49.13.84.163.sslip.io Open in urlscan Pro
49.13.84.163 Public Scan

URL: https://www.wnd.com/help-wnd/
Title: HOW TO HELP WND

URL: https://superstore.wnd.com/whistleblower/
Title: TRUTHFUL. INDEPENDENT. FEARLESS. SUBSCRIBE NOW.

URL: https://www.wnd.com/join/?adm_source=header-m
Title: READ WND AD FREE!

URL: https://www.wnd.com/category/front-page/politics/
Title: Politics

URL: https://www.wnd.com/category/front-page/us/
Title: U.S.

URL: https://www.wnd.com/category/front-page/world/
Title: World

URL: https://www.wnd.com/category/front-page/faith/
Title: Faith

URL: https://www.wnd.com/category/front-page/health/
Title: Health

URL: https://www.wnd.com/category/diversions/
Title: Diversions

URL: https://www.wnd.com/category/front-page/education/
Title: Education

URL: https://www.wnd.com/category/opinion/commentary/
Title: Commentary

URL: https://www.wnd.com/category/opinion/cartoons/
Title: Cartoons

URL: https://www.wnd.com/category/opinion/emails-to-the-editor/
Title: Email to the Editor

URL: https://www.wnd.com/commentators/
Title: Commentator Lineup

URL: https://www.wnd.com/category/money/
Title: Money

URL: http://superstore.wnd.com/
Title: Superstore

URL: http://superstore.wnd.com/department/books
Title: Books

URL: http://superstore.wnd.com/department/movies
Title: Movies

URL: http://superstore.wnd.com/department/magazines
Title: Magazines

URL: https://superstore.wnd.com/health-2/
Title: Health

URL: https://superstore.wnd.com/gifts/
Title: Gifts

URL: http://superstore.wnd.com/department/preparedness
Title: Preparedness

URL: http://superstore.wnd.com/department/patriotic
Title: Patriotic

URL: https://superstore.wnd.com/support-wnd-donation/
Title: Support WND

URL: https://superstore.wnd.com/surviving-the-cancel-culture/
Title: Surviving the Cancel Culture

URL: https://superstore.wnd.com/5-and-below/
Title: $5 and Below

URL: https://www.wnd.com/contact-wnd/
Title: Contact WND

URL: https://www.wnd.com/about-wnd/
Title: About WND

URL: https://www.wnd.com/whos-who-at-wnd/
Title: Who's Who at WND

URL: https://www.wnd.com/privacy-policy/
Title: Privacy Policy

URL: https://www.wnd.com/accessibility-statement/
Title: Accessibility Statement

URL: https://www.wnd.com/newsletter-subscription/
Title: Subscribe

URL: https://www.wnd.com/advertise-wnd/
Title: Advertise on WND

URL: https://www.wnd.com/2023/12/ancient-gold-coin-discovered-unique-moniker-jesus/

URL: https://www.wnd.com/2023/12/trump-bashing-federal-judge-folds-issues-pause-presidents-case/

URL: https://www.wnd.com/2023/12/revealed-no-whites-allowed-mayors-holiday-party/

URL: https://www.wnd.com/2023/12/fbi-whistleblower-tells-wnd-conservatives-painted-domestic-terrorists/

URL: https://www.wnd.com/2023/12/secret-service-boats-inoperable-rescue-attempt-obamas-drowning-chef-records-reveal/

URL: https://www.wnd.com/2023/12/watch-tucker-carlson-obvious-u-s-govt-made-contact-nonhuman-beings/

URL: https://clck.mgid.com/ghits/17916344/i/57510777/0/pp/1/1?h=sD_G_ERUrNAGmUBP_u6eowZWtMr_q72V00SQE_htQnelCmho7NjrLnzeWME1NXMSt6wOOmowOsxYuquQMnDaOA**&rid=a9612661-9a4d-11ee-ab1a-c84bd684f2a6&tt=Direct&att=3&cpm=1&abd=1&iv=11&ct=1&gdprApplies=0&st=-300&mp4=1&h2=aHiBFlkmhgWQShAV2Kk0QuJiVN1Qc7103PHS6SKihMs*&muid=nbdHUG_0MDSm

URL: https://clck.mgid.com/ghits/18067153/i/57510777/0/pp/2/1?h=sD_G_ERUrNAGmUBP_u6eo8nhLQxtEBgcgfK6onLnxWmb8_KZmU2GTSqohs10yjzggi1yg65MQerVp_oLtLna6w**&rid=a9612661-9a4d-11ee-ab1a-c84bd684f2a6&tt=Direct&att=3&cpm=1&abd=1&iv=11&ct=1&gdprApplies=0&st=-300&mp4=1&h2=aHiBFlkmhgWQShAV2Kk0QuJiVN1Qc7103PHS6SKihMs*&muid=nbdHUG_0MDSm

URL: https://www.wnd.com/2023/11/war-chronicles-israel-attack-december-2023/
Title: THE WAR CHRONICLES: Israel under attack: December 2023

URL: https://www.wnd.com/2023/12/menorah-ripped-apart-thrown-lake-latest-string-anti-semitic-incidents/
Title: Menorah ripped apart and thrown into lake in latest string of anti-Semitic incidents

URL: https://www.wnd.com/2023/12/dem-state-rep-kicked-kamala-event-says-wouldnt-vote-biden/
Title: Dem state rep kicked out of Kamala event says she wouldn't vote for Biden

URL: https://www.wnd.com/2023/12/defense-minister-hamas-battalions-considered-invincible-now-verge-collapse/
Title: Defense minister: Hamas battalions once 'considered invincible' now 'on verge of collapse'

URL: https://www.wnd.com/2023/12/bidens-culpability-hamas-slaughter-israelis-revealed/

URL: https://www.wnd.com/2023/12/lawmaker-heart-attack-seconds-saying-israel-suffer-wrath-allah/
Title: Lawmaker has heart attack 'seconds after saying Israel would suffer wrath of Allah'

URL: https://www.wnd.com/2023/12/everythings-table-u-s-house-may-cut-colleges-cash-anti-semitism/
Title: 'Everything's on the table': U.S. House may cut colleges' cash over anti-Semitism

URL: https://www.wnd.com/2023/12/fraudulent-dershowitz-reveals-claudine-gay-ascended-harvards-presidency/
Title: 'Fraudulent': Dershowitz reveals how Claudine Gay ascended to Harvard's presidency

URL: https://www.wnd.com/2023/12/report-now-hamas-building-new-terror-group-attack-israel/
Title: Report: Now Hamas building a new terror group to attack Israel

URL: https://www.wnd.com/2023/12/supreme-court-just-threw-wrench-jack-smiths-2024-plans/
Title: The Supreme Court just threw a wrench into Jack Smith's 2024 plans

URL: https://www.wnd.com/2023/12/house-votes-authorize-biden-impeachment-inquiry/
Title: House votes to authorize Biden impeachment inquiry

URL: https://www.wnd.com/2023/12/state-moves-block-noncitizen-voting-constitution/
Title: State moves to block noncitizen voting in its constitution

URL: https://www.wnd.com/2023/12/rand-paul-fauci-claimed-wuhan-research-worth-risk-even-pandemic-kills/
Title: Rand Paul: Fauci claimed Wuhan research 'worth the risk' even if pandemic kills

URL: https://www.wnd.com/2023/12/don-lemon-cut-cord-corporate-media-reveals-watching-conservative-programs/

URL: https://www.wnd.com/2023/12/now-widespread-evidence-election-fraud-confirmed/
Title: 'Stunning': Now 'widespread evidence' of election fraud confirmed!

URL: https://www.wnd.com/2023/12/candidate-governor-says-2020-presidential-election-stolen-cia/
Title: Candidate for governor IDs who really stole 2020 presidential election

URL: https://www.wnd.com/2023/12/special-counsel-vacuumed-information-trumps-phone/
Title: Special counsel vacuumed up evidence from Trump's phone

URL: https://www.wnd.com/2023/12/bleeping-brain-dem-loses-race-shocking-leaked-audio-botched-ad/
Title: 'Have a [bleeping] brain': Dem loses race after shocking leaked audio, botched ad

URL: https://www.wnd.com/2023/12/major-citys-police-force-may-ask-pronouns-sex-identity/
Title: Major city's police force may have to ask for pronouns, sex identity

URL: https://www.wnd.com/2023/12/biden-touted-ev-charging-company-climate-agenda-now-stock-tanking/
Title: Biden touted EV charging company for climate agenda. Now, its stock is tanking

URL: https://www.wnd.com/2023/12/good-vs-evil-god-vs-satan-america-full-spiritual-war/
Title: Good vs. evil, God vs. Satan: America in full spiritual war

URL: https://www.wnd.com/2023/12/controversy-erupts-student-fails-quiz-answering-correctly/
Title: Controversy erupts when student fails quiz for answering CORRECTLY!

URL: https://www.wnd.com/2023/12/nude-beach-lgbt-folks-torpedoes-plan-kids-playground/
Title: Nude beach for LGBT folks torpedoes plan for kids' playground

URL: https://www.wnd.com/2023/12/harvard-plagiarism-alabama-football/

URL: https://www.wnd.com/2023/12/happens-political-puppet-loses-puppeteer/

URL: https://www.wnd.com/2023/12/give-us-educated-skilled-legal-migrants-yearning-support/

URL: https://www.wnd.com/2023/12/patriotism-sen-tommy-tuberville/

URL: https://www.wnd.com/2023/12/2-reasons-trump-winning/

URL: https://www.wnd.com/2023/12/harvards-president-didnt-resign-plagiarism-scandal-students-got-boot/
Title: Harvard's president didn't resign after plagiarism scandal, but students got the boot

URL: https://www.wnd.com/2023/12/conservatives-force-drag-queens-clean-story-hour/
Title: Conservatives force drag queens to clean up story hour

URL: https://www.wnd.com/2023/12/school-goes-ballistic-teachers-take-stand-real-women/
Title: School goes ballistic when teachers take stand for REAL women

URL: https://www.wnd.com/2023/12/school-board-urges-moms-liberty-co-founder-resign-gop-sex-scandal/

URL: https://www.wnd.com/2023/12/appalling-abortion-groups-siphoned-billions-taxpayers-3-years/
Title: 'Appalling': Abortion groups 'siphoned' billions from taxpayers over 3 years

URL: https://www.wnd.com/2023/12/500-harvard-faculty-defend-university-president-amid-calls-ouster/
Title: Over 500 Harvard faculty defend university president amid calls for ouster

URL: https://www.wnd.com/2023/12/feds-christian-affordable-colleges-10-times-worse-hiding-sex-offenders/
Title: Feds: 'Christian and affordable' colleges 10 times worse than hiding sex offenders

URL: https://superstore.wnd.com/
Title: Hot Reads

URL: https://www.wnd.com/2023/03/overrun-joe-biden-unleashed-greatest-border-crisis-u-s-history-todd-bensman/
Title: 'Overrun: How Joe Biden Unleashed the Greatest Border Crisis in U.S. History' by Todd Bensman

URL: https://www.wnd.com/2023/03/taking-back-trumps-america-peter-navarro-seen-tucker-carlson-heard-mark-levin/
Title: 'Taking Back Trump's America' by Peter Navarro: As seen on Tucker Carlson, heard on Mark Levin!

URL: https://www.wnd.com/2022/12/phenomenal-prophecy-future-hidden-jesus-first-appearance/
Title: Phenomenal prophecy in Jesus' first appearance: Read 'Reaching God Speed' by Joe Kovacs

URL: https://www.wnd.com/2023/06/want-know-truth-great-cities/
Title: Do you want to know the truth about our once-great cities? 'Untenable' by Jack Cashill makes it plain

URL: https://www.wnd.com/2023/04/read-gospel-every-book-old-testament-yet/

URL: https://www.wnd.com/2023/05/unconstitutional-roger-simmermaker-founding-fathers-rejected-free-trade/
Title: 'Unconstitutional' by Roger Simmermaker: Founding Fathers rejected free trade, so should we

URL: https://www.wnd.com/2023/04/chilling-account-chinas-mission-destroy-america-read-pandemonium-curtis-ellis/
Title: A chilling account of China's mission to destroy America: Read 'Pandemonium' by Curtis Ellis

URL: https://www.wnd.com/2023/05/next-president-michelle-obama-2024-real-life-story-plan-power-joel-gilbert/
Title: Next president? 'Michelle Obama 2024: Her Real Life Story and Plan for Power' by Joel Gilbert

URL: https://www.wnd.com/2022/05/new-marketing-evil-illuminates-biden-era-mass-psychosis/
Title: New 'Marketing of Evil' illuminates Biden-era mass psychosis

URL: https://clck.mgid.com/ghits/18067153/i/57510778/0/pp/1/1?h=5v806QEfPKhcnIbK-DLxhEeI81uCW_-qxy6pzWqJAMFtNOOWDdIw1Bo52CiuJo_ZZwV224mZqDUOiCNpeX8l7Q**&rid=a9625bf5-9a4d-11ee-aa74-c84bd684dfc2&tt=Direct&att=3&cpm=1&abd=1&iv=11&ct=1&gdprApplies=0&st=-300&mp4=1&h2=aHiBFlkmhgWQShAV2Kk0QuJiVN1Qc7103PHS6SKihMs*&muid=nbdHUG_0MDSm

URL: https://clck.mgid.com/ghits/18042451/i/57510778/0/pp/2/1?h=5v806QEfPKhcnIbK-DLxhCQdzNssQ4D5NcTO9WzQUrFxcEliI5x24mhCq_DOvT521sVaZSj74-HFucp26mZE8Q**&rid=a9625bf5-9a4d-11ee-aa74-c84bd684dfc2&tt=Direct&att=3&cpm=1&abd=1&iv=11&ct=1&gdprApplies=0&st=-300&mp4=1&h2=aHiBFlkmhgWQShAV2Kk0QuJiVN1Qc7103PHS6SKihMs*&muid=nbdHUG_0MDSm

URL: https://www.wnd.com/2023/12/beloved-news-anchor-dies-unexpectedly-age-42-utterly-devastating/
Title: Beloved news anchor dies unexpectedly at age 42: 'Utterly devastating'

URL: https://www.wnd.com/2023/12/will-ferrell-time-women-run-planet/
Title: Will Ferrell: Why it's 'time for women to run the planet'

URL: https://www.wnd.com/2023/08/thou-shalt-not-traffic-children/
Title: THOU SHALT NOT TRAFFIC CHILDREN: Own it!

URL: https://www.wnd.com/2023/12/top-facebook-diversity-exec-pleads-guilty-stealing-millions-company/

URL: https://www.wnd.com/2023/07/elections-coming-bumper-sticker-says/
Title: Elections are coming and this bumper sticker says it all!

URL: https://www.wnd.com/2021/04/email-editor-feature-returns/
Title: Email to the Editor feature returns

URL: https://www.wnd.com/2023/12/watch-tucker-carlson-freed-journalist-owen-shroyer/
Title: WATCH: Tucker Carlson and freed journalist Owen Shroyer

URL: https://www.wnd.com/2023/12/listed-top-17-times-biden-lied-plagiarized-exaggerated/
Title: LISTED! Top 17 times Biden lied, or plagiarized, or exaggerated

URL: https://www.wnd.com/2023/12/surrogate-spies-massive-expansion-govt-surveillance-buried-house-bill/
Title: 'Surrogate spies': Massive expansion of gov't surveillance buried in House bill

URL: https://www.wnd.com/2023/12/n-y-times-blasted-omitting-one-key-word-hunter-biden-quote/

URL: https://www.wnd.com/2023/12/supremes-take-case-major-implications-jan-6-defendants/
Title: Supremes take case with major implications for Jan. 6 defendants

URL: https://www.wnd.com/2023/12/major-hospital-system-let-patients-designate-sex-x/
Title: Major hospital system to let patients designate their sex as 'X'

URL: https://www.wnd.com/2023/12/tucker-carlson-going-get-violence-keep-s/
Title: Tucker Carlson: 'You're going to get violence if you keep this s*** up'

URL: https://smeagol.revcontent.com/cv/v3/irbzYOixiB50aCNSbMhihUoWtXot9tX9HSZSuARNWQ7pH35UZFUmSRXj1TJUfDePhGfYKPe7lYHXxoYeQvrc--BLTDwdG_EGn39Gorn5MRB2lW0FqfV__Lc4VvdLUYJ5GoSf9DcLes8GH9cRb64EZ0isJnQU2d_D8mT4va5iovl_dWRpwziNYFJXfZPk48r52tbE6u5X18gJUYnL8MaJgzLi37_-xobXzb8lbavP60v4gGPguobEBOHNE9JikMEewtfKLLiulpW7fIYqMdIHt7fbnGa2xb5Re0GIW7wpcZAkpn0SUHBLGpujiozO9oaA769F9PgSHgpSym0Ws1H1Dy6KKTFyrFQX4XH34rkDaig2lMhFfRiTll0aLc-0vZVueCr18FK-TJZnLDGDaNVfCnsWiYg5iZDE07oCp2nYS7Q9oPKZmQ0AiMQe2svPmPKAomvD0QjjpfwFnFvJaVsKM1mkBQyxPHd1odjmpA_akbVK0v9sTWBat-0a8dAbHrSD7CMZESEwleYFJIKmlLC6CKO4KcWR-yU2cnYsFBSQoQ?p=GgFDMLPN6qsGOiRlYjFjYjI2Yy00YjAxLTQ1OGUtYjgxYS1mMzIwNTFlYTRiODFCJDliNDFkY2U1LThkMDAtNGRmYS1iNjRlLWVmMjJjYWE2MDc1N0oLd2hpZS13YWxrZXJQlO8EWKjdEGIHd25kLmNvbWoHZGVza3RvcJABAdgBso7wAZECAAAAAAAA6D-qAgw5Ni45LjI0Ni4xOTXqAhEKCGdyYXlfaW1wEgVmYWxzZQ
Title: Here Are 23 of the Coolest Gifts for This 2023TrendingGifts

URL: https://smeagol.revcontent.com/v3/fBJlNydvPqGFz3PdzvULinBRlmx4qXZfHPWPGc6zDsuoNJTayxrZ3Db7UdYya3Z78gExb1Za2h8KQZxLGf9XnvQ_2V0P2kTKEDiBSxmaTkQtinxidfWVU9d5fOAoKy0AUgURVIUmUfgBIamm5ZKjg5Gd1nSnTNEvFalhuKefk0ZJdmzgyXgD3UbUzOBgDQs8IviLqcKOHKVAOUZ3bmyWFzQRCUDiey__fy0SLCgYA-XVep7dAWDtU1BmDGiD2rBYxZnir0gA9PBQxmvTsXi8HR9VPGios0UElApJZr9Oxtvo1zium5wcsCi_6hCD6YxwyjiVSboRsuS8Rnd4yZHMPKOpWtVkkNf9ZO79WlJXzjNiq24zxwPdx6Bln7zRkGmP5UpjBF3L2JnEsmBLgK4SwEwgGtbdRo372MBWPfNwbrSw5Qs1XpsrKeJqEEJ0g-JZ_JIn0DUBXl-2B265mtmRkrvNuwZmFns1n6etQkP4rTvtlrOjNZUh-khJuVkO25xADUMuLM0_b27Mn-tdacARy82TV2wut5JTeqZ-Vg?p=GgFDMLPN6qsGOiRlYjFjYjI2Yy00YjAxLTQ1OGUtYjgxYS1mMzIwNTFlYTRiODFCJDliNDFkY2U1LThkMDAtNGRmYS1iNjRlLWVmMjJjYWE2MDc1N0oLd2hpZS13YWxrZXJQlO8EWKjdEGIHd25kLmNvbWoHZGVza3RvcJABAtgBso7wAZECAAAAAAAA6D-qAgw5Ni45LjI0Ni4xOTXqAhEKCGdyYXlfaW1wEgVmYWxzZQ
Title: Anyone Who Wants to Lose Weight Needs to Check out This Simple Morning Ritual!Healthy Nation

URL: https://smeagol.revcontent.com/v3/H-xbUQNDChFjSeihDyWKSpT2wPGLBYmbvy1ihohN_qiJNwggpynHSvmBMHh3tnr8J_eMpSFr30XTDSdwqATOx0tvd9CpC9bAnWGkVX-ap1qfRRcrwTC7M135-FUejy7ppWdlVZfRlb_t8dJDsAr9eN04Qb84UqC8cGegavquNQj3NNpv3EqG9XOaxOeJC7cu4y44epoID82h1P1fBu84VnkkCAClaTPFZ2vF0k4g3rd50oGFEoKtqHRk5y9EPCHyCoTidR8FvuVq3PsGNyls_rpR5YMcw0NJlKW2Hb4dc8UtPLxgGoXBSOAWz6IEi-eTvEMfDSNJfuEns475bpmdvyST26f7Sk6eLS9SWJIb6Wo-N0tDrLC0XC_8fjnIQpElsCQ2gQ49SCQCWDRusVyRArCE37aG44k?p=GgFDMLPN6qsGOiRlYjFjYjI2Yy00YjAxLTQ1OGUtYjgxYS1mMzIwNTFlYTRiODFCJDliNDFkY2U1LThkMDAtNGRmYS1iNjRlLWVmMjJjYWE2MDc1N0oLd2hpZS13YWxrZXJQlO8EWKjdEGIHd25kLmNvbWoHZGVza3RvcJABA9gBso7wAZECAAAAAAAA6D-qAgw5Ni45LjI0Ni4xOTXqAhEKCGdyYXlfaW1wEgVmYWxzZQ
Title: Can Individuals Make A Fortune Online? Is It Really Possible? Cast A Vote Now!Spotlight Polls

URL: https://www.wnd.com/2023/12/report-china-already-hacking-u-s-utilities-pipeline-port-companies/
Title: Report: China already hacking into U.S. utilities, pipeline, port companies

URL: https://www.wnd.com/2023/12/forced-sterilization-still-used-victims/
Title: Forced sterilization STILL being used against victims

URL: https://www.wnd.com/2023/12/biden-now-admits-restore-trumps-border-security/

URL: https://www.wnd.com/2023/12/joe-bidens-sister-law-now-central-figure-foreign-cash-deals/
Title: Joe Biden's sister-in-law now central figure in foreign cash deals

URL: https://www.wnd.com/2023/12/supremes-hear-fda-violated-law-lifting-abortion-chemical-regs/
Title: Supremes to hear how FDA 'violated law' by lifting abortion-chemical regs

URL: https://www.wnd.com/2023/12/republican-governor-fire-blasphemous-promotion-satan/
Title: Republican governor under fire for 'blasphemous' promotion of Satan

URL: https://www.wnd.com/2023/12/god-preserved-us-no-lives-lost-tornado-hits-church-people-inside/
Title: 'God preserved us': No lives lost after tornado hits church with people inside

URL: https://www.wnd.com/2023/12/pastor-wife-murdered-one-week-wedding/
Title: Pastor and wife murdered one week after their wedding

URL: https://www.wnd.com/2023/08/ten-commandments-needed-america-time/
Title: The Ten Commandments: Needed in America for a time such as this!

