoxLCJhbWF6b25fdGFtX291dHN0cmVhbSI6MSwiYmVhY2hmcm9udF9vdXRzdHJlYW0iOjF9LCJhdWN0aW9uX2NvdW50IjoxLCJsYXN0X3RocmVzaG9sZCI6MH0=
.doubleclick.net/	1970-01-20 12:35:23	Name: IDE Value: AHWqTUmPLRZxzoCkrXFLDqbz2h43bwxAoUhpTiQF-abhrQ2237XMFW_uEtblvzibtEQ
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 12:35:23	Name: MUID Value: 3FB49F759FD86F7204758ED99E0A6E9E
.c.clarity.ms/	1970-01-20 03:13:48	Name: ANONCHK Value: 0
.adnxs.com/	1970-01-20 05:23:23	Name: anj Value: dTM7k!M41.D>6NRF']wIg2In3x5Bc<!]tbPl1M>e)ZlrFUfJ+tGXxo3Kj4]hZO8$(FsYm-VZB[NKiuS@b#o`72$OSF3If)y3KL9D3I?-#*+RND
.casalemedia.com/	1970-01-20 05:23:23	Name: CMPS Value: 3234
.casalemedia.com/	1970-01-20 03:15:13	Name: CMST Value: Yoo-9GKKP-QA
.doubleclick.net/	1970-01-20 03:13:51	Name: DSID Value: NO_DATA
.casalemedia.com/	1970-01-20 05:23:23	Name: CMPRO Value: 1148
.casalemedia.com/	1970-01-20 11:59:23	Name: CMRUM3 Value: 2d628a3ff42760CAESEBQIGNW0nNOGpWR2_mQehmU
.casalemedia.com/	1970-01-20 11:59:23	Name: CMID Value: Yoo-9K1pPPqsc-q3QJLcuAAA
.3lift.com/	1970-01-20 05:23:23	Name: tluid Value: 818089673594472978643
.gumgum.com/	1970-01-20 11:59:23	Name: vst Value: e_9c3e9fa1-2131-4bf0-88e7-23fe87d05243
.creativecdn.com/	1970-01-20 11:59:23	Name: u Value: LuLlp32uRyL2uMnzgadM
.creativecdn.com/	1970-01-20 11:59:23	Name: ts Value: 1653227511
.everesttech.net/	1970-01-20 11:59:23	Name: everest_g_v2 Value: g_surferid~Yoo-9wADNIuxHQAj
.ads.pubmatic.com/	1970-01-20 03:15:13	Name: KCCH Value: YES
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.technoratimedia.com/	1970-01-21 23:01:47	Name: tads_uid Value: GDPR
.linkedin.com/	1970-01-20 20:45:41	Name: bcookie Value: "v=2&04a7c7a2-70fc-42a7-80f3-32d77c152460"
.linkedin.com/	1970-01-20 20:36:33	Name: li_gc Value: MTswOzE2NTMyMjc1MTE7MjswMjGBvfeSvrj62GG0l+6GL6pn5SrkO8oeZYUlBE9gMRiVCQ==
.linkedin.com/	1970-01-20 03:15:13	Name: lidc Value: "b=VGST06:s=V:r=V:a=V:p=V:g=2386:u=1:x=1:i=1653227511:t=1653313911:v=2:sig=AQFCG9yJIev_-SuV2CiUBj1i1e2YkrpK"
.outbrain.com/	1970-01-20 05:23:23	Name: obuid Value: efb7884f-dc1a-41f6-88f0-e628763c78ea
.ipredictive.com/	1970-01-20 11:59:23	Name: cu Value: 5541ff71-d9d6-11ec-8a25-c312b08c9a12\|1653227511826
.amazon-adsystem.com/	1970-01-22 00:00:49	Name: ad-privacy Value: 0
.amazon-adsystem.com/	1970-01-20 08:36:21	Name: ad-id Value: A7kyEp7VwEb5n_-HvwQYH4Q