URL: https://www.wnd.com/category/front-page/money/
Title: Money

URL: https://www.wnd.com/2023/12/tesla-recalls-nearly-u-s-vehicles-government-probe/
Title: Tesla recalls nearly all U.S. vehicles after government probe

URL: https://www.wnd.com/2023/12/hunter-biden-slams-house-probe-skips-deposition-comments-outside-capitol/
Title: Hunter Biden slams House probe, skips deposition after comments outside Capitol

URL: https://www.wnd.com/2023/12/al-gore-messaging-opposing-view-threat-democracy/
Title: Al Gore: Any messaging opposing my view is a 'threat to democracy'

URL: https://www.wnd.com/2021/01/become-wnd-insider-read-favorite-news-site-ad-free/
Title: Become a 'WND Insider' and read your favorite news site AD-FREE!

URL: https://www.wnd.com/2023/12/u-s-signs-deal-shift-away-fossil-fuels-u-n-climate-summit/

URL: https://www.wnd.com/2023/12/dow-rallies-500-points-record-closes-37000-first-time/
Title: Dow rallies more than 500 points to record, closes above 37,000 for first time

URL: https://www.wnd.com/2023/12/google-illegal-monopoly-jury-issues-major-verdict/
Title: Does Google have an illegal monopoly? Jury issues major verdict

URL: https://www.wnd.com/2023/12/quiet-meetings-held-gop-kill-biden-impeachment-probe/
Title: Quiet meetings held with GOP to kill Biden impeachment probe

URL: https://www.wnd.com/2022/09/get-4-issues-whistleblower-1-yes-really/
Title: Get 4 issues of Whistleblower for only $1. Yes, really.

URL: https://www.wnd.com/2023/12/whistleblower-sues-hospital-trying-locked-mental-case/
Title: Whistleblower sues hospital for trying to have her locked up as a mental case

URL: https://www.wnd.com/2023/12/covids-mrna-shots-now-linked-vaids/
Title: COVID's mRNA shots now linked to another serious problem

URL: https://www.wnd.com/2023/12/cynical-strategy-abortion-headed-u-s-supreme-court/
Title: 'A cynical strategy': Abortion headed to U.S. Supreme Court again

URL: https://www.wnd.com/2023/12/big-pharma-giving-away-medical-info-cops-no-warrant-lawmakers-say/
Title: Look who's giving away your medical info to cops with no warrant

URL: https://www.wnd.com/2023/12/homeless-people-caught-pitching-tents-mayor-touts-strides-tackling-homelessness/
Title: Homeless people caught pitching tents as mayor touts strides in tackling homelessness

URL: https://www.wnd.com/2023/12/cop-goes-haywire-taser-threats-now-mom-wants-supreme-ruling/
Title: Cop goes haywire with Taser threats, now mom wants Supreme ruling

URL: https://www.wnd.com/2023/12/watch-casey-anthonys-parents-take-lie-detector-test-refute-claims-granddaughter-caylees-death/
Title: WATCH: Casey Anthony's parents take lie-detector test to refute claims about granddaughter's death

URL: https://www.wnd.com/2023/12/glad-see-campus-antisemitism-revealed/

URL: https://www.wnd.com/2023/12/presidency-already-dictatorship/

URL: https://www.wnd.com/2023/12/5-ways-respond-christian-leader-mike-bickles-admission/

URL: https://www.wnd.com/2023/12/smoked/

URL: https://www.wnd.com/2023/12/santa-klaus/

URL: https://www.wnd.com/2023/08/watch-real-americas-voice-day/

URL: https://wndnewscenter.nationbuilder.com/support_wnd_news_center

URL: https://www.wnd.com/join/?adm_source=header-d

URL: https://www.paypal.com/donate/?hosted_button_id=68C8MZF47L2BL

URL: https://www.wnd.com/page/2
Title: Next

URL: https://clck.mgid.com/ghits/17657888/i/57556614/0/pp/1/1?h=sD_G_ERUrNAGmUBP_u6eoxu55BWc6WTKel15CliSudREkwBpiQrLkhQL06cMvbR4W3xF2Jwk3RvhAKULsntvQA**&rid=a92bb11f-9a4d-11ee-ab1a-c84bd684f2a6&tt=Direct&att=3&cpm=1&abd=1&iv=11&ct=1&gdprApplies=0&muid=nbdHUG_0MDSm&st=-300&mp4=1&h2=aHiBFlkmhgWQShAV2Kk0QuJiVN1Qc7103PHS6SKihMs*

URL: https://clck.mgid.com/ghits/18067153/i/57556614/0/pp/2/1?h=sD_G_ERUrNAGmUBP_u6eoyyxLOFzQPmBo_q94TolIh-b8_KZmU2GTSqohs10yjzg6guB6n4_5A_yfHb7FXKjyA**&rid=a92bb11f-9a4d-11ee-ab1a-c84bd684f2a6&tt=Direct&att=3&cpm=1&abd=1&iv=11&ct=1&gdprApplies=0&muid=nbdHUG_0MDSm&st=-300&mp4=1&h2=aHiBFlkmhgWQShAV2Kk0QuJiVN1Qc7103PHS6SKihMs*

server-108-138-126-121.jfk50.r.cloudfront.net

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 73

https://sb.scorecardresearch.com/b?c1=2&c2=20480112&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1702536882165&ns_c=UTF-8&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=1&cs_cmp_id=9&cs_cmp_sv=5&cs_cmp_rt=177&c7=https%3A%2F%2F49.13.84.163.sslip.io%2F&c8=Home%20-%20WND&c9= HTTP 302
https://sb.scorecardresearch.com/b2?c1=2&c2=20480112&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1702536882165&ns_c=UTF-8&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=1&cs_cmp_id=9&cs_cmp_sv=5&cs_cmp_rt=177&c7=https%3A%2F%2F49.13.84.163.sslip.io%2F&c8=Home%20-%20WND&c9=

Request Chain 123

https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001702536883-HLU71BH4-96AC&adnxs_id=$UID&gdpr=0 HTTP 307
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3DAU1D-0100-001702536883-HLU71BH4-96AC%26adnxs_id%3D%24UID%26gdpr%3D0 HTTP 302
https://ids.ad.gt/api/v1/match?id=AU1D-0100-001702536883-HLU71BH4-96AC&adnxs_id=5640016288828445218&gdpr=0

Request Chain 124

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001702536883-HLU71BH4-96AC&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001702536883-HLU71BH4-96AC&gdpr=0 HTTP 302
https://ids.ad.gt/api/v1/t_match?tdid=ee1f9bfd-2e68-49de-875c-950277e092f2&id=AU1D-0100-001702536883-HLU71BH4-96AC

Request Chain 125

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001702536883-HLU71BH4-96AC HTTP 302
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001702536883-HLU71BH4-96AC HTTP 302
https://ids.ad.gt/api/v1/pbm_match?pbm=B32F047D-5EA9-4111-B1FB-D4D34C912B80&id=AU1D-0100-001702536883-HLU71BH4-96AC

Request Chain 127

https://pixel.tapad.com/idsync/ex/receive?partner_id=3185&partner_device_id=AU1D-0100-001702536883-HLU71BH4-96AC&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001702536883-HLU71BH4-96AC%26tapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3185&partner_device_id=AU1D-0100-001702536883-HLU71BH4-96AC&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001702536883-HLU71BH4-96AC%26tapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=016154a5-ac4d-4ed3-96a1-efa159184f8f%252Chttps%25253A%25252F%25252Fids.ad.gt%25252Fapi%25252Fv1%25252Ftapad_match%25253Fid%25253DAU1D-0100-001702536883-HLU71BH4-96AC%252526tapad_id%25253D016154a5-ac4d-4ed3-96a1-efa159184f8f%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=ee1f9bfd-2e68-49de-875c-950277e092f2&ttd_puid=016154a5-ac4d-4ed3-96a1-efa159184f8f%2Chttps%253A%252F%252Fids.ad.gt%252Fapi%252Fv1%252Ftapad_match%253Fid%253DAU1D-0100-001702536883-HLU71BH4-96AC%2526tapad_id%253D016154a5-ac4d-4ed3-96a1-efa159184f8f%2C HTTP 302
https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001702536883-HLU71BH4-96AC&tapad_id=016154a5-ac4d-4ed3-96a1-efa159184f8f

Request Chain 128

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001702536883-HLU71BH4-96AC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm=&google_sc=&google_ula=450542624&id=AU1D-0100-001702536883-HLU71BH4-96AC&google_tc= HTTP 302
https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001702536883-HLU71BH4-96AC&google_gid=CAESEPOThGn7ciVExtaQ8vyCb9s&google_cver=1&google_ula=450542624,0

Request Chain 129

https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001702536883-HLU71BH4-96AC HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTcwMjUzNjg4My1ITFU3MUJINC05NkFD

Request Chain 130

https://sync.colossusssp.com/ebfa23da174faa55634171c5e49d0152.gif?puid=AU1D-0100-001702536883-HLU71BH4-96AC&redir=http%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fcolossus%3Fcls_id%3D%5BUID%5D%26id%3DAU1D-0100-001702536883-HLU71BH4-96AC HTTP 302
https://ids.ad.gt/api/v1/colossus?cls_id=97382b3d-1c80-45df-bfda-64911c98ab09&id=AU1D-0100-001702536883-HLU71BH4-96AC

Request Chain 131

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODI0MTY1OC90LzA/url/https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Famo_match%3Fturn_id%3D%24!%7BTURN_UUID%7D%26id%3DAU1D-0100-001702536883-HLU71BH4-96AC HTTP 302
https://ids.ad.gt/api/v1/amo_match?turn_id=4427548805325562956&id=AU1D-0100-001702536883-HLU71BH4-96AC

Request Chain 132

https://bh.contextweb.com/bh/rtset?pid=562316&ev=1&rurl=https://ids.ad.gt/api/v1/ppnt_match?uid=%%VGUID%%&id=AU1D-0100-001702536883-HLU71BH4-96AC HTTP 302
https://ids.ad.gt/api/v1/ppnt_match?uid=R2DEH0Msfbfo&ev=1&pid=562316&id=AU1D-0100-001702536883-HLU71BH4-96AC

Request Chain 172

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X HTTP 302
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X HTTP 307
https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1

Request Chain 173

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=mgid&endpoint=us-west&gdpr=0&gdpr_consent=&us_privacy= HTTP 301
https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=us-west&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 176

https://idsync.rlcdn.com/712107.gif?partner_uid=nbdHUG_0MDSm& HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CKu7KxIYChQIARDDoQoaDG5iZEhVR18wTURTbRAAGg0ItM3qqwYSBQjoBxAAQgBKAA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=218eaca79f55d61cb96e1767a9340070e92b4c114d50807c616567e6527e3783791426b5417dce21&_=2 HTTP 307
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=218eaca79f55d61cb96e1767a9340070e92b4c114d50807c616567e6527e3783791426b5417dce21&rand=00486785 HTTP 302
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=218eaca79f55d61cb96e1767a9340070e92b4c114d50807c616567e6527e3783791426b5417dce21&rand=00486785&expected_cookie=63c3135d-c56e-4a18-983f-a34431acd5e7

Request Chain 177

https://ps.eyeota.net/match?bid=dn2m51u&uid=nbdHUG_0MDSm&gdpr=0&gdpr_consent= HTTP 302
https://ps.eyeota.net/match/bounce/?bid=dn2m51u&uid=nbdHUG_0MDSm&gdpr=0&gdpr_consent=

Request Chain 178

https://image8.pubmatic.com/AdServer/ImgSync?p=161673&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D161673%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fcm.mgid.com%252Fm%253Fcdsp%253D712807%2526c%253D%2523PMUID HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjMyRjA0N0QtNUVBOS00MTExLUIxRkItRDREMzRDOTEyQjgw&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEH5vSuC7ZEOHrU9g9iRt1dM&google_cver=1 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
https://onetag-sys.com/match/?int_id=114&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=B32F047D-5EA9-4111-B1FB-D4D34C912B80

Request Chain 179

https://rtb-usw.mfadsrvr.com/sync?ssp=mgid HTTP 302
https://rtb-usw.mfadsrvr.com/ul_cb/sync?ssp=mgid HTTP 302
https://cm.mgid.com/m?cdsp=287839&c=27b6dd88-729f-41a1-924a-66f8db1d4c1f

Request Chain 180

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=&cb=https%3A//cm.mgid.com/m%3Fcdsp%3D779131%26c%3D HTTP 302
https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F0%2F28893%3Fgpp%3D%26gdpr_consent%3D%26gdpr%3D0%26gpp_sid%3D%26us_privacy%3D%26A%3D0fd72110-0a58-41ef-8da5-239c415a6f50%26bidder%3Dappnexus%26cbx%3DaHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9%26uid%3D%24UID HTTP 302
https://prebid.a-mo.net/cchain/0/28893?gpp=&gdpr_consent=&gdpr=0&gpp_sid=&us_privacy=&A=0fd72110-0a58-41ef-8da5-239c415a6f50&bidder=appnexus&cbx=aHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9&uid=5640016288828445218 HTTP 302
https://rtb.openx.net/sync/prebid?&gdpr=0&us_privacy=1---&r=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%2F28893%3Fgpp%3D%26gdpr_consent%3D%26gdpr%3D0%26gpp_sid%3D%26us_privacy%3D%26A%3D0fd72110-0a58-41ef-8da5-239c415a6f50%26bidder%3Dopenx%26cbx%3DaHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9%26uid%3D%24%7BUID%7D HTTP 302
https://rtb.openx.net/sync/prebid?gdpr=0&r=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%2F28893%3Fgpp%3D%26gdpr_consent%3D%26gdpr%3D0%26gpp_sid%3D%26us_privacy%3D%26A%3D0fd72110-0a58-41ef-8da5-239c415a6f50%26bidder%3Dopenx%26cbx%3DaHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9%26uid%3D%24%7BUID%7D&us_privacy=1---&ox_sc=1 HTTP 302
https://prebid.a-mo.net/cchain/1/28893?gpp=&gdpr_consent=&gdpr=0&gpp_sid=&us_privacy=&A=0fd72110-0a58-41ef-8da5-239c415a6f50&bidder=openx&cbx=aHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9&uid=3e054b79-c7e5-40e6-b6f5-eb8f281f64df HTTP 302
https://id.a-mx.com/u?&gdpr=0&us_privacy=1---&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F4%2F28893%3Fgpp%3D%26gdpr_consent%3D%26gdpr%3D0%26gpp_sid%3D%26us_privacy%3D%26A%3D0fd72110-0a58-41ef-8da5-239c415a6f50%26bidder%3Damx_com%26cbx%3DaHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9%26uid%3D HTTP 302
https://prebid.a-mo.net/cchain/4/28893?gpp=&gdpr_consent=&gdpr=0&gpp_sid=&us_privacy=&A=0fd72110-0a58-41ef-8da5-239c415a6f50&bidder=amx_com&cbx=aHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9&uid=0fd72110-0a58-41ef-8da5-239c415a6f50 HTTP 302
https://ssum.casalemedia.com/usermatchredir?s=191503&gdpr=0&us_privacy=1---&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F5%2F28893%3Fgpp%3D%26gdpr_consent%3D%26gdpr%3D0%26gpp_sid%3D%26us_privacy%3D%26A%3D0fd72110-0a58-41ef-8da5-239c415a6f50%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9%26uid%3D HTTP 302
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F5%2F28893%3Fus_privacy%3D1---%26gpp%3D%26gdpr_consent%3D%26gdpr%3D0%26gpp_sid%3D%26us_privacy%3D%26A%3D0fd72110-0a58-41ef-8da5-239c415a6f50%26bidder%3Dindex_rtb%26cbx%3DaHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9%26uid%3D&gdpr=0&s=191503&us_privacy=1---&C=1 HTTP 302
https://prebid.a-mo.net/cchain/5/28893?us_privacy=1---&gpp=&gdpr_consent=&gdpr=0&gpp_sid=&us_privacy=&A=0fd72110-0a58-41ef-8da5-239c415a6f50&bidder=index_rtb&cbx=aHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9&uid=ZXqmtIpliuyG2aB5a2CWIgAA%261232 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=158355&gdpr=0&us_privacy=1---&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D158355%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fprebid.a-mo.net%252Fcchain%252F6%252F28893%253Fgpp%253D%2526gdpr_consent%253D%2526gdpr%253D0%2526gpp_sid%253D%2526us_privacy%253D%2526A%253D0fd72110-0a58-41ef-8da5-239c415a6f50%2526bidder%253Dpubmatic%2526cbx%253DaHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9%2526uid%253D%2523PMUID HTTP 302
https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:9150aa01-1aaf-469e-a866-73f2d35211f0&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}

Request Chain 181

https://cs.krushmedia.com/e4e1f5fe20753b6b614cda48b7e3c9f7.gif?redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D827026%26c%3D%5BUID%5D HTTP 302
https://cm.mgid.com/m?cdsp=827026&c=d104b083-5f87-5283-876f-38c0e38d4a21

Request Chain 182

https://cs.admanmedia.com/e4e1f5fe20753b6b614cda48b7e3c9f7.gif?gdpr=0&gdpr_consent=&ccpa=&redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D675043%26c%3D%5BUID%5D HTTP 302
https://cm.mgid.com/m?cdsp=675043&c=3c740365-8354-4d8e-b5a5-ca610f7a4fcc

Request Chain 183

https://ad.360yield.com/server_match?partner_id=1944&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D HTTP 302
https://ad.360yield.com/ul_cb/server_match?partner_id=1944&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D HTTP 302
https://cm.mgid.com/m?cdsp=665953&c=2104bfe3-cb8a-4a86-93c1-8fb0556e799f

Request Chain 184

https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D709070%26c%3D%24UID HTTP 307
https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D709070%26c%3D%24UID&sovrn_retry=true HTTP 307
https://cm.mgid.com/m?cdsp=709070&c=H0X-iLZHve4WUJtJQaGwABc-

Request Chain 185

https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bmJkSFVHXzBNRFNt&muidn=nbdHUG_0MDSm HTTP 302
https://cm.mgid.com/google?muidn=nbdHUG_0MDSm&google_ula={guid},5&google_gid=CAESEL4VDNqFrUiv5zlaZ9GH3Lc&google_cver=1

Request Chain 186

https://cm.rtbsystem.com/mgid?c=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=&cd=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D556372%26c%3D%24%7BUSER%7D HTTP 302
https://cm.mgid.com/m?cdsp=556372&c=a75257b6-d0a8-5f01-8f36-4e57a2ccafba

Request Chain 188

https://tracker.direct.e-volution.ai/sync?id=5&gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D737576%26c%3D%7BPLL_USER_ID%7D HTTP 302
https://cm.mgid.com/m?cdsp=737576&c=4494ca0e-6013-f7bf-193a-5a445ca6ca52

Request Chain 189

https://x.bidswitch.net/sync?dsp_id=303&user_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=&seat_user_id=nbdHUG_0MDSm&seat_key=303&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=

Request Chain 190

https://creativecdn.com/cm-notify?pi=mgid&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://creativecdn.com/cm-notify?pi=mgid&gdpr=0&gdpr_consent=&us_privacy=&tc=1 HTTP 302
https://cm.mgid.com/m?cdsp=501037&c=9gIs7KLWh32cGmjrWHcsSItL96KT2iR2V5Awav7emE0&pi=mgid&gdpr=0&gdpr_consent=&us_privacy=&tc=1

Request Chain 195

https://sync.mathtag.com/sync/img?mt_exid=75&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D1%26uid%3D%5BMM_UUID%5D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://onetag-sys.com/match/?int_id=1&uid=a627657a-a6b4-4300-9597-2809ddea0630&gdpr=0&gdpr_consent=

Request Chain 196

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag&gdpr=0&gdpr_consent= HTTP 302
https://onetag-sys.com/match/?int_id=2&uid=LQ4UI2RA-X-D3D1&gdpr=0

Request Chain 197

https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D0%26gdpr_consent%3D%26uid%3D$UID HTTP 302
https://onetag-sys.com/match/?int_id=98&gdpr=0&gdpr_consent=&uid=5640016288828445218

Request Chain 198

https://ads.stickyadstv.com/user-matching?id=3679&gdpr=0&gdpr_consent= HTTP 302
https://onetag-sys.com/match/?int_id=3&uid=7ee4f7238a3681c19cf855d055613a3e&gdpr_consent=&gdpr=0

Request Chain 200

https://cs.admanmedia.com/73c1e1bfc3bde354d60b80e601ae3914.gif?puid=[UID]&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D164%26gdpr%3D%24%7BGDPR%7D%26gdpr_consent%3D%24%7BGDPR_STRING%7D%26uid%3D%5BUID%5D&gdpr=0&gdpr_consent=&ccpa=&coppa= HTTP 302
https://onetag-sys.com/match/?int_id=164&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=13e7e2f5-5675-4e57-95f1-d4706c7fb748

Request Chain 201

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABjGcbL9wHVq3DA5sd0rNua0PKFum7-zSDFg

Request Chain 202

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid] HTTP 302
https://onetag-sys.com/match/?int_id=107&uid=8682852645158157850

Request Chain 203

https://onetag-sys.com/match/?int_id=113&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=5UmJfM_qHm4K3EtYAOz7AODazEpMxlre77qs7xM2LK4

Request Chain 204

https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=0&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26gdpr%3D${GDPR}%26gdpr_consent%3D${GDPR_STRING}%26uid%3D%23PMUID HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjMyRjA0N0QtNUVBOS00MTExLUIxRkItRDREMzRDOTEyQjgw&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEH5vSuC7ZEOHrU9g9iRt1dM&google_cver=1 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
https://onetag-sys.com/match/?int_id=114&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=B32F047D-5EA9-4111-B1FB-D4D34C912B80

Request Chain 205

https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm HTTP 302
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEAY0KXMSuOvY2FcaKloADPY&google_cver=1

Request Chain 206

https://bh.contextweb.com/bh/rtset?pid=562985&ev=1&us_privacy=&rurl=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D149%26gdpr%3D%24%7BGDPR%7D%26gdpr_consent%3D%24%7BGDPR_STRING%7D%26uid%3D%25%25VGUID%25%25 HTTP 302
https://onetag-sys.com/match/?int_id=149&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=R2DEH0Msfbfo&ev=1&us_privacy=&pid=562985

Request Chain 207

https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D90%26gdpr%3D0%26gdpr_consent%3D%26uid%3D HTTP 302
https://prebid-match.dotomi.com/match/bounce/current?DotomiTest=4cac978b8b141345&is_secure=true&version=1&networkId=72582&rurl=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D90%26gdpr%3D0%26gdpr_consent%3D%26uid%3D HTTP 302
https://onetag-sys.com/match/?int_id=90&gdpr=0&gdpr_consent=&uid=AAAGU7VSGoAtGANWwIH3AAAAAAA&expiration=1702623284

Request Chain 208

https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://onetag-sys.com/match/?int_id=92&uid=y-CjJaABRE2uHntlGSK1k.FRhNVp1ZaJ9XeaTtCdQ-~A

Request Chain 209

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent= HTTP 302
https://onetag-sys.com/match/?int_id=29&uid=ee1f9bfd-2e68-49de-875c-950277e092f2&gdpr=0&gdpr_consent=

Request Chain 210

https://x.bidswitch.net/sync?ssp=onetag&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=onetag&gdpr=0&gdpr_consent= HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=onetag HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=onetag HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=0b981ff1-cccb-412a-b4b5-3d4970390a8d&ssp=onetag HTTP 302
https://onetag-sys.com/match/?int_id=30&uid=7d49d498-6114-4e12-834a-234386e2584c&gdpr=&gdpr_consent=&us_privacy=

Request Chain 222

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy= HTTP 301
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=

Request Chain 223

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1702536884353.7&ri=25&ru=https%3A%2F%2Fads.pubmatic.com%2FAdServer%2Fjs%2Fuser_sync.html%3F%26p%3D156423%26us_privacy%3D%24%7BUS_PRIVACY%7D%26predirect%3Dhttps%253A%252F%252Fevents-ssc.33across.com%252Fmatch%253Fliv%253Dh%2526us_privacy%253D%24%7BUS_PRIVACY%7D%2526bidder_id%253D25%2526external_user_id%253D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D

Request Chain 224

https://ssc-cms.33across.com/ps/?_=1702536884353.&ri=0013300001hSPhhAAG&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X HTTP 302
https://cm.mgid.com/m?cdsp=796887&c=212289453085754

Request Chain 225

https://x.bidswitch.net/sync?ssp=the33across&us_privacy= HTTP 302
https://cms.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=the33across&gdpr=&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=the33across&gdpr=0&user_id=ouMe1vXgS4W5tE-G8rME1PXlS4O5tU-O8eZNJbbx HTTP 302
https://ssc-cms.33across.com/ps/?xi=10&us_privacy=&xu=7d49d498-6114-4e12-834a-234386e2584c HTTP 302
https://events-ssc.33across.com/match?bidder_id=10&external_user_id=7d49d498-6114-4e12-834a-234386e2584c&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 226

https://ups.analytics.yahoo.com/ups/58350/sync?redir=true HTTP 302
https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-bfVVWSpE2uFyIbqrv4R4U63vQHoKi49X~A HTTP 302
https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-bfVVWSpE2uFyIbqrv4R4U63vQHoKi49X%7EA&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 227

https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy= HTTP 302
https://33across-match.dotomi.com/match/bounce/current?DotomiTest=7bb027d66530fbf&is_secure=true&networkId=78390&version=1&us_privacy= HTTP 302
https://ssc-cms.33across.com/ps?xi=64&xu=AAAGU7VSGoAtGQMqy1v_AAAAAAA&expiration=1702623284&is_secure=true&us_privacy= HTTP 302
https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAGU7VSGoAtGQMqy1v_AAAAAAA&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 228

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D33%26xu%3D%24UID HTTP 302
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D33%26xu%3D%24UID HTTP 302
https://ssc-cms.33across.com/ps/?us_privacy=&xi=33&xu=2925943474985103838346 HTTP 302
https://events-ssc.33across.com/match?bidder_id=33&external_user_id=2925943474985103838346&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 229

https://pixel-us-west.rubiconproject.com/exchange/sync.php?p=mgid&gdpr=0&gdpr_consent=&us_privacy=&gdpr=0&us_privacy=1---&khaos=LQ4UI2RA-X-D3D1 HTTP 302
https://cm.mgid.com/m?cdsp=43070&c=LQ4UI2RA-X-D3D1&gdpr=0

Request Chain 232

https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=0&us_privacy=1--- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmNhZGU4M2QwMGRmOGJjNjIyMmRlM2EyYTM1M2M5ZDRjMGRiNGY1MQ&gdpr=0&us_privacy=1---

Request Chain 233

https://token.rubiconproject.com/token?pid=25470&gdpr=0&us_privacy=1--- HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TFE0VUkyUkEtWC1EM0Qx&gdpr=0&us_privacy=1--- HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&gdpr=0&google_gid=CAESEEdECUGeJyMtK51KYBEIGcU&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFE0VUkyUkEtWC1EM0Qx&google_push=&gdpr=0

Request Chain 234

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&gdpr=0&us_privacy=1--- HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&gdpr=0&put=CAESEIzptVEJlXXFD4UOedZd0Lk&google_cver=1

Request Chain 235

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0&us_privacy=1--- HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&gdpr=0&us_privacy=1---&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=8dkjn9H2Sw-WADOA1m1nKw&rk=usync-na&gdpr=0 HTTP 302
https://s.amazon-adsystem.com/ecm3?ex=rubiconprojectHMT&id=8dkjn9H2Sw-WADOA1m1nKw&gdpr=0

Request Chain 236

https://match.adsrvr.org/track/cmf/rubicon?gdpr=0&us_privacy=1--- HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=ee1f9bfd-2e68-49de-875c-950277e092f2&gdpr=0&gdpr_consent=&expires=30

Request Chain 237

https://token.rubiconproject.com/token?pid=36584&gdpr=0&us_privacy=1--- HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=LQ4UI2RA-X-D3D1&gdpr=0&us_privacy=1---

Request Chain 238

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1&gdpr=0&us_privacy=1--- HTTP 302
https://pr-bh.ybp.yahoo.com/sync/rubicon/Cw607ro7oKvllTPqy-9cWQ?csrc=&gdpr=0&us_privacy=1--- HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-8iQL2HhE2oLPOOADyVQK_I42sPPIai0gsoRR8w--~A

Request Chain 239

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0&us_privacy=1--- HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&gdpr=0&us_privacy=1---&dcc=t HTTP 302
https://pixel.rubiconproject.com/token?pid=2179&pt=n&puid=79rylYEqQaKB2UgP99ZwIQ&rk=usync-other&gdpr=0 HTTP 302
https://aax-eu.amazon-adsystem.com/s/ecm3?ex=rubiconprojectHMT&id=79rylYEqQaKB2UgP99ZwIQ&gdpr=0

Request Chain 240

https://pixel.rubiconproject.com/exchange/sync.php?p=a9us&gdpr=0&us_privacy=1--- HTTP 302
https://s.amazon-adsystem.com/ecm3?id=LQ4UI2RA-X-D3D1&ex=d-rubiconproject.com&status=ok&gdpr=0&us_privacy=1---

Request Chain 241

https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&gdpr=0&us_privacy=1--- HTTP 303
https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp&gdpr=0&us_privacy=1---&_bee_ppp=1 HTTP 303
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AADGDk7K9U0AABLjRkoruA&expires=30&gdpr=0

Request Chain 242

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-adaptmx&gdpr=0&us_privacy=1--- HTTP 302
https://prebid.a-mo.net/setuid/magnite?uid=LQ4UI2RA-X-D3D1&gdpr=0&us_privacy=1---

Request Chain 243

https://token.rubiconproject.com/token?pid=26594&gdpr=0&us_privacy=1--- HTTP 302
https://ups.analytics.yahoo.com/ups/58160/sync?_origin=1&uid=LQ4UI2RA-X-D3D1&redir=true&gdpr=0&us_privacy=1--- HTTP 302
https://ups.analytics.yahoo.com/ups/58824/sync?_origin=0&dpid=58160&ovsid=LQ4UI2RA-X-D3D1&gdpr=0&redir=true&us_privacy=1--- HTTP 302
https://hb.yahoo.net/cksync?cs=63&axid_e=eS1ZaEhQczNaRTJ1R2p3dWoxTDRyaVUwaWM0ZHNOemFSQX5B&gdpr=0&ovsid=LQ4UI2RA-X-D3D1&us_privacy=1---&dpid=58160

Request Chain 244

https://pixel.rubiconproject.com/exchange/sync.php?p=sovrn&gdpr=0&us_privacy=1--- HTTP 302
https://ce.lijit.com/merge?pid=80&3pid=LQ4UI2RA-X-D3D1&gdpr=0&us_privacy=1---

Request Chain 245

https://pixel.rubiconproject.com/exchange/sync.php?p=19564&gdpr=0&us_privacy=1--- HTTP 302
https://capi.connatix.com/us/pixel?puid=LQ4UI2RA-X-D3D1&pId=11&gdpr=&gdpr_consent=&us_privacy=&gdpr=0&us_privacy=1--- HTTP 302
https://capi.connatix.com/us/pixel?puid=LQ4UI2RA-X-D3D1&pId=11&gdpr=&gdpr_consent=&us_privacy=&gdpr=0&us_privacy=1---&final=true

Request Chain 246

https://pixel.rubiconproject.com/exchange/sync.php?p=primis&gdpr=0&us_privacy=1--- HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=LQ4UI2RA-X-D3D1&gdpr=0&us_privacy=1--- HTTP 301
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LQ4UI2RA-X-D3D1 HTTP 302
https://sync1.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=LQ4UI2RA-X-D3D1&ckls=true&ci=lsuOYPBosZ&nc=false&trid=1434403640

Request Chain 247

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-apn&gdpr=0&us_privacy=1--- HTTP 302
https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=LQ4UI2RA-X-D3D1&gdpr=0&us_privacy=1---

Request Chain 249

https://pixel-us-east.rubiconproject.com/exchange/sync.php?p=33across&us_privacy=&gdpr_consent=undefined&gdpr=0&us_privacy=1---&khaos=LQ4UI2RA-X-D3D1 HTTP 302
https://ssc-cms.33across.com/ps/?xi=1&xu=LQ4UI2RA-X-D3D1&gdpr=0&gdpr_consent=undefined HTTP 302
https://events-ssc.33across.com/match?bidder_id=30&external_user_id=LQ4UI2RA-X-D3D1&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 251

https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFEOFlrN0s5VTBBQUJPQmU4bS03dw&gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Csas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?gdpr=0&gdpr_consent=&bee_sync_partners=syn%2Csas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://sync.technoratimedia.com/services?uid=AAD8Yk7K9U0AABOBe8m-7w&srv=cs&pid=73&cb=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dsas%252Cpp%252Cpm%26bee_sync_current_partner%3Dsyn%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2&gdpr=0 HTTP 307
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=syn&bee_sync_initiator=adx&bee_sync_hop_count=2 HTTP 303
https://rtb-csync.smartadserver.com/redir?partneruserid=AAD8Yk7K9U0AABOBe8m-7w&partnerid=127&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26bee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D3%26userid%3DSMART_USER_ID&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&bee_sync_partners=pp%2Cpm&bee_sync_current_partner=sas&bee_sync_initiator=adx&bee_sync_hop_count=3&userid=8682852645158157850&gdpr=0&gdpr_consent= HTTP 303
https://bh.contextweb.com/bh/rtset?ev=AAD8Yk7K9U0AABOBe8m-7w&do=add&pid=558502&rurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fgdpr%3D0%26userid%3D8682852645158157850%26gdpr%3D0%26gdpr_consent%3D%26bee_sync_partners%3Dpm%26bee_sync_current_partner%3Dpp%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D4&gdpr=0 HTTP 302
https://match.prod.bidr.io/cookie-sync?gdpr=0&userid=8682852645158157850&gdpr=0&gdpr_consent=&bee_sync_partners=pm&bee_sync_current_partner=pp&bee_sync_initiator=adx&bee_sync_hop_count=4&ev=AAD8Yk7K9U0AABOBe8m-7w&pid=558502&do=add&gdpr=0 HTTP 303
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyOTcmdGw9MTI5NjAw&piggybackCookie=AAD8Yk7K9U0AABOBe8m-7w&gdpr=0&gdpr_consent=

Request Chain 252

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=5640016288828445218&gdpr=0&gdpr_consent=

Request Chain 254

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZXqmtAAGzgfrDQBd

Request Chain 255

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=wjR7wJU3LpPZYyqQkmRhwpUyLpXZYiqYkTEYMtTa

Request Chain 256

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://r.bidswitch.net/sync?bidswitch_ssp_id=pubmatic&bsw_custom_parameter=7d49d498-6114-4e12-834a-234386e2584c HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=3205&partner_device_id=7d49d498-6114-4e12-834a-234386e2584c&partner_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D393%26user_id%3D0%26ssp%3Dpubmatic%26bsw_param%3D7d49d498-6114-4e12-834a-234386e2584c HTTP 302
https://dpm.demdex.net/ibs:dpid=540&dpuuid=016154a5-ac4d-4ed3-96a1-efa159184f8f&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DADB%26partner_device_id%3D%24%7BDD_UUID%7D%26pt%3D016154a5-ac4d-4ed3-96a1-efa159184f8f%252Chttps%25253A%25252F%25252Fx.bidswitch.net%25252Fsync%25253Fdsp_id%25253D393%252526user_id%25253D0%252526ssp%25253Dpubmatic%252526bsw_param%25253D7d49d498-6114-4e12-834a-234386e2584c%252C HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=540&dpuuid=016154a5-ac4d-4ed3-96a1-efa159184f8f&redir=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DADB%26partner_device_id%3D%24%7BDD_UUID%7D%26pt%3D016154a5-ac4d-4ed3-96a1-efa159184f8f%252Chttps%25253A%25252F%25252Fx.bidswitch.net%25252Fsync%25253Fdsp_id%25253D393%252526user_id%25253D0%252526ssp%25253Dpubmatic%252526bsw_param%25253D7d49d498-6114-4e12-834a-234386e2584c%252C HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=ADB&partner_device_id=63895285785816786971789858569459081258&pt=016154a5-ac4d-4ed3-96a1-efa159184f8f%2Chttps%253A%252F%252Fx.bidswitch.net%252Fsync%253Fdsp_id%253D393%2526user_id%253D0%2526ssp%253Dpubmatic%2526bsw_param%253D7d49d498-6114-4e12-834a-234386e2584c%2C HTTP 302
https://x.bidswitch.net/sync?dsp_id=393&user_id=0&ssp=pubmatic&bsw_param=7d49d498-6114-4e12-834a-234386e2584c HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=7d49d498-6114-4e12-834a-234386e2584c&gdpr=&gdpr_consent=&gdpr_pd=&us_privacy= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}

Request Chain 257

https://a.tribalfusion.com/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw%26piggybackCookie%3D%24TF_USER_ID_ENC%24&u=${PUBMATIC_UID}

Request Chain 258

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent= HTTP 302
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=aa02c57e-9a4d-11ee-bfca-d68cff6a2974

Request Chain 259

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=J0LWDLAEX71cizBkPdshsGAJ9sM&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY} HTTP 302
https://image4.pubmatic.com/AdServer/SPug?gdpr=0&p=158355&pmc=1&pr=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F6%2F28893%3Fgpp%3D%26gdpr_consent%3D%26gdpr%3D0%26gpp_sid%3D%26us_privacy%3D%26A%3D0fd72110-0a58-41ef-8da5-239c415a6f50%26bidder%3Dpubmatic%26cbx%3DaHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9%26uid%3DB32F047D-5EA9-4111-B1FB-D4D34C912B80&us_privacy=%24%7BUS_PRIVACY%7D HTTP 302
https://prebid.a-mo.net/cchain/6/28893?gpp=&gdpr_consent=&gdpr=0&gpp_sid=&us_privacy=&A=0fd72110-0a58-41ef-8da5-239c415a6f50&bidder=pubmatic&cbx=aHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9&uid=B32F047D-5EA9-4111-B1FB-D4D34C912B80

Request Chain 260

https://pm.w55c.net/ping_match.gif?ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=PUBMATIC&rurl=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:_wfivefivec_&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzQmdGw9MTI5NjAw&piggybackCookie=uid:bW7jjNrS1RdFCk5&gdpr=0&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}

Request Chain 261

https://beacon.lynx.cognitivlabs.com/pbmtc.gif?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0xJnR5cGU9MSZjb2RlPTM0MzkmdGw9MTI5NjAw&piggybackCookie=324aa1d4-b1ec-4d10-afe5-7458e4ffb461&r=https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=${PUBMATIC_UID} HTTP 302
https://beacon.lynx.cognitivlabs.com/pbmtc.gif?puid=B32F047D-5EA9-4111-B1FB-D4D34C912B80

Request Chain 262

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=2810035093978242372 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}

Request Chain 265

https://t.adx.opera.com/pub/sync?pubid=pub8730968190912 HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU3f3e10ed561f48eebb6d87a7965a5f1a

Request Chain 266

https://ums.acuityplatform.com/tum?umid=6 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI5NDcmdGw9MTI5NjAw&piggybackCookie=864582939133

Request Chain 267

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 268

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:a627657a-a6b4-4300-9597-2809ddea0630&gdpr=0&gdpr_consent=

Request Chain 270

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=sy8EfV6pQRGx-9TTTJErgA%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 271

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=B32F047D-5EA9-4111-B1FB-D4D34C912B80 HTTP 302
https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3D016154a5-ac4d-4ed3-96a1-efa159184f8f%252C%252C HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=5640016288828445218&pt=016154a5-ac4d-4ed3-96a1-efa159184f8f%2C%2C

Request Chain 274

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:DE6CA05639D645CCB94C7796AB0B0CB2

Request Chain 275

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=ee1f9bfd-2e68-49de-875c-950277e092f2&gdpr=0&gdpr_consent=

Request Chain 277

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=B32F047D-5EA9-4111-B1FB-D4D34C912B80&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-korr9wlE2uUG8IcPjTjaXm95akCubM0-~A&gdpr=0

Request Chain 278

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=B32F047D-5EA9-4111-B1FB-D4D34C912B80&gdpr=0&gdpr_consent= HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=625832e71aac0fbf&is_secure=true&networkId=17100&version=1&nuid=B32F047D-5EA9-4111-B1FB-D4D34C912B80&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AAAG2JRsMI164wMi6K2wAAAAAAA&expiration=1702623284&nuid=B32F047D-5EA9-4111-B1FB-D4D34C912B80&is_secure=true&gdpr_consent=&gdpr=0

Request Chain 279

https://sync.ipredictive.com/d/sync/cookie/generic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=${ADELPHIC_CUID}&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzI1MCZ0bD0xMjk2MDA=&piggybackCookie=32b773f7-9a8b-4dd6-b0d8-51da4cc547aa&gdpr=0&gdpr_consent=

Request Chain 280

https://pmp.mxptint.net/sn.ashx?&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjc0NCZ0bD0xNTc2ODAw&piggybackCookie=R35CA9_10DAAC868_CE14A2C8&r=https://pmp.mxptint.net/sn.ashx?ak=1 HTTP 302
https://pmp.mxptint.net/sn.ashx?ak=1

Request Chain 282

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MTI5NjAw&piggybackCookie=54bc95df-fa63-4d45-b776-fdf4950a2786-657aa6b4-5553&gdpr=0&gdpr_consent=

Request Chain 283

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=4427548805325562956&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 284

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=1982779762610799304

Request Chain 289

https://x.bidswitch.net/sync?ssp=adaptmx&user_id=0fd72110-0a58-41ef-8da5-239c415a6f50&gdpr=0&us_privacy=1--- HTTP 302
https://sync-dmp.mobtrakk.com/match/bidswitch?id=${user_id}&gdpr=0&consent=&usp=1---&ssp=adaptmx&bsw=7d49d498-6114-4e12-834a-234386e2584c HTTP 302
https://sync-dmp.mobtrakk.com/match/bidswitch?id=%24%7Buser_id%7D&gdpr=0&consent=&usp=1---&ssp=adaptmx&bsw=7d49d498-6114-4e12-834a-234386e2584c&chk=1 HTTP 302
https://x.bidswitch.net/sync?dsp_id=457&user_id=NGYzZTZiNTUwZWRhMmJjZQ&gdpr=0&gdpr_consent=&us_privacy=1---&ssp=adaptmx&bsw_param=7d49d498-6114-4e12-834a-234386e2584c HTTP 302
https://prebid.a-mo.net/setuid?bidder=bid_switch&uid=7d49d498-6114-4e12-834a-234386e2584c&gdpr=0&gdpr_consent=&us_privacy=1---

Request Chain 290

https://ups.analytics.yahoo.com/ups/58570/occ?uid=0fd72110-0a58-41ef-8da5-239c415a6f50 HTTP 302
https://prebid.a-mo.net/setuid/yahoo?uid=y-CjJaABRE2uHntlGSK1k.FRhNVp1ZaJ9XeaTtCdQ-~A

Request Chain 291

https://cm.adform.net/cookie?&gdpr=0&us_privacy=1---&redirect_url=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3D0fd72110-0a58-41ef-8da5-239c415a6f50%26bidder%3Dadform%26uid%3D%24UID HTTP 303
https://prebid.a-mo.net/setuid?A=0fd72110-0a58-41ef-8da5-239c415a6f50&bidder=adform&uid=1982779762610799304

Request Chain 292

https://ap.lijit.com/pixel?&gdpr=0&us_privacy=1---&redir=https%3A%2F%2Fprebid.a-mo.net%2Fsetuid%3FA%3D0fd72110-0a58-41ef-8da5-239c415a6f50%26bidder%3Dsovrn%26uid%3D%24UID HTTP 307
https://prebid.a-mo.net/setuid?A=0fd72110-0a58-41ef-8da5-239c415a6f50&bidder=sovrn&uid=H0X-iLZHve4WUJtJQaGwABc-

Request Chain 304

https://id5-sync.com/i/231/8.gif?id5id=ID5*WQ7sXA99CQ4F2GMbQYVyi9S4-BUrstq8GRnDFmyDEN509MOUCyxi0JNzLxt6LpaydPbgXPCJl_2CcSG1pLflWQ&o=api&gdpr_consent=undefined&gdpr=false HTTP 302
https://dis.eu.criteo.com/dis/usersync.aspx?r=30&p=59&cp=id5&cu=1&url=https%3A%2F%2Fid5-sync.com%2Fc%2F231%2F203%2F7%2F2.gif%3Fpuid%3D%40%40CRITEO_USERID%40%40%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://id5-sync.com/c/231/203/7/2.gif?puid=7b455c50-81c5-45a5-8ddc-b4e0b7e33d8f&gdpr=0&gdpr_consent= HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fid5-sync.com%2Fc%2F231%2F429%2F6%2F3.gif%3Fpuid%3D%23PM_USER_ID%26gdpr%3D0%26gdpr_consent%3D&gdpr_consent=&gdpr=0 HTTP 302
https://id5-sync.com/c/231/429/6/3.gif?puid=B32F047D-5EA9-4111-B1FB-D4D34C912B80&gdpr=0&gdpr_consent= HTTP 302
https://ce.lijit.com/merge?pid=58&3pid=B32F047D-5EA9-4111-B1FB-D4D34C912B80&us_privacy=&gdpr=0&gdpr_consent=&location=https%3A%2F%2Fid5-sync.com%2Fc%2F231%2F1242%2F5%2F4.gif%3Fpuid%3D%5BSOVRNID%5D%26gdpr%3D0%26gdpr_consent%3D&s=id5 HTTP 302
https://id5-sync.com/c/231/1242/5/4.gif?puid=H0X-iLZHve4WUJtJQaGwABc-&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/getuid/id5?r=https%3A%2F%2Fid5-sync.com%2Fc%2F231%2F441%2F4%2F5.gif%3Fpuid%3D%5BUID%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/231/441/4/5.gif?puid=u_c5877d43-0246-4240-a9c1-4df3f4486671&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F231%2F108%2F3%2F6.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/231/108/3/6.gif?puid=016154a5-ac4d-4ed3-96a1-efa159184f8f&gdpr=0&gdpr_consent= HTTP 302
https://ice.360yield.com/match?publisher_dsp_id=79&dsp_callback=1&external_user_id=ID5-f49aMEfcMzritiZ-v6e264ItKBSID4EmIxYrU7nF4w&r=https%3A%2F%2Fid5-sync.com%2Fcq%2F231%2F124%2F2%2F7.gif%3Fpuid%3D%7BPUB_USER_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/cq/231/124/2/7.gif?puid=2104bfe3-cb8a-4a86-93c1-8fb0556e799f&gdpr=0&gdpr_consent=&gdpr=0&gdpr_consent= HTTP 302
https://match.prod.bidr.io/cookie-sync/id5?us_privacy= HTTP 303
https://id5-sync.com/k/155.gif?puid=AAD8Yk7K9U0AABOBe8m-7w&id5AccountNum=155&numCascadesAllowed=9 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/k/264.gif?puid=ee1f9bfd-2e68-49de-875c-950277e092f2&ttl=%%TTL%%