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Feature-Policy header: Unrecognized feature: 'vibrate'.
network	error	URL: https://asset.pagefair.com/measure.min.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://asset.pagefair.net/ads.min.js Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://api.rlcdn.com/api/identity/envelope?pid=72 Message: Failed to load resource: the server responded with a status of 451 ()
other	warning	URL: https://cdn.ampproject.org/rtv/012204292129000/v0/amp-ad-exit-0.1.mjs(Line 1) Message: Unrecognized feature: 'attribution-reporting'.
network	error	URL: https://ib.adnxs.com/prebid/setuid?bidder=triplelift_native&gdpr=1&gdpr_consent=&uid=818089673594472978643 Message: Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network	error	URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=127&gdpr=[EXCHANGE_GDPR_MACRO]&gdpr_consent=[EXCHANGE_CONSENT_MACRO]&redir=https%3A%2F%2Fsync.outbrain.com%2Fcookie-sync%3Fp%3Dcentro%26uid%3D%7BuserId%7D%26obUid%3DEytniiv5lnfDux7qDLoPVG2LABLhbn3Lue0nhNaSR37-AVqo_pnJ43GVZRWci48p&gdpr=$GDPR_APPLIES&gdpr_consent=$CONSNT_STRING Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6f42ce4bbdd090023445cb7e5f46da6b.safeframe.googlesyndication.com
aax-eu.amazon-adsystem.com
abcheck.proper.io
acdn.adnxs.com
ad.doubleclick.net
ads.pubmatic.com
ads.yahoo.com
adservice.google.com
adservice.google.de
ap.lijit.com
apex.go.sonobi.com
api.rlcdn.com
asset.pagefair.com
asset.pagefair.net
ats.rlcdn.com
b-code.liadm.com
b1sync.zemanta.com
bids.proper.io
btlr.sharethrough.com
c.amazon-adsystem.com
c.bing.com
c.clarity.ms
cdn.ampproject.org
cdn.cookielaw.org
cdn.id5-sync.com
cdn.undertone.com
ce.lijit.com
cm.g.doubleclick.net
connect.facebook.net
creativecdn.com
cs.admanmedia.com
cs.emxdgt.com
d.clarity.ms
d2u384mreupnc8.cloudfront.net
de.tynt.com
dk2d6nav3mn9d.cloudfront.net
dpm.demdex.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
eb.proper.io
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fw.adsafeprotected.com
geo.privacymanager.io
geolocation.onetrust.com
global.proper.io
gofobo.com
gofobo.ticktbox.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hb.undertone.com
hbopenbid.pubmatic.com
htlb.casalemedia.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
id5-sync.com
image6.pubmatic.com
image8.pubmatic.com
in.hotjar.com
m.addthis.com
match.adsrvr.org
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.adsafeprotected.com
pixel.advertising.com
pixel.quantserve.com
pixel.rubiconproject.com
platform.twitter.com
player.propervideo.io
pool.admedo.com
pr-bh.ybp.yahoo.com
pre.ads.justpremium.com
propermedia-d.openx.net
px.ads.linkedin.com
rp.liadm.com
rp4.liadm.com
rtb.gumgum.com
rules.quantcount.com
s.amazon-adsystem.com
s0.2mdn.net
s7.addthis.com
script.4dex.io
script.hotjar.com
secure-assets.rubiconproject.com
secure.adnxs.com
secure.cdn.fastclick.net
secure.quantserve.com
securepubads.g.doubleclick.net
sli.gofobo.com
ssc.33across.com
ssum-sec.casalemedia.com
static.adsafeprotected.com
static.hotjar.com