Request Chain 307

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=2pag72iXCVStVF9uuKZ6ZQ

Request Chain 309

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1702536887724 HTTP 302
https://ad.turn.com/r/cs?pid=45&rndcb=2763054905 HTTP 302
https://sync.1rx.io/usersync/turn/4427548805325562956?dspret=1&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-abdbc8f0-d0b6-4887-a52f-c11f91ed7f09-005?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-abdbc8f0-d0b6-4887-a52f-c11f91ed7f09-005 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-abdbc8f0-d0b6-4887-a52f-c11f91ed7f09-005

Request Chain 312

https://px.owneriq.net/epm?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://px.owneriq.net/ecc?redir=https%3a%2f%2fsimage2.pubmatic.com%2fAdServer%2fPug%3fvcode%3dbz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw%26piggybackCookie%3dQ7558232872053959096&uid=Q7558232872053959096&ref=%2Fepm HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNzMmdGw9MTI5NjAw&piggybackCookie=Q7558232872053959096

Request Chain 313

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:DE6CA05639D645CCB94C7796AB0B0CB2&gdpr=0&gdpr_consent=

Request Chain 315

https://thrtle.com/insync?vxii_pid=10067&vxii_pdid=B32F047D-5EA9-4111-B1FB-D4D34C912B80&gdpr=0&gdpr_consent= HTTP 302
https://thrtle.com/insync?gdpr=0&gdpr_consent=&vxii_pdid=B32F047D-5EA9-4111-B1FB-D4D34C912B80&vxii_pid=12&vxii_pid1=10067&vxii_rcid=0554f7d6-0ba7-4293-8494-9ca2f7bc1cec

Request Chain 316

https://us-u.openx.net/w/1.0/sd?id=540245193&val=B32F047D-5EA9-4111-B1FB-D4D34C912B80&gdpr=0&gdpr_consent= HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=540245193&val=B32F047D-5EA9-4111-B1FB-D4D34C912B80&gdpr=0&gdpr_consent=

324 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
49.13.84.163.sslip.io/ 156 KB
31 KB 650ms
288ms Document
text/html 49.13.84.163
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 49.13.84.163 Frankfurt am Main, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.163.84.13.49.clients.your-server.de
Software: nginx/1.24.0 /
Resource Hash: bbee71277907cd4139a05bc7023f2c7f12d6e78ec038c48ee66bcc8723f6e137

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

cache-control: max-age=1200
cf-cache-status: HIT
cf-edge-cache: cache,platform=wordpress
cf-ray: 835489746e183683-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Thu, 14 Dec 2023 06:54:41 GMT
last-modified: Thu, 14 Dec 2023 06:53:39 GMT
link: <https://www.wnd.com/wp-json/>; rel="https://api.w.org/" <https://www.wnd.com/wp-json/wp/v2/pages/84458>; rel="alternate"; type="application/json" <https://www.wnd.com/>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s%2B1ndNgB%2BwvtWnDCaA3ii182TtMy8bpaDHMsl5GG20xRaimkfpSD%2FgiST%2FeD1OH5xk%2FuNmiunQGmjHYuUB1NpQ%2FiEZ56RXJJ1OAoZa17ugCjtNRhkas2rFXIF7qi"}],"group":"cf-nel","max_age":604800}
server: nginx/1.24.0
vary: Accept-Encoding

GET
H2 200 script.js Show response
cadmus.script.ac/d1zxg9iar5y3ur/ 131 KB
46 KB 119ms
35ms Script
application/javascript 2606:4700::6812:1691
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:1691 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5bd6a46e079c57ce22e9e415c22ba2b7d1aaa3c19bafac7e6ba1d4ee2cb996e4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
content-encoding: gzip
last-modified: Wed, 13 Dec 2023 21:51:01 GMT
server: cloudflare
age: 0
etag: W/"d85a38039cdd3bd0cfee6c92e7c5b85f0eff621b"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=600,stale-while-revalidate=3600,stale-if-error=86400
cf-ray: 8354897658094bc0-BUF

GET
H2 200 style.min.css
www.wnd.com/wp-includes/css/dist/block-library/ 107 KB
15 KB 187ms
99ms Stylesheet
text/css 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wnd.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.1
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Wed, 15 Nov 2023 15:53:52 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"6554e990-1add3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cm3fBKvk7ckuFJNEttkWctsP1eAzRDR5zGA5tsCM3z7pSD8xnQjVnFXtHWzxNLtTAHrV831ljs2PAt44fLgVdSMGXjlCBzKjInCw0l1Qra%2BvdLSlXV1BazRd6jWGEDHUjK6rEnu%2BAni6"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1200
cf-ray: 835489765d134bc7-BUF

GET
H2 200 polls-css.css
www.wnd.com/wp-content/plugins/wp-polls/ 2 KB
785 B 185ms
98ms Stylesheet
text/css 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wnd.com/wp-content/plugins/wp-polls/polls-css.css?ver=2.77.2
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31b11a2e634abd7166080ec689881f1152413a31284ab5fdff37ffd2cfac3212

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 15 Nov 2023 15:56:52 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=2708
etag: W/"6554ea44-a94"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kkv1QkGJtG9KbCAr6NsIS9Fh5FJ0j%2BBHzQ2kptFn%2FbC3Aq3Rg%2FQoJJVK%2FV2%2BtMzuYjHxfptNXVM5uHe%2BkLMAKShkCUe2N1HuO6z1P%2Bl6RWUKuQ6PPNPOxDm1D939eQTZ3fiRUxaR8dBy"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1200
cf-ray: 835489766d144bc7-BUF

GET
H2 200 main.css
www.wnd.com/wp-content/plugins/wnd-functionality/assets/css/ 74 KB
14 KB 187ms
99ms Stylesheet
text/css 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wnd.com/wp-content/plugins/wnd-functionality/assets/css/main.css?ver=1701807245
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 36d1a5b86a224651530d333ee7417bc056511effec66aa57d5c1cabf171a7200

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 05 Dec 2023 20:14:05 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=76063
etag: W/"656f848d-1291f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wyCKyruN6A3PsedlFKcVecciJbcC2KGldAxU4I2zMrqITCzw2CXM0Ucpauzvp%2FDgcG2G5R1NumVDDs1yYojDpX9IPq1D1r1jXxLJew39eLpwDOzK032ceX1zH0yzQ2Nyab%2FNuaKzkKmw"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1200
cf-ray: 835489765d114bc7-BUF

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 89 KB
29 KB 167ms
80ms Script
text/javascript 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d54a8388aae82093fb1dcc6d5c90c81da25c2f0b992a847e955b79e53c649ee0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29082
x-xss-protection: 0
server: cafe
etag: 817 / 19705 / m202312060101 / config-hash: 17400476758908410755
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:54:41 GMT

GET
H2 200 888d9f08-6811-40ec-95fc-ac103c950648.js Show response
d3lcz8vpax4lo2.cloudfront.net/ads-code/ 24 KB
8 KB 91ms
27ms Script
application/javascript 2600:9000:21ea:8000:1c:386f:ec80:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/888d9f08-6811-40ec-95fc-ac103c950648.js
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ea:8000:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5b1f49dbd029c25bd08d39ff9edd49b059d119ba95611ca353e70c5d8ab2a16d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: PiRlGJLymSCjB5sCp2QwY47HIZQg2yNz
content-encoding: br
via: 1.1 a7c7e4aa6d7cf400aa51dc847716996e.cloudfront.net (CloudFront)
date: Thu, 14 Dec 2023 06:53:50 GMT
x-amz-cf-pop: EWR50-C1
age: 52
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 08 Dec 2023 19:40:40 GMT
server: AmazonS3
etag: W/"40b254e988a8c7497ddcca80ad3cc861"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-id: JNHrvfXCxE7865sGT00e4l01E2Gdebl8ab-piF0KjmKcWNSN3Cqf7g==

GET
H2 200 888d9f08-6811-40ec-95fc-ac103c950648.js Show response
product.instiengage.com/product-loader-code/ 17 KB
5 KB 193ms
88ms Script
application/javascript 2600:9000:2512:c200:9:78a:e540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://product.instiengage.com/product-loader-code/888d9f08-6811-40ec-95fc-ac103c950648.js
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2512:c200:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 24c14e521399961815a51f5117530fc8090aaab420ec67cc5a9e90bceb8b887a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: CoOeszQ9.lsP8B4yuPXnA7E8TGaa1OwP
content-encoding: br
via: 1.1 b85629c88fd144a4bf7989a1ad1ecc54.cloudfront.net (CloudFront)
date: Thu, 14 Dec 2023 06:54:42 GMT
last-modified: Mon, 11 Dec 2023 11:52:58 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P7
x-amz-server-side-encryption: AES256
etag: W/"8715cf41d9f1d887371bb512dcadf3b3"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=3600,public
x-amz-cf-id: squg_mKnrSMWS69vZT6XZlPaTKqSb_Jz2hwLdYmdD57aZCiXZfo5nw==

GET
H2 200 wnd.svg
www.wnd.com/wp-content/plugins/wnd-functionality/assets/images/ 2 KB
2 KB 185ms
98ms Image
image/svg+xml 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.wnd.com/wp-content/plugins/wnd-functionality/assets/images/wnd.svg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f325a9124cb921e418693fb27a942ecc670b375a35732e30524819ab7a7cd78a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 17 Nov 2022 16:56:27 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"637667bb-858"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QiRd8%2FVqVbeH24MTqf%2F4C0n2EK3pvHcEBghYEMgaBWUcG5Kpp0gvj%2BCOU%2FSNLgygS3%2Fh%2BJy3aCOobk61B12RhZRGwjK%2FWdSu%2BYcJFvpmVYtpng8TqTCZ%2B9U6FG8gRen%2BfI3mcKH6VE5q"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1200
cf-ray: 835489766d164bc7-BUF

GET
H2 200 0.wb-122023-COVER__94041.1702356237.1280.1280__40746.1702356265.jpg
cdn11.bigcommerce.com/s-df19ge4lyd/images/stencil/500x659/products/29238/7219/ 99 KB
100 KB 83ms
25ms Image
image/jpeg 63.141.128.3
BIGCOMMERCE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn11.bigcommerce.com/s-df19ge4lyd/images/stencil/500x659/products/29238/7219/0.wb-122023-COVER__94041.1702356237.1280.1280__40746.1702356265.jpg?c=2
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 63.141.128.3 , United States, ASN399566 (BIGCOMMERCE, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7b50c0bdbc956c6cf0312776b8162b949e8d37b49d85e4e1863799e0136f7329

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
x-bc-is-ha: 1
cf-cache-status: HIT
x-bc-origin-cache: MISS
bc-ray: 1
age: 141628
cf-polished: origSize=104120
content-disposition: inline; filename="0.wb-122023-COVER__94041.1702356237.1280.1280__40746.jpg"
alt-svc: h3=":443"; ma=86400
content-length: 101410
x-request-id: f48b0bd6d5b681028e04eb563c2758fd
cf-bgj: imgq:100,h2pri
last-modified: Tue, 12 Dec 2023 04:45:37 GMT
server: cloudflare
access-control-max-age: 604800
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=31556926, public
accept-ranges: bytes
cf-ray: 83548976398e4bd3-BUF
expires: Wed, 11 Dec 2024 10:34:23 GMT

GET
H2 200 gold-coins-600.jpg
www.wnd.com/wp-content/uploads/2015/02/ 77 KB
77 KB 70ms
65ms Image
image/jpeg 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.wnd.com/wp-content/uploads/2015/02/gold-coins-600.jpg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3ef73d31d0a7c521957cdd130ad248a7c68a82b4a85748568bb54c09b97722b2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
last-modified: Wed, 18 Feb 2015 03:27:14 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: degrade=85, origSize=130082, status=webp_bigger
etag: "54e40692-1fc22"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xDmmLInZwJ03Orb17ldoSblqRUqurf1SUzWoLvbbxWneQ2L92%2F1UUp7ECNkz9EFfWBVA%2BGO7JG4pbIY8WMK1tsSKhwPpQ5gy3ZnS3Ielk3yeUhWoNoo6KHl1Q%2BTDdbup3K%2FpIHeGU20k"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 835489766d154bc7-BUF
content-length: 78617

GET
H2 200 donald-trump-pointing-air-force-one-jpg.jpg
www.wnd.com/wp-content/uploads/2020/06/ 21 KB
22 KB 85ms
85ms Image
image/webp 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.wnd.com/wp-content/uploads/2020/06/donald-trump-pointing-air-force-one-jpg.jpg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f93c0b3f2e1b3630b632051fed384726ea6426d8306d7e043c620837a983cdc4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: qual=85, origFmt=jpeg, origSize=53285
content-disposition: inline; filename="donald-trump-pointing-air-force-one-jpg.webp"
content-length: 21946
cf-bgj: imgq:85,h2pri
last-modified: Mon, 22 Jun 2020 16:24:27 GMT
server: cloudflare
etag: "5ef0db3b-d025"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7dids3KmMYKj7DiqM4EKlmSn6OCmtkZxIpNLau67G0zgUAZcXSyhfKI3TX0c4SvF%2BCKyONmohyglVGCughLu5RAWivlowTXC7SKCSrn0dZJJKn4h4PZVn%2FmbKFemUVB%2B6NmQmnOjfGXJ"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 835489767d1a4bc7-BUF

GET
H2 200 boston-massachusetts-city-urban-americans-streets-traffic-roads-blue-pixabay.jpg
www.wnd.com/wp-content/uploads/2019/09/ 50 KB
51 KB 69ms
67ms Image
image/webp 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.wnd.com/wp-content/uploads/2019/09/boston-massachusetts-city-urban-americans-streets-traffic-roads-blue-pixabay.jpg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ab746cb0332378c4c5846be8949ec260a4a55fe806309cb1520c8f3c0e52ed9a

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: qual=85, origFmt=jpeg, origSize=84123
content-disposition: inline; filename="boston-massachusetts-city-urban-americans-streets-traffic-roads-blue-pixabay.webp"
content-length: 51162
cf-bgj: imgq:85,h2pri
last-modified: Tue, 03 Sep 2019 21:22:40 GMT
server: cloudflare
etag: "5d6ed9a0-1489b"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VfS1ESy0LYx7xebniXD3uu7Lnj4i0LCNVqLSqstNczlJmm%2BiActVJkGJTyBZzG7WKVwKcu6ZwdbgKRADBQeOJqk3x7uX2sBOLSPBgVXRjpuBH0OuJ%2F2z1XjsiWQI4jOL1hDhbjdwkOqr"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 835489770d3d4bc7-BUF

GET
H2 200 jzumwalt20a.jpg
static.wnd.com/wp-content/uploads/2020/01/ 26 KB
26 KB 93ms
69ms Image
image/webp 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.wnd.com/wp-content/uploads/2020/01/jzumwalt20a.jpg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2385bfe6e311cfa74b9be87353e3994ed34e8e8846dd826561aa335f9cd7aefc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: qual=85, origFmt=jpeg, origSize=42018
content-disposition: inline; filename="jzumwalt20a.webp"
content-length: 26572
cf-bgj: imgq:85,h2pri
last-modified: Thu, 16 Jan 2020 00:55:01 GMT
server: cloudflare
etag: "5e1fb465-a422"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e0HIJgXD6ePxiiCT4R5qygdklTqGD9kaHVX8PgfN6870DF%2Fol5tbmwyuT%2Ftd0UjSVpTaMj1UEi64k4PwfS0EwlHS3eWpgPPh2UlG0Uav1pihc%2FRasOb2oQ8hlIp6XtTNieRhi8Ks6RZpypZo"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 835489775d544bc7-BUF

GET
H2 200 bmccaughey2020b.jpg
www.wnd.com/wp-content/uploads/2020/12/ 26 KB
26 KB 69ms
66ms Image
image/webp 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.wnd.com/wp-content/uploads/2020/12/bmccaughey2020b.jpg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f11b6eb1d83eda7a8a424d6de744b20724ac843e8fa9de00acbc27388a2611d3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: qual=85, origFmt=jpeg, origSize=69750
content-disposition: inline; filename="bmccaughey2020b.webp"
content-length: 26636
cf-bgj: imgq:85,h2pri
last-modified: Thu, 10 Dec 2020 01:00:40 GMT
server: cloudflare
etag: "5fd17338-11076"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=va3v3SzwYefNJI7CisKn02GvEFRsReXGm%2Fxa3dOnwMwCMtAmHdxGLWU0m2sET1PniafztZz63PHI0BZDNpMAYodgG9CIaIqJ5dDpLDDjztIx7RLemZP8Pgu92EiMG5cBq0UB8WPd5l4Z"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 835489773d464bc7-BUF

GET
H2 200 sparker2020.jpg
static.wnd.com/wp-content/uploads/2020/05/ 46 KB
47 KB 90ms
66ms Image
image/webp 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.wnd.com/wp-content/uploads/2020/05/sparker2020.jpg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86c506cdfdad73601bd34333c288bd8c6ed9cf2212f683cd4765b31d57c37c34

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: qual=85, origFmt=jpeg, origSize=83886
content-disposition: inline; filename="sparker2020.webp"
content-length: 47490
cf-bgj: imgq:85,h2pri
last-modified: Tue, 12 May 2020 23:51:50 GMT
server: cloudflare
etag: "5ebb3696-147ae"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BiKxizOkIsprG%2Bn6LJkRUhfWXfA1XfRvxpR44PI4EXIu2avvLLZ1uTaQNGrNEzn7RKQvBZQkMzAaU4QQvtPdtgP4GvOGFbojTQxqTPfy3bXJV%2BT9Hhc603XtFYUYJADxozsWNKpXL52riVD5"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 835489775d554bc7-BUF

GET
H2 200 bshapiro2020.jpg
static.wnd.com/wp-content/uploads/2020/05/ 52 KB
53 KB 164ms
141ms Image
image/webp 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.wnd.com/wp-content/uploads/2020/05/bshapiro2020.jpg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0233d65697519716c60833563b321df4b5caed5efdaacef264539d4685416efe

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: qual=85, origFmt=jpeg, origSize=111387
content-disposition: inline; filename="bshapiro2020.webp"
content-length: 53358
cf-bgj: imgq:85,h2pri
last-modified: Sat, 23 May 2020 00:03:25 GMT
server: cloudflare
etag: "5ec8684d-1b31b"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nUbbdYQrlIdZAwx%2FAXY7mKUDBCai4I7tU5BAp17wsmWbl7gXZGChCp4OlVBln%2BYxdutnbTT%2BWUxKavIW%2FDGlblWYewymikiyO4kukTayLfxl%2Biv7iwM0OHXYtLfkurvtxLayyoGtdhhfKjWM"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 835489775d524bc7-BUF

GET
H2 200 ltomczak2020.jpg
static.wnd.com/wp-content/uploads/2020/05/ 47 KB
47 KB 94ms
70ms Image
image/webp 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.wnd.com/wp-content/uploads/2020/05/ltomczak2020.jpg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8674a0a3cbde6147c86f7b0c824669f24d4de7a421024f1f12e76f34bb270abe

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: qual=85, origFmt=jpeg, origSize=110779
content-disposition: inline; filename="ltomczak2020.webp"
content-length: 47926
cf-bgj: imgq:85,h2pri
last-modified: Thu, 21 May 2020 22:44:54 GMT
server: cloudflare
etag: "5ec70466-1b0bb"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MX1wuh13hq4B4Mh%2BZ9jeUmEsJR%2FclzOwn1D5CngmsQxu1qlocqTQ87f0edCtHYWCfVCsp5gYHKUqBBkdCRPW4Vikk6V82f%2FnUK0C6%2Bsh2c2i5ozvbHpBPgpj7WW4ipguo6sbOjXYFDP77UhY"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 835489775d534bc7-BUF

GET
H2 200 remote_url.png
www.wnd.com/wp-content/themes/firefly/assets/images/ 192 B
555 B 67ms
65ms Image
image/webp 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.wnd.com/wp-content/themes/firefly/assets/images/remote_url.png
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a8bb31dc99f8669e02408de1803dd837389000b0a562fa30a77ee46447860259

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origFmt=png, origSize=423
content-disposition: inline; filename="remote_url.webp"
content-length: 192
cf-bgj: imgq:85,h2pri
last-modified: Tue, 31 Jan 2023 20:26:33 GMT
server: cloudflare
etag: "63d97979-1a7"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kxNcWFHT78jRwtffMisrySR0cEaosypqFL9dBjpMh76JT0oK7NuuukSfkOhiw7LmZQJROqXEEmCFCmTIRWOQT%2Fif1sAId2SBk0umrOXiy1YY2QGfqIEyVsGeI1dCKzwbf31tBjybtA%2Bx"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 835489773d474bc7-BUF

GET
H2 200 creditcard.jpg
49.13.84.163.sslip.io/wp-content/plugins/wnd-functionality/assets/images/ 5 KB
6 KB 569ms
566ms Image
image/webp 49.13.84.163
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://49.13.84.163.sslip.io/wp-content/plugins/wnd-functionality/assets/images/creditcard.jpg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 49.13.84.163 Frankfurt am Main, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.163.84.13.49.clients.your-server.de
Software: nginx/1.24.0 /
Resource Hash: 03e649671ec1d60c0f9597f2c132438a5ad99e32a482ff9dce0d58f5a8208da7

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: qual=85, origFmt=jpeg, origSize=9831
content-disposition: inline; filename="creditcard.webp"
content-length: 5240
cf-bgj: imgq:85,h2pri
server: nginx/1.24.0
last-modified: Tue, 21 Mar 2023 17:41:23 GMT
etag: "6419ec43-2667"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ByEK%2Blhg6GOyBL14FiZHySWoIfoyMrt7but%2BMjdsKINUNFlr07UFzGb2o3fb47syKnA9Kwm%2BeF9lBh4AdI%2BNOw16FXZgjwS2%2BTEeEucwAV4NhTvPo8w%2BghpiHAUq"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 83548977b91d361e-FRA

GET
H2 200 paypal.jpg
49.13.84.163.sslip.io/wp-content/plugins/wnd-functionality/assets/images/ 4 KB
4 KB 281ms
279ms Image
image/webp 49.13.84.163
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://49.13.84.163.sslip.io/wp-content/plugins/wnd-functionality/assets/images/paypal.jpg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 49.13.84.163 Frankfurt am Main, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.163.84.13.49.clients.your-server.de
Software: nginx/1.24.0 /
Resource Hash: 3ee7ff32e740f86e2c1501485e9deb560b6d6b9e71a79c75bbeddb1e34fb0848

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: qual=85, origFmt=jpeg, origSize=7180
content-disposition: inline; filename="paypal.webp"
content-length: 3686
cf-bgj: imgq:85,h2pri
server: nginx/1.24.0
last-modified: Tue, 21 Mar 2023 17:41:24 GMT
etag: "6419ec44-1c0c"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6bbd53%2FFJh5IhhnWlC%2F3GKxUnVL4%2FWHxo%2BnRk%2FD1GVCw%2BXxq3%2BVQggALtu05kqxYLAQiUve5M0YxHh3vf9%2B9EGs4xzvv%2BApwl8hrKuZdc3ZWJ3MphDC7Bw0vrOdoryun1iXBUkpPsgRA"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 83548977cc1b30e2-FRA

GET
H2 200 set.aspx
bh.contextweb.com/bh/ 49 B
846 B 112ms
30ms Image
image/gif 198.148.27.131
PULSEPOINT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bh.contextweb.com/bh/set.aspx?action=add&pid=1&advid=5248&token=LCMHRD&do=add

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

198.148.27.131 New York, United States, ASN19189 (PULSEPOINT, US),

Reverse DNS

Software

Jetty(10.0.14) /

Resource Hash

d0409a1b73dab4e29dc40f92fb431fa9133baa23b4a1ffae4897f39068110e32

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server: Jetty(10.0.14)
content-language: en-US
content-type: image/gif;charset=iso-8859-1
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-5c6449b65-ftd9k
expires: -1

GET
H2 200 global-min.js Show response
www.wnd.com/wp-content/themes/firefly/assets/js/ 125 KB
47 KB 74ms
72ms Script
application/javascript 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.wnd.com/wp-content/themes/firefly/assets/js/global-min.js?ver=1.1-1675710437
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d4056fa59577da316cba04321fa30473aaff6f8712d25640a8004a51b2455dc8

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Mon, 06 Feb 2023 19:07:17 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
etag: W/"63e14fe5-1f26f"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kFarZnPUh8UL6uLwkR2ks6sR162CcwuJF%2B6wAd5xmfM1mzHHkM95XEzjNSHP1zVvJ%2B%2BzQkvvNkLi2yN0DYCXJjNNMmD1WETUsHzaOWsUme1jlVAyDEKWY8%2Be7SaZJ1YD3t5iB0jxXEXr"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1200
cf-ray: 835489773d484bc7-BUF

GET
H2 200 1bd0a899fef4e32eebc730c2e0310c28e7c1aad4.js Show response
cdn.izooto.com/scripts/ 1 KB
1 KB 131ms
37ms Script
application/javascript 2606:4700::6812:d941
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.izooto.com/scripts/1bd0a899fef4e32eebc730c2e0310c28e7c1aad4.js?ver=3.7.14

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d941 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a72ee30d0cde04b9bce7cb4743718b5c0bec4b1ade6809d08690de84b9fcc28e

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Mon, 10 Oct 2022 15:49:04 GMT
server: cloudflare
age: 585289
etag: W/"63443ef0-5e8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1382400
cf-ray: 83548977ba016aee-BUF
x-xss-protection: 1; mode=block
expires: Sat, 30 Dec 2023 06:54:41 GMT

POST
H2 200 1a Show response
i.clean.gg/ 0
104 B 34ms
33ms XHR
application/octet-stream 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
via: 1.1 google
server: nginx/1.21.6
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Range
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

OPTIONS
H2 204 1a
i.clean.gg/ Frame 0
0 99ms
33ms Preflight
text/plain 34.95.69.49
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.clean.gg/1a
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.95.69.49 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 49.69.95.34.bc.googleusercontent.com
Software: nginx/1.21.6 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://49.13.84.163.sslip.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Origin,Accept,X-API-Key
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
access-control-max-age: 1728000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/plain; charset=utf-8
date: Thu, 14 Dec 2023 06:54:41 GMT
server: nginx/1.21.6
via: 1.1 google

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 85ms
24ms Script
text/javascript 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 14 Dec 2023 05:48:59 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 3942
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 14 Dec 2023 07:48:59 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 214 KB
70 KB 103ms
42ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-K3K9VP

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

919c33423d8d2cc4de417dbe7f38dbfc1b46c91cb41e091f225310ba2fbc1687

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71690
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 14 Dec 2023 06:54:41 GMT

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/158410/3599/ 214 KB
65 KB 124ms
27ms Script
application/javascript 23.51.57.13
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/158410/3599/pwt.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.51.57.13 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-51-57-13.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 04c1a11d9b4ece6e445cee0175ebd2832fb3bbf2d368d75d947b6e378c130695

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
content-encoding: gzip
last-modified: Sat, 29 Apr 2023 00:35:28 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=108984
accept-ranges: bytes
content-length: 66062
expires: Fri, 15 Dec 2023 13:11:05 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 203 KB
68 KB 61ms
55ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WKP2LC4

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

f93988b2676ee4867c0f96e2ff06b1d8724cec07ead97fb7cd9ad8e4c6bb8bbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69399
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 14 Dec 2023 06:54:41 GMT

GET
H2 200 v2pkvIUEutMGs37ENHMH-Qwq5D16ww01TlyaR4lTqGEi-BIaA_nS_9-M Show response
measlymiddle.com/ 203 KB
49 KB 146ms
52ms Script
text/javascript 2600:1901:0:328a::1
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://measlymiddle.com/v2pkvIUEutMGs37ENHMH-Qwq5D16ww01TlyaR4lTqGEi-BIaA_nS_9-M

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:328a::1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Resource Hash

3c67ce8f4396ae032e81e20bba520918cdcdb57cb75cf15fa5e26af15d41ea7f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: br
via: 1.1 google
date: Thu, 14 Dec 2023 06:54:42 GMT
x-datacenter: gce-us-east1
etag: "53d6899f00218d75d2d7a1f1e10bd975ddf47bda00653d427b869d68a1c9713d"
x-buildname: hoothoot
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-us-east1-830n
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
x-buildnumber: 1072352451
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 v2jqt94e3G17aBQhA-Nt9df7H5ZzcEG6Ad-Yk98BBJkEDGjuoGDn2gaUpBF8DFvY45hDiHaHE Show response
measlymiddle.com/ 9 KB
4 KB 141ms
47ms Script
text/javascript 2600:1901:0:328a::1
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://measlymiddle.com/v2jqt94e3G17aBQhA-Nt9df7H5ZzcEG6Ad-Yk98BBJkEDGjuoGDn2gaUpBF8DFvY45hDiHaHE

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:328a::1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Resource Hash

d38caf8859be90199d95486370d89f335321a46b804e4e016913836d082b0380

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; preload
content-encoding: gzip
via: 1.1 google
date: Thu, 14 Dec 2023 06:54:42 GMT
x-datacenter: gce-us-east1
etag: "598915378bc29c4eef8e804acb55fb33810a95bee2bd9a7a887d60060430e790"
x-buildname: hoothoot
vary: Accept-Encoding, Accept-Language
x-hostname: fen-hoothoot-us-east1-830n
content-type: text/javascript; charset=utf-8
cache-control: private, must-revalidate, max-age=21600
x-buildnumber: 1072352451
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 89 KB
29 KB 114ms
54ms Script
text/javascript 2607:f8b0:4006:822::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5b0f7626eaae1405b5967549e84bc241769f920db2876cd8895a31e336617544

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29082
x-xss-protection: 0
server: cafe
etag: 386 / 19705 / m202312060101 / config-hash: 17400476758908410755
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Thu, 14 Dec 2023 06:54:41 GMT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 282 KB
70 KB 110ms
29ms Script
application/javascript 108.138.107.138
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.107.138 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-107-138.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 99c6eb6c3f17d69837d604201ac0453a5677eef91484aee37e72dff818ddadbc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:26:56 GMT
content-encoding: gzip
via: 1.1 a1157b69a14bebe8162237750a074fae.cloudfront.net (CloudFront), 1.1 f07e3fd03d3423bceb1c6083ab62cf8a.cloudfront.net (CloudFront)
last-modified: Tue, 12 Dec 2023 22:20:18 GMT
server: AmazonS3
x-amz-cf-pop: IAD89-C3, JFK50-P3
age: 1666
x-amz-server-side-encryption: AES256
etag: W/"bab82e5d8801f394c1ef53a45dc29542"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: z2LdDEQrEBJtVNE_WpG9kMUeSVbg7hJQkIK6QBziL417oveM4q6Hjw==

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 4 KB
2 KB 106ms
25ms Script
application/javascript 18.164.96.83
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.164.96.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-96-83.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1aee66e2e24e851039801c0dace90f3efb7a1a17b033f7d5bbc12ca7c1d19432

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 04:29:14 GMT
content-encoding: gzip
via: 1.1 bf8d7cb6fca5d51158e1109ca40fe242.cloudfront.net (CloudFront)
last-modified: Thu, 07 Dec 2023 12:13:41 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P5
age: 8735
x-amz-server-side-encryption: AES256
etag: W/"a06e7a176f40dc26aa5e9567ac9d2d5e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: jf0X7SIwUJ_bjnQt6SZkV6z5QXSP2ZoFIA0szTUE5rAs9BVhq2eTQw==

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
3 KB 123ms
28ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

171f2de89caae705eb66ead299199c667cf42b721e934830688cb30661f7b23e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 14 Dec 2023 06:54:42 GMT
content-md5: PcE8qSQi6inzEfvvyU7T5w==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1688
reporting-endpoints
x-fb-debug: aGBzmFR2bhb2EzFp3UAC+MjNwXIUqq9pMRsxddgffRR0BEWGy4Z3FHswzsncoUHYhk5bbZmvQ5P4L8/aBlE5uQ==
x-fb-content-md5: da2e254ee85124be7bfc4b4af0fae35a
cross-origin-opener-policy: same-origin-allow-popups
etag: "438d9a620994c13e35e4555ec34b3fb5"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Thu, 14 Dec 2023 07:12:14 GMT

GET
H2 200 a541f5ad-f227-4943-bdb4-6afd1dd7d75a.js Show response
d3lcz8vpax4lo2.cloudfront.net/files/instibid/888d9f08-6811-40ec-95fc-ac103c950648/ 286 KB
91 KB 24ms
24ms Script
application/javascript 2600:9000:21ea:8000:1c:386f:ec80:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3lcz8vpax4lo2.cloudfront.net/files/instibid/888d9f08-6811-40ec-95fc-ac103c950648/a541f5ad-f227-4943-bdb4-6afd1dd7d75a.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ea:8000:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4793a495674e5033629213c5af8187137d0b7d81c2ca13553abf64270532e8ea

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: ZaOw5NdMi6.U7oWB23zWiK_pAKqrQG18
content-encoding: gzip
via: 1.1 a7c7e4aa6d7cf400aa51dc847716996e.cloudfront.net (CloudFront)
date: Thu, 14 Dec 2023 03:17:58 GMT
x-amz-cf-pop: EWR50-C1
age: 13004
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 08 Dec 2023 19:40:39 GMT
server: AmazonS3
etag: W/"1c7bdbb0bbe2a53ee46c2341553a36ed"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=86400
x-amz-cf-id: 6cwOfU9GA0lu0Lr8KEP9WGgw9kB-uov1D9NHFGUj9AcKrs5BqytFVw==

GET
H2 200 a541f5ad-f227-4943-bdb4-6afd1dd7d75a-hb.js Show response
d3lcz8vpax4lo2.cloudfront.net/header-tags/888d9f08-6811-40ec-95fc-ac103c950648/ 103 KB
25 KB 66ms
66ms Script
application/javascript 2600:9000:21ea:8000:1c:386f:ec80:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/888d9f08-6811-40ec-95fc-ac103c950648/a541f5ad-f227-4943-bdb4-6afd1dd7d75a-hb.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ea:8000:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f6cadd41b4c579e6c8d293d01e47ba0a25a465af0b54d60224e0f404686a2997

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: DF8hbsbyDH12ybSoPbtxP6_PWmXp_of6
content-encoding: br
via: 1.1 a7c7e4aa6d7cf400aa51dc847716996e.cloudfront.net (CloudFront)
date: Thu, 14 Dec 2023 06:53:50 GMT
x-amz-cf-pop: EWR50-C1
age: 52
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 08 Dec 2023 19:40:40 GMT
server: AmazonS3
etag: W/"c2d35acee0d03d3c8064d98d549e3db9"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-id: tCMfSBVoRTQyKsDiz-vAvDLgww4O31Vj8Pf5F8D66ggkS7iLoyh5xA==

GET
H2 200 a541f5ad-f227-4943-bdb4-6afd1dd7d75a-dmp.js Show response
d3lcz8vpax4lo2.cloudfront.net/header-tags/888d9f08-6811-40ec-95fc-ac103c950648/ 15 KB
5 KB 65ms
65ms Script
application/javascript 2600:9000:21ea:8000:1c:386f:ec80:21
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d3lcz8vpax4lo2.cloudfront.net/header-tags/888d9f08-6811-40ec-95fc-ac103c950648/a541f5ad-f227-4943-bdb4-6afd1dd7d75a-dmp.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21ea:8000:1c:386f:ec80:21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: dc0cfc4c14785f6ba3f537605a0c0ad933889a2e9dc318adee0aabe7aadad104

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: qfnIy3rdpIbs9goeeILtXe08rGVH6XXk
content-encoding: br
via: 1.1 a7c7e4aa6d7cf400aa51dc847716996e.cloudfront.net (CloudFront)
date: Thu, 14 Dec 2023 06:53:50 GMT
x-amz-cf-pop: EWR50-C1
age: 52
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Fri, 08 Dec 2023 19:40:40 GMT
server: AmazonS3
etag: W/"04b17a06ca7b1b3f803b519045cb7624"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=60
x-amz-cf-id: 81qf_MVXmiqRTVl0Y3_W45krq78EBNfulHYRwTTMBuOaRMZBH56Jdg==

GET
H2 200 / Show response
geoip.instiengage.com/json/ 241 B
431 B 157ms
38ms XHR
application/json 54.86.86.168
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://geoip.instiengage.com/json/
Requested by: Host: d3lcz8vpax4lo2.cloudfront.net
URL: https://d3lcz8vpax4lo2.cloudfront.net/ads-code/888d9f08-6811-40ec-95fc-ac103c950648.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.86.86.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-86-86-168.compute-1.amazonaws.com
Software: /
Resource Hash: 87e2815ffdcf2243c787977a29f1cce62aba5c3bd42b73fafc7745f1f4db0bfd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-origin: https://49.13.84.163.sslip.io
date: Thu, 14 Dec 2023 06:54:41 GMT
access-control-allow-credentials: true
x-database-date: Wed, 13 Dec 2023 18:36:16 GMT
content-length: 241
vary: Origin
content-type: application/json

GET
H2 200 index.html Show response
auth.instiengage.com/auth/ Frame 389D 75 B
498 B 145ms
24ms Document
text/html 2600:9000:2512:c00:9:78a:e540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://auth.instiengage.com/auth/index.html
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2512:c00:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 32dcb7b5d0e79583353a56225e4d8097e004103102d584e245d1b96547f9948d

Request headers

Referer: https://49.13.84.163.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
age: 167
cache-control: max-age=300
content-length: 75
content-type: text/html
date: Thu, 14 Dec 2023 06:52:26 GMT
etag: "2e3d17ce9023be2c1313c02113f5c568"
last-modified: Thu, 11 May 2023 11:38:04 GMT
server: AmazonS3
vary: Accept-Encoding
via: 1.1 75b993b111cd9fbf19d5284ea3de78ec.cloudfront.net (CloudFront)
x-amz-cf-id: C1Nvz7Ypf9HakvR7WKxukuL0A8zOlzWKwP-bmcX3svVlIPE4SKP8sA==
x-amz-cf-pop: JFK50-P7
x-amz-server-side-encryption: AES256
x-amz-version-id: sdvig1qk6AHuXLU2Lr6rxmxwpeBBF1C.
x-cache: Hit from cloudfront

GET
H2 200 wnd.com.1177535.js Show response
jsc.mgid.com/w/n/ 4 KB
2 KB 297ms
213ms Script
text/javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jsc.mgid.com/w/n/wnd.com.1177535.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

30cce66c503c431724f408515e4b8f00b200eea6b551b2c73fae56684c002bf8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
x-amz-version-id: zoLnWCYSEaxYk40a4dhX3hJtHonRKjKZ
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 3QXRVX4H0KDXQZTV
cf-polished: origSize=3751
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: G7qWCxwA8FqOLTAaSLyRK1CNl6+RaQg+TT+XQ66WszLdpbPMehNC0xxrJvcLYpkGNp024lS7jzo=
cf-bgj: minify
last-modified: Mon, 27 Nov 2023 10:48:48 GMT
server: cloudflare
etag: W/"577fedd1c94b669615b4b08c6133eee2"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=10800
cf-ray: 83548978cda84bc7-BUF
expires: Thu, 14 Dec 2023 09:54:42 GMT

GET
H2 200 ajs.js Show response
cdn2.lockerdomecdn.com/_js/ 6 KB
3 KB 149ms
25ms Script
application/javascript 2600:9000:2512:7c00:a:cbb7:a940:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.lockerdomecdn.com/_js/ajs.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2512:7c00:a:cbb7:a940:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 03be34898918f1cae58897cbb8a9fb85cb74827adbb80130f73954e169fabfa5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 02:02:06 GMT
content-encoding: gzip
via: 1.1 909ec3586e2eba60d35c2f3468905558.cloudfront.net (CloudFront)
last-modified: Wed, 06 Dec 2023 17:25:22 GMT
x-amz-cf-pop: JFK50-P7
age: 17556
etag: W/"1603-18c4029afb0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=86400
accept-ranges: bytes
x-amz-cf-id: ZzffsnBBVj3qEZxM57wrQEv2WvMWXlCHFK3EVssAygfIDPwVwIjpDA==

GET icomoon.woff
www.wnd.com/wp-content/themes/firefly/assets/fonts/ 0
0

GET
H2 200 signs-ultra-maga-girl-flag-patriotic-shades-donald-trump-conservatives-republicans-jk.jpeg
www.wnd.com/wp-content/uploads/2023/12/ 40 KB
40 KB 70ms
57ms Image
image/jpeg 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.wnd.com/wp-content/uploads/2023/12/signs-ultra-maga-girl-flag-patriotic-shades-donald-trump-conservatives-republicans-jk.jpeg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2fbeae77fe650e45fb1823c24bb38826424e9bd642d2c5b3c24741804ffb4c74

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
cf-cache-status: HIT
cf-bgj: imgq:85,h2pri
last-modified: Mon, 04 Dec 2023 17:46:50 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: degrade=85, origSize=100925, status=webp_bigger
etag: "656e108a-18a3d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ziGqCwVjyrhV5DpkuQRtyIBzeDQNgnnrnTAes%2FvU76snauC%2FEYe3VgoixgFoyFhsyGzt7mbdJZDyIch8ZO746Lu87%2BNzVkKyVGs4fXUwUwJurJDE6Rwk%2BgG%2F4ae6HERJfat%2Fc4bzSJiy"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 83548977ad634bc7-BUF
content-length: 40492

GET
H2 200 tafari-campbell-barack-michelle-obama-jpg.jpg
www.wnd.com/wp-content/uploads/2023/08/ 38 KB
38 KB 67ms
54ms Image
image/webp 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.wnd.com/wp-content/uploads/2023/08/tafari-campbell-barack-michelle-obama-jpg.jpg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfa9be8820e1e9bc963020756868db9c6b6e642c80a95a3f770509002cfbe7ce

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: qual=85, origFmt=jpeg, origSize=76106
content-disposition: inline; filename="tafari-campbell-barack-michelle-obama-jpg.webp"
content-length: 38716
cf-bgj: imgq:85,h2pri
last-modified: Wed, 23 Aug 2023 15:47:33 GMT
server: cloudflare
etag: "64e62a15-1294a"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C22E2j6F8jCfNqdPJ2znXby47JNF%2FIGMO%2FqQXNVwDtYt%2BAvuBi8JWYfX8JTIo1kMHOx%2FpDNsUWoB8eSFiXc216ffwZf%2FGirHzJ91h1Mr%2B887znplgaeW20w6EubpkxjOHM6aP13RKASM"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 83548977ad644bc7-BUF

GET
H2 200 tucker-carlson-why-jpg.jpg
www.wnd.com/wp-content/uploads/2023/12/ 21 KB
21 KB 68ms
56ms Image
image/webp 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.wnd.com/wp-content/uploads/2023/12/tucker-carlson-why-jpg.jpg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: bebb589c2fa8ce8e2c19a84fae2615cb2af29de730ac8cee753d0b97c0fcba09

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: qual=85, origFmt=jpeg, origSize=52744
content-disposition: inline; filename="tucker-carlson-why-jpg.webp"
content-length: 21092
cf-bgj: imgq:85,h2pri
last-modified: Thu, 14 Dec 2023 00:11:00 GMT
server: cloudflare
etag: "657a4814-ce08"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w6RLqYT0uCJLMiWL1ND4s4MaWtyU7zb7TIn2ywfSV8u5Yh2GEB7vP%2F10KLKvBf%2F8cz8HOz3ZMUZ2YOzhGwmBKUU%2Fi81DByOk8FycOE2b2vPDGknrLD2fYHP2motI3Arg1nNXkHDLmsSL"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 83548977ad654bc7-BUF

GET
H2 200 wnd.com.1443193.js Show response
jsc.mgid.com/w/n/ 4 KB
2 KB 275ms
212ms Script
text/javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jsc.mgid.com/w/n/wnd.com.1443193.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b17a45cfe26a4143a2d36de4f9ee13473b5eb72e448f21a98bedabf39120417

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
x-amz-version-id: TuQmaMhzNoZfdxSaQ8LD74tIYmA7gw_L
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QBAAK4VNMB7NGKYZ
cf-polished: origSize=3751
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: M77lz8Wi99k4PlewCEs0fTM2N0s26q929sli7BxWG42KsjQc4BkBKwdj92JVgkRhxO+OimD2LpeklqcXjZD+2Q==
cf-bgj: minify
last-modified: Mon, 27 Nov 2023 14:09:05 GMT
server: cloudflare
etag: W/"6737e0d6fded11404a69aaaad962d4f9"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=10800
cf-ray: 83548978cda64bc7-BUF
expires: Thu, 14 Dec 2023 09:54:42 GMT

GET
H2 200 wnd.com.1177536.js Show response
jsc.mgid.com/w/n/ 4 KB
2 KB 271ms
214ms Script
text/javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jsc.mgid.com/w/n/wnd.com.1177536.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ecbd04e54f4ba28c36ea792daa036c6ce57d835790145486da919289c8b77c66

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
x-amz-version-id: 20GkhfjMfVFRfKENPgAOvPzhDwpYxASI
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 3QXX9S7ESTW5SXAZ
cf-polished: origSize=3751
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 7AiNzAjk4LZJSXxW/31jUlrAFI6yHAktGrnkZ+69PWd2ZLTT+UDXY9HNOQG5Iku+WhNkhfoBrck=
cf-bgj: minify
last-modified: Mon, 27 Nov 2023 10:48:49 GMT
server: cloudflare
etag: W/"6812a5ec6ea01c8665b966c676cfc74a"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=10800
cf-ray: 83548978cdaa4bc7-BUF
expires: Thu, 14 Dec 2023 09:54:42 GMT

GET
H2 200 delivery.js Show response
assets.revcontent.com/master/ 161 KB
48 KB 122ms
30ms Script
text/javascript 13.35.93.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/delivery.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.93.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-93-31.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 28a6827168832144d10572c3da10d3ce930b08edc1f9bba1e9331ca912a7d577