stats.g.doubleclick.net
sync-tm.everesttech.net
sync.ipredictive.com
sync.mathtag.com
sync.outbrain.com
sync.srv.stackadapt.com
sync.technoratimedia.com
syndication.twitter.com
tag.1rx.io
tg.socdm.com
tlx.3lift.com
token.rubiconproject.com
tpc.googlesyndication.com
trc.taboola.com
u.openx.net
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
usr.undertone.com
usync.proper.io
v1.addthisedge.com
vars.hotjar.com
web.hb.ad.cpe.dotomi.com
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
x.bidswitch.net
x.dlx.addthis.com
z.moatads.com
asset.pagefair.com
asset.pagefair.net
image6.pubmatic.com
image8.pubmatic.com
s7.addthis.com
103.229.205.243
104.244.36.20
104.244.42.200
104.83.151.205
104.92.100.195
104.92.72.137
104.92.74.8
108.138.3.177
108.156.253.172
108.157.4.107
124.146.215.49
141.95.98.69
142.250.184.194
142.250.184.230
142.250.185.194
142.250.186.98
143.204.215.118
15.197.193.217
151.101.65.108
151.101.66.49
178.162.133.150
18.157.66.51
18.185.167.12
18.194.10.133
18.194.159.8
18.195.155.181
185.184.8.90
193.122.130.38
2.18.232.170
204.237.133.116
213.19.147.43
23.35.236.201
23.35.236.247
23.35.237.151
23.75.240.210
2600:1f18:444a:4680:8e84:2ba7:9e48:8cf5
2600:1f18:730:b150:1cf:88dc:54d8:eec2
2600:9000:2057:f600:8:8845:1500:93a1
2600:9000:206f:7a00:6:44e3:f8c0:93a1
2600:9000:214f:1600:1f:2473:9080:93a1
2600:9000:224a:4400:8:48e:53c0:93a1
2602:803:c003:200::51
2606:2800:234:59:254c:406:2366:268c
2606:4700:10::6814:b944
2606:4700:20::681a:9a9
2606:4700::6810:9540
2606:4700::6811:4f22
2606:4700::6812:9fea
2620:116:800d:21:ee05:6a01:4b41:8c89
2620:1ec:21::14
2620:1ec:27::cafe:1834
2620:1ec:c11::200
2a00:1288:80:807::1
2a00:1450:4001:80f::2001
2a00:1450:4001:810::2002
2a00:1450:4001:811::200e
2a00:1450:4001:812::2004
2a00:1450:4001:827::2002
2a00:1450:4001:827::2006
2a00:1450:4001:828::2001
2a00:1450:4001:828::2002
2a00:1450:4001:829::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:82b::2002
2a00:1450:400c:c0c::9b
2a00:1450:4014:80f::2002
2a02:fa8:8806:16::1460
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42:600::300
2a05:d018:d29:3605:c111:9aee:7bd3:6707
3.126.56.137
34.120.133.55
34.149.20.76
34.231.179.226
34.247.233.198
34.98.64.218
35.210.53.219
35.244.159.8
37.252.172.249
37.252.172.37
40.76.174.66
44.238.182.236
46.105.202.126
50.31.142.191
52.142.114.2
52.201.208.245
52.29.205.29
52.34.129.38
52.46.130.91
52.49.46.73
52.51.78.176
52.6.156.194
52.88.218.108
52.94.223.37
54.163.96.140
54.171.192.139
54.186.212.217
54.227.164.149
54.247.26.77
64.202.112.95
65.9.58.30
65.9.63.3
65.9.63.43
66.155.71.149
67.202.105.31
69.173.144.139
69.173.144.165
72.251.249.9
76.223.111.18
88.214.206.247
95.101.20.27
99.86.4.101
99.86.4.28
00072ba470f277297fccbaec52a2c8a09688a4ce9fbb27cdbb0dc91adabd7140
000d42df44ebb3ddcbe2874e16443dbe3a34045f858a6accd5065cddd9b0ad4e
03aa6fcac2902227e1b66a01b87824692f708bbf9bfe441784f8ed22d677f6de
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0535c3bb3a17e4ac0fb7d29214d2181275662129dc2bdd2a89c35934e9fc5ba5