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 12:34:31 GMT
content-encoding: br
via: 1.1 7082f41e4415fb7199f3ca9b16b5849a.cloudfront.net (CloudFront)
last-modified: Mon, 11 Dec 2023 21:29:24 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P8
age: 66012
etag: W/"85af42917add33bc55f09ac26a8afdb4"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public,max-age=60
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: mAp49-iCnUJaAegPONIqjN1GSTkGc8VJNpBNvoMw2Qs9dHZe4QckWw==

GET
H2 200 widget.js Show response
cdn.userway.org/ 2 KB
2 KB 121ms
27ms Script
application/javascript 2a02:6ea0:c400::12
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widget.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c400::12 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 7818bb2a7d8b98cb2f373bbd966f011d37ea34f345756b617296d7eddda2fd7d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-77-pop: newyorkUSNY
date: Thu, 14 Dec 2023 06:54:42 GMT
via: 1.1 0dbb84b34f6ac39ad26a6446ff2b18ec.cloudfront.net (CloudFront)
content-encoding: gzip
x-age-lb: 869
x-amz-cf-pop: YUL62-C1
age: 7
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-accel-date: 1702536013
x-77-nzt: EgwBWbuxDwH3ZQMAAAwBnJI74gH3DwEAAA
x-accel-expires: @1702539613
x-77-age: 1140
x-cache-lb: HIT
last-modified: Wed, 13 Dec 2023 13:30:37 GMT
server: CDN77-Turbo
etag: W/"84e100d4cc93f5a3e261ea6bfaf707f7"
x-77-nzt-ray: 49be140864032403b2a67a652b158f07
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=3600, public
content-type: application/javascript
x-amz-cf-id: odpavcNWbdtyHrPareqPdwgeO2bTh7yDZyiroHew_EQauIMUvLHzwg==

GET
H2 200 ats.js Show response
ats.rlcdn.com/ 110 KB
35 KB 101ms
28ms Script
text/javascript 13.35.93.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ats.rlcdn.com/ats.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.93.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-93-28.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a2aa2577c105dab138246b4e0a1f575b3c92c30d5aced108d3f73897bd46823f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: x5VtTe.o38AhKNl9GXJ.IeIaII4uy0GZ
content-encoding: br
via: 1.1 dee3e3075e44bf98642bfe89cb38088a.cloudfront.net (CloudFront)
date: Wed, 13 Dec 2023 22:38:41 GMT
last-modified: Thu, 19 Oct 2023 08:25:12 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P8
age: 29762
x-amz-server-side-encryption: AES256
etag: W/"b248cc9d0fdeb36bdeb7efabad1132ee"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: P-zn855H3oRb2cxTs5AzyAh1xMJx1LfZMQ5yO29APNWBoOaWRSTLBQ==

GET
H2 200 wnd.com.1223682.js Show response
jsc.mgid.com/w/n/ 4 KB
2 KB 87ms
82ms Script
text/javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jsc.mgid.com/w/n/wnd.com.1223682.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d1d016976b92be48231a9cd63dca0767d83b5a673eeee91d80fad8c691b21c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
x-amz-version-id: cyQOPclrHACdPAzP7a51V3AGsaT6TOKB
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QJP09TPPZ90GXFTW
cf-polished: origSize=3751
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: aQAiznNUMkdyWr19L/Cu5OVN0kHPpaExRH8vkxtpS9u8mg+5i6REGvPpL1fjSxlGl+FLVtqZ0PI=
cf-bgj: minify
last-modified: Mon, 27 Nov 2023 10:51:42 GMT
server: cloudflare
etag: W/"c0248caf34a50e78a0ec4722f050cece"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=10800
cf-ray: 83548978cda94bc7-BUF
expires: Thu, 14 Dec 2023 09:54:42 GMT

GET
H2 200 client-v2.js Show response
jxgdqbxdiycfimegq.ay.delivery/ 92 KB
28 KB 184ms
37ms Script
application/javascript 2606:4700:e2::ac40:8a0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://jxgdqbxdiycfimegq.ay.delivery/client-v2.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6c93ac1f2fb1187619a52733c40e042c51e5ae8e45f78534f09ce8251ab4c31d

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Thu, 14 Dec 2023 06:46:54 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 468
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RuvRoWocV1S5mezidMgaGnHW2ZE%2FTzV0kwiZzKn1OQovQ9ED%2BAyuLI63%2BDQ3Cr6xGW%2B5Yjx7vc%2FYoiONSEswl2TTyBiAfzpOteB5kw0xc0tXunszoIIitVeoAvZ2xLGPM%2FDHE7z0yOE%2B%2BpK2zaOMNBPxpgINYOeIsaHYdg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cf-ray: 83548979b86b5589-EWR
alt-svc: h3=":443"; ma=86400

GET
H2 200 izooto.js Show response
cdn.izooto.com/scripts/sdk/ 318 KB
74 KB 45ms
45ms Script
application/javascript 2606:4700::6812:d941
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.izooto.com/scripts/sdk/izooto.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d941 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

259076184aac5805ce3fe09914e62d8a1368a7d23c289af5c17a11cc1e7a2cc3

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 13 Dec 2023 14:36:37 GMT
server: cloudflare
age: 58613
etag: W/"6579c175-4f619"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1382400
cf-ray: 83548978ba3c6aee-BUF
x-xss-protection: 1; mode=block
expires: Sat, 30 Dec 2023 06:54:42 GMT

GET
H2 200 authIframe.js Show response
auth.instiengage.com/auth/ Frame 389D 65 KB
22 KB 31ms
28ms Script
application/javascript 2600:9000:2512:c00:9:78a:e540:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://auth.instiengage.com/auth/authIframe.js?v=1
Requested by: Host: auth.instiengage.com
URL: https://auth.instiengage.com/auth/index.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2512:c00:9:78a:e540:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d1d05642e23866a6d7fb1b165615355e7c01fffaf89c61e9c14c0beecb96ae23

Request headers

accept-language: en-US,en;q=0.9
Referer: https://auth.instiengage.com/auth/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: .lK6ICx53soEeOpFisF5xs3WBNt5Sw79
content-encoding: br
via: 1.1 75b993b111cd9fbf19d5284ea3de78ec.cloudfront.net (CloudFront)
date: Thu, 14 Dec 2023 06:54:20 GMT
last-modified: Thu, 11 May 2023 11:38:01 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P7
age: 23
x-amz-server-side-encryption: AES256
etag: W/"e0bffec4a3929b23d4347f914449f5cb"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
cache-control: max-age=300
x-amz-cf-id: 3n7yMuQ7RAWfXAtQebLUqQBR0aaDF6KxaIgWGhCBqqTUSR7hZrnA6Q==

OPTIONS
H2 200 event
event.insticator.com/v1/ Frame 0
0 142ms
40ms Preflight 52.202.114.42
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://event.insticator.com/v1/event?event_name=event_pageview
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.114.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-202-114-42.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://49.13.84.163.sslip.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://49.13.84.163.sslip.io
access-control-max-age: 3600
content-length: 0
date: Thu, 14 Dec 2023 06:54:42 GMT
vary: Origin

POST
H2 201 event
event.insticator.com/v1/ 0
0 39ms
38ms Fetch 52.202.114.42
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://event.insticator.com/v1/event?event_name=event_pageview
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.202.114.42 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-202-114-42.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-type: application/json; charset=UTF-8

Response headers

access-control-allow-origin: https://49.13.84.163.sslip.io
date: Thu, 14 Dec 2023 06:54:42 GMT
access-control-allow-credentials: true
content-length: 0
vary: Origin

GET
H2 200 quant.js Show response
secure.quantserve.com/ 21 KB
9 KB 152ms
33ms Script
application/javascript 2620:116:800b:21:1456:d0e1:7db4:a56b
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.quantserve.com/quant.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:116:800b:21:1456:d0e1:7db4:a56b , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 77daa4388c965a3e23b5a6c800727d8025ab108f89cf5679e79136986d5b4561

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
content-encoding: gzip
etag: "e23JaXq4HVtlOmThpFhluQ=="
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=604800
accept-ranges: bytes
expires: Thu, 21 Dec 2023 06:54:42 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 274 KB
91 KB 46ms
45ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-SKMDTLGL59&l=dataLayer&cx=c

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

83ec08e92558cbfcb9fc0a23d4871ede54993d35cb1055713d0a45d3d46dedf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 92859
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 14 Dec 2023 06:54:42 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 275 KB
91 KB 49ms
48ms Script
application/javascript 2607:f8b0:4006:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-K8Y2VRPKK2&l=dataLayer&cx=c

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

12e6fdbf32b0e4caf63650f9a804d94269725c713c4105d3e670f13b22a36c89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93153
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 14 Dec 2023 06:54:42 GMT

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 911ddf821ac39f09e17d63faa249e5cd58c6a8dd3ec0340326ee31841c6154b8

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 297 KB
85 KB 64ms
34ms Script
application/x-javascript 2a03:2880:f012:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=84671739a1127fcd30a3e040df2edb79

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6ca858ddad0a2318670ee7c5edb495a2aa6b810c26e8f97f297b0180c27165be

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://49.13.84.163.sslip.io/
Origin: https://49.13.84.163.sslip.io
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 14 Dec 2023 06:54:42 GMT
content-md5: RuwQlx34dMpUbBmL5CLcQQ==
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 86870
reporting-endpoints
x-fb-debug: 1kVKpG3FEIvyN7NxgPOrWHnMJ7EfAcyppXFBzCjkbuGE6d/0jFAosE59ey7opmUL9i/0Dlj+dRd0Z/L9Su7dKw==
x-fb-content-md5: 03b2c0c83777f2791c63f2c5ea9fcd9e
cross-origin-opener-policy: same-origin-allow-popups
etag: "7b67404b59f660f3ca371fed08c77f44"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
priority: u=3,i
expires: Fri, 13 Dec 2024 05:57:52 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/ 431 KB
135 KB 29ms
23ms Script
text/javascript 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202312060101/pubads_impl.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

108cdb682e1d256ba58174d96775ec12fe2e9515ffa2ca7edfff49343a4d97ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:26:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1677
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 138180
x-xss-protection: 0
server: cafe
etag: 6854214708762155125
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Fri, 13 Dec 2024 06:26:45 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 66 B
78 B 95ms
46ms XHR
application/json 2607:f8b0:4006:81f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=49.13.84.163.sslip.io

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:81f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

86e9f4b08e468ab055f2533230c0271bdce9b1665cbee24e030692420888abd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 54
x-xss-protection: 0
expires: Thu, 14 Dec 2023 06:54:42 GMT

GET
H2 200 joe-biden-telephone-serious-sleeping-tired-reading-bw.jpg
www.wnd.com/wp-content/uploads/2023/06/ 31 KB
32 KB 68ms
65ms Image
image/webp 2606:4700:20::681a:b7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.wnd.com/wp-content/uploads/2023/06/joe-biden-telephone-serious-sleeping-tired-reading-bw.jpg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:b7f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 908d1846d980cd57bb63fd1c9994c3d6bbff4b3d63f039fc3d10ab9802a8fe23

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: qual=85, origFmt=jpeg, origSize=59697
content-disposition: inline; filename="joe-biden-telephone-serious-sleeping-tired-reading-bw.webp"
content-length: 32224
cf-bgj: imgq:85,h2pri
last-modified: Tue, 27 Jun 2023 15:12:53 GMT
server: cloudflare
etag: "649afc75-e931"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6cWDNPbMxFecLMd3b2%2BAFY0ELKHM%2F9uHi9rU0dZ7Ney86iKRM305%2BMH81qNjIq4oP%2Bfo5%2FJqPYKGRLFzk0Y3VNxF%2B%2BOI2Ya31OjcKVO3QhnFCByT6F2DVMpIdZf%2BqD3fRPDw2GB7aBzd"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: max-age=1200
accept-ranges: bytes
cf-ray: 83548979edf04bc7-BUF

GET
H2 200 da224ee9-07c8-4a80-87e4-528df4ac939e Show response
config.aps.amazon-adsystem.com/configs/ 746 B
1013 B 111ms
29ms Script
application/javascript 18.173.132.10
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/da224ee9-07c8-4a80-87e4-528df4ac939e
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.132.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-132-10.jfk52.r.cloudfront.net
Software: CloudFront /
Resource Hash: 644a8f12d87aba05f5d90164f5a2d53356979c2739483c6dbcdce570cb8e69b3

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:17:24 GMT
via: 1.1 4bcc80622a10d0ee4a55e5fd4f387c84.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: JFK52-P2
age: 2238
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
content-length: 746
x-amz-cf-id: grRBRtZPyD2o7egzMkUcG1djcoW937hNDrm5Uh09x7LW7WmFU_hPIQ==

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 2 KB
2 KB 38ms
38ms XHR
application/json 108.138.107.138
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2F49.13.84.163.sslip.io&pubid=da224ee9-07c8-4a80-87e4-528df4ac939e
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.107.138 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-107-138.jfk50.r.cloudfront.net
Software: Server /
Resource Hash: 13c4204448d6d97eaa1f4be76fde03f3184dca9bbd106f11982bbfbb7f54972c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:41 GMT
via: 1.1 f07e3fd03d3423bceb1c6083ab62cf8a.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: JFK50-P3
x-cache: Miss from cloudfront
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://49.13.84.163.sslip.io
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
content-length: 1561
x-amz-cf-id: Bv_KPmMPAlbn_1WiLHCxP13UKD1pRhjgaHHMG5AxzclBuVnTmEjJFg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 129ms
78ms XHR
application/javascript 108.138.107.138
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.107.138 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-107-138.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
x-amz-version-id: 9yABOonr2HqHtwbarUcdbIqN0f4A8Qog
content-encoding: gzip
via: 1.1 749177a97cae42477f22c33c927ca0ce.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
last-modified: Tue, 29 Aug 2023 08:30:37 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: RFOI8TtKuGG_iojANuyDhSbLbMDWblS44b9rjtN6w8-4ZO5UBWUJDw==

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
483 B 124ms
23ms Image
image/gif 2600:9000:247b:ca00:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?adslot=ad_300x250_8092760
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:247b:ca00:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 17:29:43 GMT
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
via: 1.1 38385695b10551583d750b943a475982.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P2
age: 221100
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
content-type: image/gif
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: BCS21a_sDyLd9PKVQHXjz67SnHNxmEMivMQI-cOWgeAmFyh1EJWgUw==

GET
H2 200 iz_setcid.html Show response
cdn.izooto.com/scripts/sak/ Frame 40F5 4 KB
1 KB 37ms
37ms Document
text/html 2606:4700::6812:d941
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.izooto.com/scripts/sak/iz_setcid.html?v=1

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:d941 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1baf1e3c12564049e49e6a2f91ab528957fa12cb80c3dc0b113329a44d4216c

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://49.13.84.163.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
age: 1802122
cache-control: public, max-age=2678400
cf-cache-status: HIT
cf-ray: 8354897a8b236aee-BUF
content-encoding: br
content-type: text/html
date: Thu, 14 Dec 2023 06:54:42 GMT
expires: Sun, 14 Jan 2024 06:54:42 GMT
last-modified: Tue, 07 Feb 2023 10:27:13 GMT
server: cloudflare
vary: Accept-Encoding
x-xss-protection: 1; mode=block

GET
H2 200 ats.js Show response
ats.rlcdn.com/ 110 KB
35 KB 30ms
28ms Script
text/javascript 13.35.93.28
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ats.rlcdn.com/ats.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.93.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-93-28.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a2aa2577c105dab138246b4e0a1f575b3c92c30d5aced108d3f73897bd46823f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id: x5VtTe.o38AhKNl9GXJ.IeIaII4uy0GZ
content-encoding: br
via: 1.1 dee3e3075e44bf98642bfe89cb38088a.cloudfront.net (CloudFront)
date: Wed, 13 Dec 2023 22:38:41 GMT
last-modified: Thu, 19 Oct 2023 08:25:12 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P8
age: 29762
x-amz-server-side-encryption: AES256
etag: W/"b248cc9d0fdeb36bdeb7efabad1132ee"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: fl46b_iD8eip5mfl9HtJ1eorqKeEkzEIDRunlkVi-mlz6jrJPdSIUA==

GET
H2 200 hadron.js Show response
cdn.hadronid.net/ 55 KB
10 KB 124ms
38ms Script
application/javascript 2606:4700:10::6816:34ad
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2F49.13.84.163.sslip.io%2F&ref=&_it=amazon&partner_id=484
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:34ad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2365cc11ef3d43f265b848c7164e5487c7a49d6af06c2938ac9272c8d91fc1a2

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
content-encoding: gzip
cf-cache-status: HIT
cf-bgj: minify
last-modified: Wed, 29 Nov 2023 15:31:45 GMT
server: cloudflare
x-amz-request-id: 01CADRK6PEVBEZB5
age: 4584
etag: W/"13043c1bbaf21ccc6e8ed474a744d3f2"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
cf-ray: 8354897b39c14bd8-BUF
x-amz-id-2: flKA/w3j/xi2gJ65jogAIT1IJi47Xyyg7sUYQQ2R7nOR/7B5jvPTNgJSLJ3NwqiCDc6W3Pg1WdM=

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 23 B
468 B 191ms
76ms XHR
text/javascript 108.138.126.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2F49.13.84.163.sslip.io%2F&pid=I8LBNwMzlCCEb&cb=0&ws=1600x1200&v=23.1211.1645&t=2000&slots=%5B%7B%22sd%22%3A%22HP3%22%2C%22s%22%3A%5B%22970x90%22%2C%22970x250%22%2C%22728x90%22%5D%2C%22sn%22%3A%22%2F101957818%2FHP3_WND%22%7D%5D&pj=%7B%22device%22%3A%7B%22sua%22%3A%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22mobile%22%3A0%2C%22model%22%3A%22%22%2C%22source%22%3A2%2C%22platform%22%3A%7B%22brand%22%3A%22%22%2C%22version%22%3A%5B%22%22%5D%7D%2C%22browsers%22%3A%5B%5D%7D%7D%7D&pubid=da224ee9-07c8-4a80-87e4-528df4ac939e&gdpre=0&gdprl=%7B%22status%22%3A%22tcfv2-success%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.126.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 7f9c24c13cc1a16d2c6ea3097e4958fa.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: JFK50-P4
x-amz-rid: 1RGPBJXEFBPZQNC1FPKT
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://49.13.84.163.sslip.io
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: VdeJOR0j2uzDtuHT3lTVXfBgrDSPc2irCvexFZV1RbZCFUFFKEPPwA==

GET
H2

204

b2
sb.scorecardresearch.com/
Redirect Chain

https://sb.scorecardresearch.com/b?c1=2&c2=20480112&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1702536882165&ns_c=UTF-8&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=1&cs_cmp_id=9&cs_cmp_sv=5...
https://sb.scorecardresearch.com/b2?c1=2&c2=20480112&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1702536882165&ns_c=UTF-8&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=1&cs_cmp_id=9&cs_cmp_sv=...

0
225 B

34ms
34ms

Image
text/plain

18.164.96.83
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/b2?c1=2&c2=20480112&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1702536882165&ns_c=UTF-8&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=1&cs_cmp_id=9&cs_cmp_sv=5&cs_cmp_rt=177&c7=https%3A%2F%2F49.13.84.163.sslip.io%2F&c8=Home%20-%20WND&c9=
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Server: 18.164.96.83 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-96-83.jfk50.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
via: 1.1 bf8d7cb6fca5d51158e1109ca40fe242.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: JFK50-P5
x-amz-cf-id: 9EyXJJ5TQB6p13ZG_tN1SAPMEnKS8w1eIpE7DMk8IUzwyBkTEJt2Dg==
x-cache: Miss from cloudfront

Redirect headers

date: Thu, 14 Dec 2023 06:54:42 GMT
via: 1.1 bf8d7cb6fca5d51158e1109ca40fe242.cloudfront.net (CloudFront)
accept-ch: UA, Platform, Arch, Model, Mobile
x-amz-cf-pop: JFK50-P5
x-cache: Miss from cloudfront
location: /b2?c1=2&c2=20480112&cs_it=b9&cv=4.0.0%2B2301240627&ns__t=1702536882165&ns_c=UTF-8&gdpr=0&gdpr_p1t=&gdpr_li=&gdpr_purps=&gdpr_pcc=&cs_cmp_nc=1&cs_cmp_id=9&cs_cmp_sv=5&cs_cmp_rt=177&c7=https%3A%2F%2F49.13.84.163.sslip.io%2F&c8=Home%20-%20WND&c9=
content-length: 0
x-amz-cf-id: D4FcQQSdTUbgkrGNgIRyloQ19MeqcAUIkOboy7IaHI3UjwpI_lQpcQ==

GET
H3 200 wnd.com.1223682.es6.js Show response
jsc.mgid.com/w/n/ 304 KB
93 KB 275ms
241ms Script
text/javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jsc.mgid.com/w/n/wnd.com.1223682.es6.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a6f15d703a95974973ee987f8cec437110a5809a551c8ae33762f241ede1757

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://49.13.84.163.sslip.io/
Origin: https://49.13.84.163.sslip.io
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
x-amz-version-id: 469Ono.nUv4RgQ_.WHtaTKv5T6.jrkZh
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QJP4GMV5G0Z2RN1K
cf-polished: origSize=311086
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 1VppvOMkJuP4Zm7Gwo2YYc5vnCrFFmJ5ctikIcjUEh3Q6fGsCXpPFzz0Dz0Wn7q+ZisItB8MmCg=
cf-bgj: minify
last-modified: Mon, 27 Nov 2023 10:51:42 GMT
server: cloudflare
etag: W/"0e92f360cf76db2b657d1154bbbc024a"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=10800
cf-ray: 8354897b69054bc0-BUF
expires: Thu, 14 Dec 2023 09:54:42 GMT

GET
H2 200 / Show response
geo.privacymanager.io/ 30 B
609 B 91ms
24ms Fetch
application/json 52.85.61.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.privacymanager.io/
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-61.ewr53.r.cloudfront.net
Software: /
Resource Hash: 8f8ba42d03a7c5a04626835a48b8212f61a3440e51d66b4b866a8d20acf32f57

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:25:30 GMT
via: 1.1 999e0c944d96e4c2945aab8389961e9c.cloudfront.net (CloudFront), 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD61-P2, EWR53-P1
age: 1752
x-amzn-requestid: a7abc69c-c632-4fd9-8f5e-c3beba677d05
x-amzn-trace-id: Root=1-657a9fda-1ebacc911b0d774d4e57c714;Sampled=0;lineage=06620786:0
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type: application/json
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-apigw-id: P63qIFdfDoEEXvw=
content-length: 30
x-amz-cf-id: jifilgA9Lymey06gWQowRXnVkaFTZ_KA8FTqnkZ4z85Wep3D2pyz8g==
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/160835/4933/ 222 KB
67 KB 29ms
29ms Script
application/javascript 23.51.57.13
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/160835/4933/pwt.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.51.57.13 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-51-57-13.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 6b30722487e92833baf8f01d6b2d2fed4e459d7cd42dc81ac1a80d8d08b9450e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
content-encoding: gzip
last-modified: Sat, 29 Apr 2023 00:25:40 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=77490
accept-ranges: bytes
content-length: 68444
expires: Fri, 15 Dec 2023 04:26:12 GMT