0694b02d0bd9f608e70bd4ed91b10270be25aecc3b151f1980d1d33fbf0c45b3
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0abcc9427a6673f19254270c4c92fa1c8179e79e54d8961434537bcee780f07b
0b59f620b3da4092eb09b39d49ae69e64a44b1eea3c8b12d84809e604b60062f
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c44994f34ca3902d3f9f3ea4e1736e4ed54fa9fe1d4578e8cee11078e50488d
0d9762a1a60deef8aa093c473ad27c38eed77184d6940e7df06d89d77cbd3e94
0e5ba908058634c4da73eec02f7a0ad1f8a56e7ee63cd22ab3b614ae90406bf4
0f4ff7b7fe2f052b73262818ffe648cff52765e383ffef69e7d96a0fcbd31a3e
0fbf945eae1c5869be401c6db68da93f5a47f2c1ff6072151ebb4b2dea6d4f62
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
134c27cc8df6d4030546f251bd64b16794a5bb7c09b46fe7103dfe628781b26c
14f7de6b616950395062902eb8f70f01c0a901223db5d40f2a05728ac4a830f6
151ca0dbdad0610cbb5b206a106dd32b5a5915325c96ec690652e0e47abf8465
18c62a36baa8ec966d109d8b6d9e5cb9a7db2834414bc5af422b81018c00c263
1909b2a83fd41494d94862c4323944d9d0aa1f1e653f252ea5a73fc5944308b0
1a891fc0d213b1a1ceb5a8f13c61dd9b274e163bd172758318648fad77c9a422
1be78b79774b196d2500f7bd3bb3ca7269ec444158f0e545d4d313bcf40e1310
1caa750f250ae445b6d2cc1d192f90af227396568e77ffa7141b5f3568b5a5d4
1d97729299024aa64b03739e244f254966f9b546045de88bd835701a473045d8
1dffe5ee35df74c6087ac961491d5b62df69c261d98b6658734674131627faf0
1ed70d02696722505ec82915a7dd9fbf2c512366d009b74bdbe37c9869c250a4
1f93be29278e2de77e955f9820b1a73c7eca832641082c674afb6f02f7c7375d
20ae0566226be2984d2808c93996c092a6ee3c5293e2a1acf978fb775ba32107
223e634e5f67fa641d509622341690a6e0a5114162df625c4d4b6159b421856d
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
25c142f7703a2c89cc00bbac6ce2eaf031c568d2a56e4ace61a5399ee56d792a
265acaa7671ecc0fb94f926ffe9d1b4661006e4924eea3234f1dc72a44ce58d1
27e33e146294acf3937549d44385b341ea8b18553cac74088b1b30df78c51657
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
291d15de469b22384160ddfd74f6856469d6b374440a93234d534c9d6b1a37d0
2b37b00f9400fedda05e3feb73c40b2a19af5fbd2d2d327c39e9476cff3dd9c8
2d199b9d8dc7886837cbfd12c9e8ddae7e28f5c375d564b31bf732a320921435
2d7f3b9adb8df2d51539f2f90a001c09afb1d99db29fe9d9b8f23c251005b9ec
2e95bcc1d51302added6bad654c12c789b25780c0d03b1e7e54aac653a66a55b
3375618b98aa48615cda5c608ce679df756f563f94cc377802abd9a39ee9ac5d
346cb5466b79671a2aac23d174850962275dc097fb226dcf8c89e30c792af3ba
35d962f44b1208c783395315f2793914f30a7df4aed795e62885e30675532830
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
36ac80a2a51a5f030f93b08bbd4601e3944accb8152db9d175fd2aeb394b1ae7
36c0ec05d79bd9d3164effc3eca0f1962cd6f82bb1f41cb212e080910be24153
37903f84c792990367ace287d5eb65e68d8e92fa080e26b91032d064f51bd671
3b97df7576d1f0401feb5b7011240f01f359adca61caeb10c3972a89aa5d3583
3bd4eb2ece0fe98f279a14bb2b61ecbbcd501a598b50f1f8b211f76ecd420996
3cbef17f675d6d6830405547c90d636e50e8646b8bbc5437225e66afbf04a354
3e8e76a70b5ec0a97f60491364274ab39aebd8f949b6a310a174633b015d4738
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
403812ccdc5753cc504a465ca23250ded14603fac90ee474733a85db62ce7103
417f25d95312044ac3baf5172d878a2bd5c923056ff87821f65d074e305e8f4f
420f171b3b10a2ac410b6571d93500df0f8cce0c0cc33f94ac567fa038924247
42bd99c9d9c85bebd6419be0bc7cab4bbdd98f3743d9c0bf7e3e62cd627cb581
4349f665a853d8970813d466168d4d2ebba277d4ba4cc57b1a2ebbcb4b49cc0e
47792698e91f1b7e4227480189d3fc515cab29b4183ca2d4b9c48125c1edf5b1
478a01bfa3c2eb215f345963e7e4a89343d2fb5eb5726e248495ea6606c72801
48a086094524c66c8c9246eba9e22ce3353f9092009a7cd3aa501527f03f0dcb
48d611c460406f0653185a1447f5bf797eec3afa7c080b74205f4a8ea2729f3c
4b05d7f4339a505c65d2fcb1b21addd2a13a0c155ddf7ca766d1e7203b2b6cae
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b9774a0ddc7f90f7f506530f9d058b02ea277a0d99fd1dec942b75d59f65d59
4d460e6c9b0d0b49df6a39d58934883108101e83d1e7375c901232ca0e0a10ad
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ea3d321090cb97cb30e2660c64aa24c5d197a3a27deccbc1ed797e2dd0e778c
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5475ef880793a875564088fea38154cee107eede5a2af036f3774a3dec5e48e6
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56b4524563fead04c205538321b377bf2b8591947fd49955458eca31d90de036
58a07739b05fec4d319e4d5c6b1fa4ac79e2a625e08ab3f303929b77fde5bdf4
5c19a958735b85cda3c841c910a0e45ff2f188c8d532de5dfb21860d2e8eb70a
5ee14badfe8b2093f05b63769fa0db97cde0cdfe069a465a911cb627cde29713
6121ca306ad1045453d52517b8f436eb5a68055c82aefa46a9a77de36996a3df
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
66c9fd744a3db46f3dce06826004b9f756b9ba03a5b9cdc21d86427e7a688386
67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9
689186408fd8ece557b754a36950896a6aff7b8345097af77ccaf7da69316771
696dfecb8d4cdb60bfc82dd7348c626bf1ea8826016e3c8f2bd43d65d87099eb
6ac8b08159f3059b7cba26d8464c8d1aa96f184480a395253925bdf2f7503a08
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f4376f7e583187bc89f9cb58da2ca679361f7676f232d55662ebb3d4585ca87
702cbacedb71cc454f6a0c632fd80c717e97b760dbda6fe612422b147e0b042f
7208350a17ed4fa8b0c871601473aab5114d61744498821845793303e2c1db5e
739d20d4cfd43a616f0e4164d5c42f0deb2f75b73386bcaf870a4fd6b2939098
742106aba0be6db1086baa20c675ca18298baf0eecf4f0ad7a99111be6796446
762119b95d3a79dde286105237e1dcf285092e786aa0c966e7a277fa87ac3b60
76ab9639d9948ade3d2b0c06432f41689c328173322c8eb3da3c60447126831e
77516e87f9273512485c9e6daaf80dd6696b98a3583e83e79e68fd52220c82d4
78579e9354b641dcc6b632a9df96b2d1385b0720f04b97be41fa07816f44d051
7ae714b63c2c8b940bdd211a0cc678f01168a34eea8aa13c0df25364f29238a7
7b6bfa13f0778c40bb2a00af9819bea2f07afcb4d071e7e4f436196953a5db4d
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
803a0ef0354a28ed76c5fedf15bbc32b76628997f6447435913183edb4ad61c8
8066520d4f9a10b94ecaab59ccd265803acf8a1c1d1de3769ab889e95a77dd4f
82664a18c949f3d66ba8a6251c55dd1cb28e25620bdf43dcf4611ab4842a10ab
83073195ba0d039784adb30802fb44acf6c7a76995010889bdb809549921cf2a
83b9d45b0adf0225242deb2c285b3050db90d3c6332bc657b955d43c7458c27f
8438fcae135714383f2e8b95e9a173d7dae352e433c16c07ab158e6c88c489d0
8730c26defc411dd8a51f1da47e5ae3804fab6868f7914a26b09d8e0791bbe39