GET
H2 200 widget_app_base_1702474105049.js Show response
cdn.userway.org/widgetapp/2023-12-13-13-28-25/ 136 KB
40 KB 109ms
53ms Script
application/javascript 2a02:6ea0:c400::12
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2023-12-13-13-28-25/widget_app_base_1702474105049.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c400::12 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: f7b011dc9725e8cbee6e81f6580bb1696ae5f40df6fae86560fc74d1f86889bd

Request headers

Referer: https://49.13.84.163.sslip.io/
Origin: https://49.13.84.163.sslip.io
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-77-pop: newyorkUSNY
date: Thu, 14 Dec 2023 06:54:42 GMT
via: 1.1 56afed1ff867622bc96040c761f69a64.cloudfront.net (CloudFront)
content-encoding: gzip
x-age-lb: 62290
x-amz-cf-pop: YUL62-C1
age: 276
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-accel-date: 1702474592
x-77-nzt: EgwBWbuxDwH3UvMAAAwBnJI74gH3AAAAAA
x-accel-expires: @1728394592
x-77-age: 62290
x-cache-lb: HIT
last-modified: Wed, 13 Dec 2023 13:30:32 GMT
server: CDN77-Turbo
etag: W/"ebdd97e393f8d5a6ead7dfe565272184"
x-77-nzt-ray: 49be1408b414ee05b2a67a65c494e31e
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/javascript
x-amz-cf-id: BZQeCmm3QCtzGKC3W5HpbH2esuBiiXMNvXipjGxU1DVvhqeo4dD1YQ==

GET
H2 200 rules-p-kZpd2WPpvPttS.js Show response
rules.quantcount.com/ 160 B
635 B 101ms
23ms Script
application/javascript 2600:9000:21da:5a00:6:44e3:f8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://rules.quantcount.com/rules-p-kZpd2WPpvPttS.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21da:5a00:6:44e3:f8c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ce22e7b081bf78c810c97d860a00e2dcb01fceb566dd25a024dffebd65701b77

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:31:45 GMT
via: 1.1 98c9abb82906e5df5d993116d0614420.cloudfront.net (CloudFront)
x-amz-cf-pop: EWR53-C1
age: 1396
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 160
last-modified: Thu, 13 Oct 2022 23:41:28 GMT
server: AmazonS3
etag: "3bd52e76370449be25049e0f408a095d"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
x-amz-cf-id: 74lNzyKPHJ66IY6PaJkGgn9yZxtkqnPxlBkwyMyfzTkOW120Gu7S9Q==

GET
H2 200 ivt.min.js Show response
jxgdqbxdiycfimegq.ay.delivery/ivt/JXGDQbXdiYcFimEgq/ 87 KB
36 KB 45ms
44ms Script
application/javascript 2606:4700:e2::ac40:8a0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jxgdqbxdiycfimegq.ay.delivery/ivt/JXGDQbXdiYcFimEgq/ivt.min.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41be2ded3a417eb7f67cddf3cd1e3fd49c1929c4152d3909f8f09318a6204005

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 272
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 13 Sep 2023 15:12:11 GMT
server: cloudflare
etag: W/"6501d14b-15c32"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B10%2FCMoll9vGXvrWZchobMDOoAPYoJygGnFqJMloZS3hbWTcWv2IrtskKyByd06jwfdJ4L6DUK0ffvL3OYxTSwuxafmPjMDVKpGzhoCmEM2nbKfxcnQtgA1Y3YfKXt2%2BoMSEdRZaYRTIdCJIqbEED5WkK12rJogUSQ7CZA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: no-cache, max-age=0
cf-ray: 8354897b88bc5589-EWR

POST
H2 204 collect
analytics.google.com/g/ 0
258 B 96ms
38ms Ping
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-SKMDTLGL59&gtm=45je3bt0v9118694183z872004870&_p=1702536881712&_gaz=1&gcd=11l1l1l1l1&dma=0&tcfd=10000&cid=1289557704.1702536882&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1702536882&sct=1&seg=0&dl=https%3A%2F%2F49.13.84.163.sslip.io%2F&dt=Home%20-%20WND&en=page_view&_fv=1&_ss=1&ep.ArticleAuthor=wndstaff&ep.ArticleTitler=false&ep.SiteName=http%3A%2F%2Fwww.wnd.com&ep.ArticleChooser=false&ep.ArticleEditor=false&ep.ArticleTopic=&ep.ArticleSection=&ep.Platform=web&ep.ArticleShareTextAuthor=false&ep.PrimaryTag=false&epn.ParagraphCount=0&epn.ArticleTitleLength=4&epn.ArticleShareTextLength=0&epn.WordCount=0&ep.ArticleSource=&ep.ArticleTitle=Home&ep.ArticleSocialTitle=Home&ep.ArticleSeoTitle=Home&epn.ArticleID=84458&epn.ArticleSocialTitleLength=4&epn.ArticleSeoTitleLength=4&ep.GoogleCompliant=true&ep.VideoPosition=none&ep.ArticleCategory=false&ep.ArticlePublishDate=2011-11-28&tfd=1650
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SKMDTLGL59&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://49.13.84.163.sslip.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
258 B 99ms
37ms Ping
text/plain 2607:f8b0:4004:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-SKMDTLGL59&cid=1289557704.1702536882&gtm=45je3bt0v9118694183z872004870&aip=1&dma=0&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SKMDTLGL59&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c06::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://49.13.84.163.sslip.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 token
eua.instiengage.com/v1/auth/ Frame 0
0 47ms
36ms Preflight 54.86.86.168
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://eua.instiengage.com/v1/auth/token
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.86.86.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-86-86-168.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://auth.instiengage.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: https://auth.instiengage.com
access-control-max-age: 3600
content-length: 0
date: Thu, 14 Dec 2023 06:54:42 GMT
vary: Origin

POST
H2 200 token Show response
eua.instiengage.com/v1/auth/ Frame 389D 864 B
1016 B 48ms
47ms Fetch
application/json 54.86.86.168
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://eua.instiengage.com/v1/auth/token
Requested by: Host: auth.instiengage.com
URL: https://auth.instiengage.com/auth/authIframe.js?v=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.86.86.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-86-86-168.compute-1.amazonaws.com
Software: /
Resource Hash: b743b39698a237861f3285cd0fba1264b46a7102dee745e6d70a747acadb0f21

Request headers

Referer: https://auth.instiengage.com/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://auth.instiengage.com
date: Thu, 14 Dec 2023 06:54:42 GMT
access-control-allow-credentials: true
content-length: 864
vary: Origin
content-type: application/json

GET
H/1.1 200
OK 14262843528681830 Show response
lockerdome.com/lad/ Frame D814 1 KB
1 KB 243ms
90ms Document
text/html 104.154.142.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://lockerdome.com/lad/14262843528681830?pubid=ld-815-7346&pubo=https%3A%2F%2F49.13.84.163.sslip.io&rid=&width=1253&path=%2F
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.154.142.214 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.142.154.104.bc.googleusercontent.com
Software: /
Resource Hash: f670413d2ae1a2ae6adb0f76cf9a23e52e96324d60f3c10658a9bfe558a6513d

Request headers

Referer: https://49.13.84.163.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Content-Length: 1342
Content-Type: text/html; charset=utf-8
Date: Thu, 14 Dec 2023 06:54:42 GMT

GET
H/1.1 200
OK 14262845978155366 Show response
lockerdome.com/lad/ Frame C640 1 KB
1 KB 229ms
87ms Document
text/html 104.154.142.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://lockerdome.com/lad/14262845978155366?pubid=ld-6059-3828&pubo=https%3A%2F%2F49.13.84.163.sslip.io&rid=&width=1253&path=%2F
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.154.142.214 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.142.154.104.bc.googleusercontent.com
Software: /
Resource Hash: f670413d2ae1a2ae6adb0f76cf9a23e52e96324d60f3c10658a9bfe558a6513d

Request headers

Referer: https://49.13.84.163.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Cache-Control: no-cache, max-age=0, must-revalidate, no-store
Content-Length: 1342
Content-Type: text/html; charset=utf-8
Date: Thu, 14 Dec 2023 06:54:42 GMT

GET
H3 200 wnd.com.1443193.es6.js Show response
jsc.mgid.com/w/n/ 322 KB
96 KB 218ms
218ms Script
text/javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jsc.mgid.com/w/n/wnd.com.1443193.es6.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

589078fa7c2a83f5fb7f3784eabca0df799b8d9c42f3d10e5250ece1426611d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://49.13.84.163.sslip.io/
Origin: https://49.13.84.163.sslip.io
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
x-amz-version-id: 6FBqHq2kSu9TIg2l1TGm3_kejrBCbBRN
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: 8A0JDQD5QHDZCNTE
cf-polished: origSize=329393
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3RNtxiQMD+GJAf6VM7u3au3qkL3YX0q04wxni5DR2NckVzzs4S5BxQfARZC4F0TXVp+Mc0ukZFw=
cf-bgj: minify
last-modified: Mon, 27 Nov 2023 14:09:04 GMT
server: cloudflare
etag: W/"099a5a22777ca960a346fd85d539b527"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=10800
cf-ray: 8354897c29214bc0-BUF
expires: Thu, 14 Dec 2023 09:54:42 GMT

GET
H3 200 wnd.com.1177535.es6.js Show response
jsc.mgid.com/w/n/ 319 KB
95 KB 88ms
88ms Script
text/javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jsc.mgid.com/w/n/wnd.com.1177535.es6.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c2f5a8b9ddb8f7794bb7db1994e2de43955e06b4111817053ea45e5a8ae5e60

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://49.13.84.163.sslip.io/
Origin: https://49.13.84.163.sslip.io
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
x-amz-version-id: OJJ17v9892KAuXr1G8M9vnGof7p3Xe5V
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: QEBD60SM6CGWJKF5
cf-polished: origSize=326754
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: UxJSTcCGx10+WWBAuuQfIdrl4bHt14st7xN88nAY5UXVIb6Wx3m29wvY+3DHb9rgETHBQhe9Nz0=
cf-bgj: minify
last-modified: Mon, 27 Nov 2023 10:48:48 GMT
server: cloudflare
etag: W/"4b8d81f7c66e5b99f2a35359a31d8bc0"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=10800
cf-ray: 8354897c29234bc0-BUF
expires: Thu, 14 Dec 2023 09:54:42 GMT

GET
H3 200 wnd.com.1177536.es6.js Show response
jsc.mgid.com/w/n/ 322 KB
95 KB 228ms
228ms Script
text/javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jsc.mgid.com/w/n/wnd.com.1177536.es6.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ee8ffe26ccea58e0f88061d5d289e09d55b1d5211568b14318bf6be8b61632a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://49.13.84.163.sslip.io/
Origin: https://49.13.84.163.sslip.io
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
x-amz-version-id: Lc_c5b32aY9NpD3CnqJ50NGD37U1YPBR
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: J76YZVKN21TZQB46
cf-polished: origSize=329389
x-amz-server-side-encryption: AES256
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 6SB+jgNJdPexJzgG4l4BIFwcxuUU8E4ceAgjh3dg1dBoxC/NOBZapyYOkJ/YYmwxlX8+SwkXDdOsgDA2RHMVSw==
cf-bgj: minify
last-modified: Mon, 27 Nov 2023 10:48:49 GMT
server: cloudflare
etag: W/"4a99eceeabb57cf84620e3177bcc0f4a"
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=10800
cf-ray: 8354897c39244bc0-BUF
expires: Thu, 14 Dec 2023 09:54:42 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
54 B 40ms
38ms Ping
text/plain 2001:4860:4802:32::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-K8Y2VRPKK2&gtm=45je3bt0v9119074412z89118997136&_p=1702536881712&_gaz=1&gcd=11l1l1l1l1&dma=0&tcfd=10000&cid=1289557704.1702536882&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1702536882&sct=1&seg=0&dl=https%3A%2F%2F49.13.84.163.sslip.io%2F&dt=Home%20-%20WND&en=page_view&_fv=1&_ss=1&ep.ArticleAuthor=wndstaff&ep.ArticleTitler=false&ep.SiteName=http%3A%2F%2Fwww.wnd.com&ep.ArticleChooser=false&ep.ArticleEditor=false&ep.ArticleTopic=14&ep.ArticleSection=&ep.Platform=web&ep.ArticleShareTextAuthor=false&ep.PrimaryTag=false&epn.ParagraphCount=0&epn.ArticleTitleLength=4&epn.ArticleShareTextLength=0&epn.WordCount=0&ep.ArticleSource=&ep.ArticleTitle=Home&ep.ArticleSocialTitle=Home&ep.ArticleSeoTitle=Home&epn.ArticleID=84458&epn.ArticleSocialTitleLength=4&epn.ArticleSeoTitleLength=4&ep.GoogleCompliant=true&ep.VideoPosition=none&ep.ArticleCategory=false&ep.ArticlePublishDate=2011-11-28&tfd=1760
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K8Y2VRPKK2&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://49.13.84.163.sslip.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
54 B 38ms
38ms Ping
text/plain 2607:f8b0:4004:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-K8Y2VRPKK2&cid=1289557704.1702536882&gtm=45je3bt0v9119074412z89118997136&aip=1&dma=0&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-K8Y2VRPKK2&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c06::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://49.13.84.163.sslip.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
geo.privacymanager.io/ 30 B
608 B 24ms
23ms Fetch
application/json 52.85.61.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://geo.privacymanager.io/
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-61.ewr53.r.cloudfront.net
Software: /
Resource Hash: 8f8ba42d03a7c5a04626835a48b8212f61a3440e51d66b4b866a8d20acf32f57

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:25:30 GMT
via: 1.1 999e0c944d96e4c2945aab8389961e9c.cloudfront.net (CloudFront), 1.1 3f65d34f6010e326e59d2f311de6e202.cloudfront.net (CloudFront)
x-amz-cf-pop: IAD61-P2, EWR53-P1
age: 1752
x-amzn-requestid: a7abc69c-c632-4fd9-8f5e-c3beba677d05
x-amzn-trace-id: Root=1-657a9fda-1ebacc911b0d774d4e57c714;Sampled=0;lineage=06620786:0
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
content-type: application/json
access-control-allow-origin: *
x-cache: Hit from cloudfront
x-amz-apigw-id: P63qIFdfDoEEXvw=
content-length: 30
x-amz-cf-id: zIGSlJsZcdb1A5i8P_PPEhKpDVaKYp5prlvAwEam8U-d754UAO4Xug==
access-control-allow-headers: Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token

GET
H2 200 hadron.json Show response
id.hadron.ad.gt/v1/ 93 B
285 B 48ms
47ms XHR
application/json 2606:4700:10::6816:545
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=484&sync=0&domain=49.13.84.163.sslip.io&url=https://49.13.84.163.sslip.io/
Requested by: Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2F49.13.84.163.sslip.io%2F&ref=&_it=amazon&partner_id=484
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3d7e60b2ca68a3a17296676fec156521007424a01bdf393ba39d9024dd09106e

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: private,max-age=30
access-control-allow-credentials: true
debug: NON-OPTIONS
access-control-allow-headers: authorization
cf-ray: 8354897dfa824bcd-BUF

OPTIONS
H2 200 hadron.json
id.hadron.ad.gt/v1/ Frame 0
0 156ms
50ms Preflight
application/json 2606:4700:10::6816:545
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://id.hadron.ad.gt/v1/hadron.json?_it=amazon&partner_id=484&sync=0&domain=49.13.84.163.sslip.io&url=https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://49.13.84.163.sslip.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin: *
allow: POST, OPTIONS, GET
cache-control: max-age=31536000 public, no-transform
cf-cache-status: DYNAMIC
cf-ray: 8354897daa6f4bcd-BUF
content-length: 0
content-type: application/json
date: Thu, 14 Dec 2023 06:54:42 GMT
debug: OPTIONS block
expires: Fri, 13 Dec 2024 06:54:42 GMT
server: cloudflare

GET
H2 200 / Show response
trends.revcontent.com/api/demand/ 54 B
318 B 141ms
41ms Fetch
application/json 18.235.42.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trends.revcontent.com/api/demand/?w=274088&gdpr=0&gdpr_consent=undefined&us_privacy=1---

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.235.42.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-235-42-81.compute-1.amazonaws.com

Software

envoy /

Resource Hash

47b726fd18aa3355c7f0277952419c5e1b33d3347ee2e4eff5e9b9be73040549

Security Headers

Name	Value
Strict-Transport-Security	max-age=931536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-rc-region: us-east-1a
date: Thu, 14 Dec 2023 06:54:42 GMT
strict-transport-security: max-age=931536000; includeSubDomains
server: envoy
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://49.13.84.163.sslip.io
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
content-length: 54

GET
H2 200 sync Show response
trends.revcontent.com/ 62 B
567 B 138ms
39ms Fetch
application/json 18.235.42.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://trends.revcontent.com/sync?gdpr=0&gdpr_consent=undefined&us_privacy=1---
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.235.42.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-42-81.compute-1.amazonaws.com
Software: envoy /
Resource Hash: 4bb66a9555fa7e78dadf21cb199f3248e5410293ef9e3ede909405312888d3b4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-rc-region: us-east-1a
date: Thu, 14 Dec 2023 06:54:42 GMT
server: envoy
etag: "6d0f6162-f26e-48b1-a1dc-a9305d2569c9"
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-type: application/json
access-control-allow-origin: https://49.13.84.163.sslip.io
p3p: CP="NOI DSP COR NID ADM DEV OUR NOR CNT"
cache-control: max-age=600, private, s-maxage=0, stale-while-revalidate=1800
access-control-allow-credentials: true
x-envoy-upstream-service-time: 3
content-length: 62

GET
H2 200 pixel;r=2118408525;rf=0;a=p-kZpd2WPpvPttS;url=https%3A%2F%2F49.13.84.163.sslip.io%2F;uh=2b2e810c2650318ae57ec03ce144a48b3c391eec5f4ba97535f7b2f3fafd1234;uht=0;fpan=1;fpa=P0-1557390075-1702536882452...
pixel.quantserve.com/ 35 B
371 B 50ms
38ms Image
image/gif 2620:116:800b:21:1456:d0e1:7db4:a56b
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.quantserve.com/pixel;r=2118408525;rf=0;a=p-kZpd2WPpvPttS;url=https%3A%2F%2F49.13.84.163.sslip.io%2F;uh=2b2e810c2650318ae57ec03ce144a48b3c391eec5f4ba97535f7b2f3fafd1234;uht=0;fpan=1;fpa=P0-1557390075-1702536882452;pbc=;ns=0;ce=1;qjs=1;qv=6076e8c2-20231114150359;cm=;gdpr=0;us_privacy=1---;ref=;d=sslip.io;dst=0;et=1702536882752;tzo=600;ogl=locale.en_US%2Ctype.website%2Ctitle.Home%20-%20WND%2Curl.https%3A%2F%2Fwww%252Ewnd%252Ecom%2F%2Csite_name.WND;ses=65de7421-bc9b-4cb1-b274-eaa25c6e8473;mdl=

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800b:21:1456:d0e1:7db4:a56b , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:42 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

POST
H2 200 ehuh3OLB7U Show response
api.userway.org/api/tunings/ 306 B
691 B 258ms
91ms XHR
application/json 2600:1f14:5db:eb00:231b:1899:5025:afc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.userway.org/api/tunings/ehuh3OLB7U
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2023-12-13-13-28-25/widget_app_base_1702474105049.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1f14:5db:eb00:231b:1899:5025:afc1 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2460109fcf1e2cd4163e0c000a45565bed2feecaaca373c46d034a511feadbd1

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
etag: W/"132-tkdRv6Fom2f9pKTu2I0Yx2kLVmg"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD, PUT, PATCH, POST, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-service-request-id: usrc0e15ad773084fd
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: no-cache, no-store, must-revalidate
access-control-allow-headers: *
content-length: 306
x-service-version: uw-pr

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5e89733d8a8e055100cda68bf7a712ab0e1b24fefee7e39792b47cb5ff7c3cb1

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/png

GET
BLOB 200
OK f58c6c87-2ea7-495d-a7a9-57d38c090616
https://49.13.84.163.sslip.io/ 0
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/f58c6c87-2ea7-495d-a7a9-57d38c090616
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
BLOB 200
OK def6235f-f608-402b-8917-93caa78e30ee
https://49.13.84.163.sslip.io/ 250 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/def6235f-f608-402b-8917-93caa78e30ee
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e37071398d21f18dff2370ee0885f38811bb69bb465b398100ab3101fc521d6b

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Length: 250
Content-Type: text/javascript

POST
H3 200 post Show response
jxgdqbxdiycfimegq.ay.delivery/ivt/ 43 B
598 B 147ms
87ms Fetch
application/json 2606:4700:e2::ac40:8a0c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://jxgdqbxdiycfimegq.ay.delivery/ivt/post

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:e2::ac40:8a0c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12ee228dcf736d968a4d50fd35e7b471594fc14ecc0a824bda26872e9b868e16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 14 Dec 2023 06:54:42 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 43
x-xss-protection: 1; mode=block
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4tTnCoPtivsjdUKbz98tqb17fHQZuT93Eg880%2BrYzqGTym7X%2Bc0AKgm6cwtfF%2Bj%2BtGlob%2BcFJ8%2FAoB%2FxqNX9q0vlFcxIigLs2uvQtNn%2BZFGlG8omGBtesbFkqMIp2%2B8iHYE5SgWx5VhcNA8XdhBEDvD1MCiA3wRFtWuAVQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: no-store
cf-ray: 8354897e4bf941ed-EWR
access-control-allow-headers: X-Forwarded-For, X-Requested-With, Content-Type

GET
H3 200 dc.js Show response
stats.g.doubleclick.net/ Frame C640 45 KB
17 KB 30ms
29ms Script
text/javascript 2607:f8b0:4004:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/dc.js

Requested by

Host: lockerdome.com
URL: https://lockerdome.com/lad/14262845978155366?pubid=ld-6059-3828&pubo=https%3A%2F%2F49.13.84.163.sslip.io&rid=&width=1253&path=%2F

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://lockerdome.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 14 Dec 2023 04:58:05 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6997
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17093
expires: Thu, 14 Dec 2023 06:58:05 GMT

GET
H3 200 dc.js Show response
stats.g.doubleclick.net/ Frame D814 45 KB
17 KB 30ms
29ms Script
text/javascript 2607:f8b0:4004:c06::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/dc.js

Requested by

Host: lockerdome.com
URL: https://lockerdome.com/lad/14262843528681830?pubid=ld-815-7346&pubo=https%3A%2F%2F49.13.84.163.sslip.io&rid=&width=1253&path=%2F

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c06::9c Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6181cd98fe270c2826d416574446841f86778bc45a0ab0bdd0c667b4e70fd6e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://lockerdome.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 14 Dec 2023 04:58:05 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 6997
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17093
expires: Thu, 14 Dec 2023 06:58:05 GMT

GET
BLOB 200
OK 5f7495fc-5596-4067-aea4-2c53b678198d
https://49.13.84.163.sslip.io/ 0
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/5f7495fc-5596-4067-aea4-2c53b678198d
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
BLOB 200
OK a49d3988-4018-4e45-811f-da02659c88c9
https://49.13.84.163.sslip.io/ 250 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/a49d3988-4018-4e45-811f-da02659c88c9
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e37071398d21f18dff2370ee0885f38811bb69bb465b398100ab3101fc521d6b

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Length: 250
Content-Type: text/javascript