8838c15a093042dda8446ae18d93db16218d1c8810dae5cfa21e0e889dc0ec68
88d51c99298c6ade08c4e754c7c92d0ccb5af58e71232f79f018dfa4763aca16
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8b32bc539ca95dda2d2206a43234b5f3b0fe964bd25966c860bc80ec7f06d702
8b61a4e318fc30d39680a44d64f13544e98f150b44b1a169483e792e7756f0c5
8b81c37ea52ba669c30cf9e3ed3c86696b86267d6d0171b6f7afd3407b8aefcf
8c2812ded6436715279f8fd8db58de307aa39ab0296fe3cf0e879067c51e9b18
8c8207e762acd72dd9114ca3e6de823f69ede6c9c5db711dceadefabaf05284c
8d6580af877387b05d9ffac3ebeacfe25a7728c77adef6d9b32fd72ccbe21468
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9436816d54666c2f33eb0c6d3d556f10dd70ed6721906a82c6adbf6100a008bc
9476350068dbd8b61373906f6d9dba49ed31ed5d64d6ee2d48da082c44a447dc
94bd1524ea4229e5af13df4383fcc1e8d0cc488ef3c8b74a323477dd784d494e
95a7324e1d08d27d92485048d4d9345607b8d60f95ee69f0ba19e76709a00e1f
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9ad951a46493b7d422aed00ea837dfff94508fe1a39120ba56f23a99f3c4c8b1
9f2e24b95c962fffb41eede228d0c5c7681cf9bc3dd3ece2440412ec4246d84e
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a05fdfb3e658a59c3b08dc4d5787cf76826988866a1be0bac3710c7753640d1f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1454ecc15be4ed4f80ea452ed9fb072fa1eac4e5561d47517a52eca69e2a5ce
a1467c6ed682df808cf830c429ebaec42c32c2033369aa48446fb9e7f592769d
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1cc90fa89bf02f2c7c95cac8c34903963b8d3a1eea79c626a6f6ebcbbd71ac6
a4350fed8ed92bbf4f462fc245028928ac33afa25d2231b28c334b91cd0d3952
a43eb929a5f667e26f866e75458c0639b56c9da1bc2f47b354d2319e2d712ada
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4d3f3141136ee811a467f7bb924c27de137703dd7deb3a2264ee1cb1b457e6e
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a9247ce2bd50f80397e8e5ff3538bae254d226d3f9d23b15f16bac61580c187e
abf440a9ab6162de645583f9c615018ecb6ac8da7d52ea90e5b6c218e9ea32e4
acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
aee8ab892144e88f83a00a907676bd1e0e9a83e8a0879518ca3a77f897c8128d
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b225a72c3c0f0ce054225cf8748508f69d7315568bb5aacb38491e006a4372d5
b34ec433b2d145ca6a4d5389228c7f97b82fef035a67e2b2aed708e2f5ac644b
b55131eaef425cb84b957a28df5881c3c83eb11ca9c01e3abccb00baf0e377b6
b7cb70e1076d694f4f8b86a9d00b2c8736899425c41925f051162872fc85bec4
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc28e4eb995de916167a758d7360f11ed01233d0a416ae13452d89f2c4ec4d85
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c267fca06e8a22f41acd399747eca63c6837786194451d20705de6de74505561
c3b9251f1745ced8936ee0998aa96dac16382f6f995d3ad065810fd9341f303d
c543985155ec9d4a38342a017e372037db393e26e3c16a291f9eee793f6b93a0
c56fbe49e6749159e3b44c820db36f9cbca3b981d5530222991dc850e732cc9f
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
c7cba051adb45bda78591c9b2f415a1009c62ca0301df36f7d92291bf5d423b4
c7e2f7e6132fd1fcffd09eea9041f2bbd74feea33743c80b4fcaa27415b88eea
ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb22515a5cf4192297522d69f3586a00ba61de349a03505fb0ca1ef0588f9800
d026f795af88e73363aef2c32110e5d44559ac32bfbe8b0857c0ba7d78c86ca7
d105b0a793af6426ddf8c1ef8b26ae81d889617ef5f248a72e06b8c71d91e1c5
d24e83fb832a53db6e3b4e6452db348b9428436a36a3be2cff207cfb31d0c231
d342be7b065b36dd1e6856bcf5a432b5d2c277d27555391ddefbf1df3edb0fc4
d502121116ea9588bd7edfb519575a09ded0e6daaf30427d6093e03d6dc777ea
d60a69b01468f844cd87a518f2543118de363ac38becfb8aabbd1f2805e38c35
d94ea4785abfbc6245f7d3de2280d8200c6b7908352e21f177bc699142533b0d
d9cbcfeb9b6e64526967c4cd689a6bf25404c437fecff623856da96d292e8e65
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dbbb8ba91ff52c96903588c8381f6da323def88e4a261d3a01df91d3e526a0bf
ddd20fbc250587ac6f1671023aaf2180594d9dcd520add2c6b212044b4a2af12
de6cfe3eb2409433a900a0715241233fc46d4af0b64c9e5d9ab4c67179089228
de8fa1541a9f715d875c14c31415f7729959d0cec5db96c318c7de293d15a905
de9f5355efc771cc84f9ce8895d40e5cfb094659b5c9fc43fd06779ea1023a9c
e170d20dbbd5a22f50118e25fa2eefb1e85d2ad780e5477ed3a9643186090442
e179f1a58f6627329c2bc698715570d56d01ce7370fc31498d4ed7150f8e539a
e257df7266563e157bb7df93fd09c6d13afb1c9554468b21c7378e09a94d3250
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e5471e6216c3677a79cbf10721752fdfff5340e0c29d0b86d436821301edeedd
e800376de9f3795eec1d38ceba28601bb912bcaec763332d63dc8649d4d055f4
e8f0d8a946862bbdb97869257e9f137676947212ce31f6759fdaf6a040bf9d0d
e8fe64429e5900c16c7f8dd7861704e2f4d38e00cbb16bc18820b46d92461389
e92c705f444d62f823dc852694d8faabc0afc96f642a90ff7e0c775d29689e8e
e9caa3698b58479a78692e6303c5353d891066dc64fd2f4a34e14b2882fdb69b
eb7922e29fd9bbbb9e385c952731a93f50b0ba8d472cd16e65f66d18cf08ba4f
ec24ec80719b83e32448bd568739a6b7c36f96cc746c3003a9d32a1ef4535152
ecb440662506ec6360cb84121d2f558e170bb8a9c9127d32abe17a99951dec0c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1fb4f218ac0e46a9745ee9172ebb4459308a9a4ee0902cef26fa7eb5e3e2b43
f6f5ede273d677c69174d1d6e159831ba6095aab8d3137c397130c20c5daf326
f9483ee652e489e62b1bc6e40ddeecc466ae021012d2e48ff867d01b79fab2ea
f9c5605f6a8f8baa769584296c47e53557e9ac757cabeb4fd3d7ff9be22703f1
fc7b4ad9f0979e831579f97aadf8d6d986176c4368367aaf6012dc2c05b585f2
fd9308db31181fde13aca740757dcb439baf71d731011a87da483a28faae444f
fe3403dc22da937cd7a4b6fbbb8391ec1f507e5f83f12c60237e7b08f3139b68
fe3dea17b401a40973129b87e70fe0d9a58d326e614c0ea2b3fbf04d4d89296c
fe8ca232f5c57f634b10b341de746de8c25ce6c7979b6c0bf9dff4ccd43da4bc

gofobo.com Open in urlscan Pro 52.34.129.38 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

323 Requests

86 %HTTPS

32 %IPv6

73 Domains

127 Subdomains

96 IPs

10 Countries

3475 kBTransfer

9042 kBSize

89 Cookies

6 Outgoing links

Page URL History

Redirected requests

323 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

gofobo.com Open in urlscan Pro
52.34.129.38 Public Scan

Screenshot
Live screenshot

Full Image

323
Requests

86 %
HTTPS

32 %
IPv6

73
Domains

127
Subdomains

96
IPs

10
Countries

3475 kB
Transfer

9042 kB
Size

89
Cookies

323 HTTP transactions
4 data transactions