GET
BLOB 200
OK 0747dac9-c0de-42b8-8697-cb2a395f8b58
https://49.13.84.163.sslip.io/ 0
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/0747dac9-c0de-42b8-8697-cb2a395f8b58
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
BLOB 200
OK c1a17418-361e-4cfe-89ca-93bf87ed8feb
https://49.13.84.163.sslip.io/ 250 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/c1a17418-361e-4cfe-89ca-93bf87ed8feb
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e37071398d21f18dff2370ee0885f38811bb69bb465b398100ab3101fc521d6b

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Length: 250
Content-Type: text/javascript

GET
BLOB 200
OK 2398b807-f110-4618-9aaf-1ba8e6947b7e
https://49.13.84.163.sslip.io/ 0
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/2398b807-f110-4618-9aaf-1ba8e6947b7e
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Length: 0
Content-Type: text/javascript

GET
H2 200 484 Show response
a.ad.gt/api/v1/u/matches/ 12 KB
4 KB 229ms
127ms Script
application/javascript 2606:4700:10::6816:445
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.ad.gt/api/v1/u/matches/484?_it=amazon
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b4cffae7364eb430243eb2257cd1fc490215477a8cabee60ddafec0da6a5490

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
content-encoding: gzip
cf-cache-status: EXPIRED
last-modified: Thu, 14 Dec 2023 06:10:27 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cross-origin-resource-policy: cross-origin
cf-ray: 8354897f09884bbd-BUF

GET
BLOB 200
OK b5a62e66-e9e4-4791-a39f-be49ba9d1851
https://49.13.84.163.sslip.io/ 250 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/b5a62e66-e9e4-4791-a39f-be49ba9d1851
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e37071398d21f18dff2370ee0885f38811bb69bb465b398100ab3101fc521d6b

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Length: 250
Content-Type: text/javascript

GET
H2 200 / Show response
trends.revcontent.com/api/delivery/ 9 KB
6 KB 157ms
156ms Fetch
application/json 18.235.42.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trends.revcontent.com/api/delivery/?is_blocked=undefined&w=274088&width=1600&gdpr=0&gdpr_consent=undefined&us_privacy=1---&rev_allow_cookies=0&site_url=https%3A%2F%2F49.13.84.163.sslip.io%2F&icr_url=&va=0&user_uuid=6d0f6162-f26e-48b1-a1dc-a9305d2569c9&time=1702536882933&up=pc&bn=chrome&bv=120&widget_width=1253&style_id=0&an=false

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.235.42.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-235-42-81.compute-1.amazonaws.com

Software

envoy /

Resource Hash

28009d2841bb87af2a39cace125f231ad0740c3857b0f7a681d71671d3ee6e54

Security Headers

Name	Value
Strict-Transport-Security	max-age=931536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-rc-region: us-east-1a
date: Thu, 14 Dec 2023 06:54:43 GMT
strict-transport-security: max-age=931536000; includeSubDomains
content-encoding: gzip
server: envoy
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://49.13.84.163.sslip.io
access-control-allow-credentials: true
x-envoy-upstream-service-time: 120

GET
H2 200 /
c.mgid.com/pv/ 43 B
138 B 87ms
59ms Image
image/gif 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.mgid.com/pv/?lu=https%3A%2F%2F49.13.84.163.sslip.io%2F&cbuster=1702536882975447993663&pvid=18c671b2b1ea03bb64b&implVersion=11&cxurl=https%3A%2F%2Fwww.wnd.com%2F&site=542038&i=1&scum=%3F0&scuw=%3F0

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cf-ray: 8354897edf034bc7-BUF
alt-svc: h3=":443"; ma=86400
content-length: 43

POST
H3 200 4e1d948f37fa34a66fb0ef808da848080b2d2751df Show response
measlymiddle.com/bf21318adb/ 295 B
322 B 97ms
62ms Fetch
application/json 2600:1901:0:328a::1
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://measlymiddle.com/bf21318adb/4e1d948f37fa34a66fb0ef808da848080b2d2751df

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:328a::1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Resource Hash

96a9f856732cec9913750f165ec94a5e54fe9619339f6ce2a76807e693f25f13

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Thu, 14 Dec 2023 06:54:43 GMT
via: 1.1 google
x-buildnumber: 1072352451
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-datacenter: gce-us-east1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://49.13.84.163.sslip.io
x-hostname: fen-hoothoot-us-east1-830n
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires: Thu, 14 Dec 2023 06:54:42 GMT

GET
H2 200 en-US.json Show response
cdn.userway.org/widgetapp/2023-12-13-13-28-25/locales/ 500 B
960 B 27ms
27ms XHR
application/json 2a02:6ea0:c400::12
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/widgetapp/2023-12-13-13-28-25/locales/en-US.json
Requested by: Host: cdn.userway.org
URL: https://cdn.userway.org/widgetapp/2023-12-13-13-28-25/widget_app_base_1702474105049.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c400::12 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 588e561c1b630cc0c94b479e3a0479c7557e4d6991a1bacb5b2acd7f32906f56

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-77-pop: newyorkUSNY
date: Thu, 14 Dec 2023 06:54:43 GMT
via: 1.1 558a7274c3bf9c351a26dc5ddb8c820a.cloudfront.net (CloudFront)
content-encoding: gzip
x-age-lb: 62291
x-amz-cf-pop: PHL50-C1
age: 276
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-accel-date: 1702474592
x-77-nzt: EgwBWbuxDwH3U/MAAAwBuTvfFAH3AAAAAA
x-accel-expires: @1728394592
x-77-age: 62291
x-cache-lb: HIT
last-modified: Wed, 13 Dec 2023 13:30:32 GMT
server: CDN77-Turbo
etag: W/"6c501e56c0883817da65e6df9f4417ee"
x-77-nzt-ray: 49be1408b414ee05b3a67a65a8d25802
access-control-max-age: 3000
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/json
x-amz-cf-id: P78uAVXIwvHoToH_4RyAeLqEhhlKkozJQgCMAzJ5yl2-3GhL5OcHpw==

POST
H2 204 impression
trends.revcontent.com/event/ 0
0 114ms
42ms Fetch 18.235.42.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trends.revcontent.com/event/impression

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.235.42.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-235-42-81.compute-1.amazonaws.com

Software

envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=931536000; includeSubDomains

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

x-rc-region: us-east-1a
date: Thu, 14 Dec 2023 06:54:43 GMT
strict-transport-security: max-age=931536000; includeSubDomains
server: envoy
vary: Origin
access-control-allow-origin: https://49.13.84.163.sslip.io
access-control-allow-credentials: true
x-envoy-upstream-service-time: 5

GET
H2 200 defaultWidget~feedWidget.delivery.js Show response
assets.revcontent.com/master/ 30 KB
8 KB 28ms
26ms Script
text/javascript 13.35.93.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/defaultWidget~feedWidget.delivery.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.93.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-93-31.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 53203ef7d7c97068a4425546fc8797acbc7e61d7e3df6cd8379dab5c2b1a845f

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 21:29:29 GMT
content-encoding: br
via: 1.1 7082f41e4415fb7199f3ca9b16b5849a.cloudfront.net (CloudFront)
last-modified: Mon, 11 Dec 2023 21:29:24 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P8
age: 33915
x-amz-server-side-encryption: AES256
etag: W/"dd527879624f94aec37115fb12409ec9"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public,max-age=60
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: B48Y-Io1xwDeDXmWkFvMbK0AEcmCI_T0N_JGl-7eiU4bPwmU05cH-Q==

GET
H2 200 defaultWidget.delivery.js Show response
assets.revcontent.com/master/ 18 KB
6 KB 28ms
28ms Script
text/javascript 13.35.93.31
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.revcontent.com/master/defaultWidget.delivery.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.35.93.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-93-31.jfk50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4f8d62a906fe07f2169652b00715ff176ca8aa41dda9a00b04736c29976ecaaf

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Wed, 13 Dec 2023 21:29:29 GMT
content-encoding: br
via: 1.1 7082f41e4415fb7199f3ca9b16b5849a.cloudfront.net (CloudFront)
last-modified: Mon, 11 Dec 2023 21:29:24 GMT
server: AmazonS3
x-amz-cf-pop: JFK50-P8
age: 33915
x-amz-server-side-encryption: AES256
etag: W/"a68f44a39bbc7d4ebe5968b500187e25"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public,max-age=60
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: URKduHHp8KVpYCkZbxZdtgCfn2Pe5DuhmmSW5tu53yzz2Ddftik0Ug==

GET
H/1.1 200
OK score.min.js Show response
js.ad-score.com/ 503 KB
155 KB 140ms
29ms Script
application/javascript 2600:9000:261f:4400:a:deb0:3380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.ad-score.com/score.min.js?pid=1000177&tt=opt
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:261f:4400:a:deb0:3380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: ab6106f92e8f03f71329d638f6e527b97c81a21d0f9a23e48180223f5eee1859

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Wed, 13 Dec 2023 19:25:01 GMT
Content-Encoding: br
Via: 1.1 1f85764c0bc1f70d16858df07753dfa8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: JFK52-P3
Age: 41382
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 13 Dec 2023 19:25:01 GMT
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Cache-Control
X-Amz-Cf-Id: 1hq71HhJKaojA80KOP57oTNe4hOxH3ZZ9ye_uZuFHhKkjFpsE-YGCA==
Expires: Thu, 14 Dec 2023 19:25:01 GMT

GET
H2 200 /
img.revcontent.com/ 1 KB
2 KB 123ms
29ms Image
image/png 13.225.63.13
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.revcontent.com/?url=https://cdn.revcontent.com/assets/img/full_color.png&static=true
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.63.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-63-13.ewr53.r.cloudfront.net
Software: envoy /
Resource Hash: 94d3b3f21c82e9004e1a95aba77f256573a3406d0782d451d50ac8e4bb4df7c5

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-rc-region: us-east-1a
date: Tue, 03 Oct 2023 17:55:57 GMT
via: 1.1 64269b4eda1211bca4d40d7ab2177910.cloudfront.net (CloudFront)
last-modified: Thu, 01 Jun 2023 15:43:57 GMT
server: envoy
x-amz-cf-pop: EWR53-C1
age: 6181126
etag: "a798d6ed9b193888fbc8a4a5bd7b51c236f8aa33"
x-cache: Hit from cloudfront
content-type: image/png
x-envoy-upstream-service-time: 22
alt-svc: h3=":443"; ma=86400
content-length: 1351
x-amz-cf-id: -ZNUQYkoRzdA50zAbQB6PBSUmk3yVLzBchg3B9dDgzeda6YKRIJdQw==

POST
H3 200 3f82421ec39b99bc70951acf7df3ebeffbe84367abc0a2cc0efa Show response
measlymiddle.com/ 3 B
29 B 50ms
50ms Fetch
application/json 2600:1901:0:328a::1
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://measlymiddle.com/3f82421ec39b99bc70951acf7df3ebeffbe84367abc0a2cc0efa

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2600:1901:0:328a::1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

strict-transport-security: max-age=15724800; preload
date: Thu, 14 Dec 2023 06:54:43 GMT
via: 1.1 google
x-buildnumber: 1072352451
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
x-datacenter: gce-us-east1
x-buildname: hoothoot
vary: Accept-Encoding, Origin
access-control-allow-methods: POST, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://49.13.84.163.sslip.io
x-hostname: fen-hoothoot-us-east1-830n
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie
expires: Thu, 14 Dec 2023 06:54:42 GMT

GET
H2 200 484 Show response
p.ad.gt/api/v1/p/ 47 KB
15 KB 376ms
280ms Script
application/javascript 2606:4700:10::ac43:17ea
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://p.ad.gt/api/v1/p/484
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 363581567b0acb5e3f7b5a9cc172049ac9d700e098adee966d76cd1ed1532707

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
content-encoding: gzip
cf-cache-status: EXPIRED
last-modified: Thu, 14 Dec 2023 05:59:54 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=14400
cf-ray: 835489809b0b4bd8-BUF

GET
H2 200 halo_match
ids.ad.gt/api/v1/ 43 B
171 B 212ms
118ms Image
image/gif 2606:4700:10::6816:545
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/halo_match?id=AU1D-0100-001702536883-HLU71BH4-96AC&halo_id=060j9d88fihe9b8df9bkjcbjcaj9djfekefw6k44ousm6g4ko6gywigwiew6kwomy
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 835489809f764bc7-BUF
content-length: 43
content-type: image/gif

GET
H2

200

match
ids.ad.gt/api/v1/
Redirect Chain

https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001702536883-HLU71BH4-96AC&adnxs_id=$UID&gdpr=0
https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3DAU1D-0100-001702536883-HLU71BH4-96AC%26adnxs_id%3D%24UID%26gdpr%3D0
https://ids.ad.gt/api/v1/match?id=AU1D-0100-001702536883-HLU71BH4-96AC&adnxs_id=5640016288828445218&gdpr=0

43 B
95 B

119ms
117ms

Image
image/gif

2606:4700:10::6816:545
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/match?id=AU1D-0100-001702536883-HLU71BH4-96AC&adnxs_id=5640016288828445218&gdpr=0
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Server: 2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 83548981efc84bc7-BUF
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:43 GMT
an-x-request-uuid: 4577c7b3-4877-4001-a3cf-2b1ab9b802b8
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://ids.ad.gt/api/v1/match?id=AU1D-0100-001702536883-HLU71BH4-96AC&adnxs_id=5640016288828445218&gdpr=0
x-proxy-origin: 96.9.246.195; 96.9.246.195; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

t_match
ids.ad.gt/api/v1/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001702536883-HLU71BH4-96AC&gdpr=0
https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001702536883-HLU71BH4-96AC&gdpr=0
https://ids.ad.gt/api/v1/t_match?tdid=ee1f9bfd-2e68-49de-875c-950277e092f2&id=AU1D-0100-001702536883-HLU71BH4-96AC

43 B
95 B

120ms
118ms

Image
image/gif

2606:4700:10::6816:545
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/t_match?tdid=ee1f9bfd-2e68-49de-875c-950277e092f2&id=AU1D-0100-001702536883-HLU71BH4-96AC
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Server: 2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 83548981efc74bc7-BUF
content-length: 43
content-type: image/gif

Redirect headers

location: https://ids.ad.gt/api/v1/t_match?tdid=ee1f9bfd-2e68-49de-875c-950277e092f2&id=AU1D-0100-001702536883-HLU71BH4-96AC
date: Thu, 14 Dec 2023 06:54:43 GMT
server: Kestrel
content-length: 259

GET
H2

200

pbm_match
ids.ad.gt/api/v1/
Redirect Chain

https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001702536883-HLU71BH4-96AC
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001702536883-HLU71BH4-96AC
https://ids.ad.gt/api/v1/pbm_match?pbm=B32F047D-5EA9-4111-B1FB-D4D34C912B80&id=AU1D-0100-001702536883-HLU71BH4-96AC

43 B
95 B

117ms
114ms

Image
image/gif

2606:4700:10::6816:545
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/pbm_match?pbm=B32F047D-5EA9-4111-B1FB-D4D34C912B80&id=AU1D-0100-001702536883-HLU71BH4-96AC
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Server: 2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 83548981efc64bc7-BUF
content-length: 43
content-type: image/gif

Redirect headers

location: https://ids.ad.gt/api/v1/pbm_match?pbm=B32F047D-5EA9-4111-B1FB-D4D34C912B80&id=AU1D-0100-001702536883-HLU71BH4-96AC
date: Thu, 14 Dec 2023 06:54:43 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H/1.1 204
No Content token
token.rubiconproject.com/ 0
695 B 140ms
31ms Image
text/plain 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://token.rubiconproject.com/token?pid=50242&puid=AU1D-0100-001702536883-HLU71BH4-96AC&gdpr=0
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Expires: 0
Pragma: no-cache
Cache-Control: no-cache,no-store,must-revalidate
X-RPHost: 966e54b6201ecd300c4db0efc0f5781a
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

tapad_match
ids.ad.gt/api/v1/
Redirect Chain

https://pixel.tapad.com/idsync/ex/receive?partner_id=3185&partner_device_id=AU1D-0100-001702536883-HLU71BH4-96AC&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001702536883...
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3185&partner_device_id=AU1D-0100-001702536883-HLU71BH4-96AC&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001702...
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=016154a5-ac4d-4ed3-96a1-efa159184f8f%252Chttps%25253A%25252F%25252Fids.ad.gt%25252Fapi%25252Fv1%25252Ftapad_match%25253Fi...
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=ee1f9bfd-2e68-49de-875c-950277e092f2&ttd_puid=016154a5-ac4d-4ed3-96a1-efa159184f8f%2Chttps%253A%252F%252Fids.ad.gt%252Fap...
https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001702536883-HLU71BH4-96AC&tapad_id=016154a5-ac4d-4ed3-96a1-efa159184f8f

43 B
95 B

120ms
120ms

Image
image/gif

2606:4700:10::6816:545
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001702536883-HLU71BH4-96AC&tapad_id=016154a5-ac4d-4ed3-96a1-efa159184f8f
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Server: 2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 83548982afff4bc7-BUF
content-length: 43
content-type: image/gif

Redirect headers

date: Thu, 14 Dec 2023 06:54:43 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001702536883-HLU71BH4-96AC&tapad_id=016154a5-ac4d-4ed3-96a1-efa159184f8f
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

g_match
ids.ad.gt/api/v1/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001702536883-HLU71BH4-96AC
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm=&google_sc=&google_ula=450542624&id=AU1D-0100-001702536883-HLU71BH4-96AC&google_tc=
https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001702536883-HLU71BH4-96AC&google_gid=CAESEPOThGn7ciVExtaQ8vyCb9s&google_cver=1&google_ula=450542624,0

43 B
95 B

117ms
116ms

Image
image/gif

2606:4700:10::6816:545
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001702536883-HLU71BH4-96AC&google_gid=CAESEPOThGn7ciVExtaQ8vyCb9s&google_cver=1&google_ula=450542624,0
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Server: 2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 835489824fe64bc7-BUF
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001702536883-HLU71BH4-96AC&google_gid=CAESEPOThGn7ciVExtaQ8vyCb9s&google_cver=1&google_ula=450542624,0
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 357
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/
Redirect Chain

https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001702536883-HLU71BH4-96AC
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTcwMjUzNjg4My1ITFU3MUJINC05NkFD

170 B
243 B

73ms
72ms

Image
image/png

142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTcwMjUzNjg4My1ITFU3MUJINC05NkFD

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

server-18-238-55-120.jfk52.r.cloudfront.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTcwMjUzNjg4My1ITFU3MUJINC05NkFD
date: Thu, 14 Dec 2023 06:54:43 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 835489809f784bc7-BUF
content-type: text/html; charset=utf-8

GET
H2

200

colossus
ids.ad.gt/api/v1/
Redirect Chain

https://sync.colossusssp.com/ebfa23da174faa55634171c5e49d0152.gif?puid=AU1D-0100-001702536883-HLU71BH4-96AC&redir=http%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fcolossus%3Fcls_id%3D%5BUID%5D%26id%3DAU1D-0100-...
https://ids.ad.gt/api/v1/colossus?cls_id=97382b3d-1c80-45df-bfda-64911c98ab09&id=AU1D-0100-001702536883-HLU71BH4-96AC

43 B
95 B

119ms
119ms

Image
image/gif

2606:4700:10::6816:545
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/colossus?cls_id=97382b3d-1c80-45df-bfda-64911c98ab09&id=AU1D-0100-001702536883-HLU71BH4-96AC
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Server: 2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 83548981ffc94bc7-BUF
content-length: 43
content-type: image/gif

Redirect headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 06:54:43 GMT
Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
Server: nginx
Transfer-Encoding: chunked
Location: http://ids.ad.gt/api/v1/colossus?cls_id=97382b3d-1c80-45df-bfda-64911c98ab09&id=AU1D-0100-001702536883-HLU71BH4-96AC
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Expires: 0

GET
H2

200

amo_match
ids.ad.gt/api/v1/
Redirect Chain

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMTc0ODI0MTY1OC90LzA/url/https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Famo_match%3Fturn_id%3D%24!%7BTURN_UUID%7D%26id%3DAU1D-0100-001702536883-HLU71BH4-96AC
https://ids.ad.gt/api/v1/amo_match?turn_id=4427548805325562956&id=AU1D-0100-001702536883-HLU71BH4-96AC

43 B
95 B

122ms
116ms

Image
image/gif

2606:4700:10::6816:545
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/amo_match?turn_id=4427548805325562956&id=AU1D-0100-001702536883-HLU71BH4-96AC
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Server: 2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 83548982a8014bc7-BUF
content-length: 43
content-type: image/gif

Redirect headers

location: https://ids.ad.gt/api/v1/amo_match?turn_id=4427548805325562956&id=AU1D-0100-001702536883-HLU71BH4-96AC
pragma: no-cache
date: Thu, 14 Dec 2023 06:54:42 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2

200

ppnt_match
ids.ad.gt/api/v1/
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562316&ev=1&rurl=https://ids.ad.gt/api/v1/ppnt_match?uid=%%VGUID%%&id=AU1D-0100-001702536883-HLU71BH4-96AC
https://ids.ad.gt/api/v1/ppnt_match?uid=R2DEH0Msfbfo&ev=1&pid=562316&id=AU1D-0100-001702536883-HLU71BH4-96AC

43 B
95 B

170ms
119ms

Image
image/gif

2606:4700:10::6816:545
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ids.ad.gt/api/v1/ppnt_match?uid=R2DEH0Msfbfo&ev=1&pid=562316&id=AU1D-0100-001702536883-HLU71BH4-96AC
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Server: 2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
cache-control: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 835489809f794bc7-BUF
content-length: 43
content-type: image/gif

Redirect headers

strict-transport-security: max-age=15768000
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server: Jetty(10.0.14)
content-language: en-US
location: https://ids.ad.gt/api/v1/ppnt_match?uid=R2DEH0Msfbfo&ev=1&pid=562316&id=AU1D-0100-001702536883-HLU71BH4-96AC
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-5c6449b65-ftd9k
expires: -1

GET
BLOB 206
Partial Content f434d536-dcc4-438c-a12f-cbbf39b7c025
https://49.13.84.163.sslip.io/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/f434d536-dcc4-438c-a12f-cbbf39b7c025
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H2 200 65098d86989437-27294745.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 11 KB
11 KB 135ms
31ms Image
image/jpeg 18.238.55.120
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/65098d86989437-27294745.jpg

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.120 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6f33788127fbed93e1d6c6d0597be3da658e3efb1e77a289896ef24fb69b3de3

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=604800
date: Sun, 10 Dec 2023 18:21:09 GMT
x-content-type-options: nosniff
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P4
age: 304418
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 10808
last-modified: Tue, 19 Sep 2023 22:16:37 GMT
server: cloudflare
etag: "16cfe1790e8bb77e1e26799bb8e4fd95"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control: public, no-transform, max-age=604800
accept-ranges: bytes
cf-ray: 82fdd3c65cab3b5c-IAD
timing-allow-origin: *
x-amz-cf-id: lwg3AkWTWUbomRhHrEjbx4h3phPMJ4021Fa6l5-NRmmk_xgsHd0AMg==

GET
H2 200 657188e909f380-39806813.jpg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 15 KB
16 KB 38ms
33ms Image
image/jpeg 18.238.55.120
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/657188e909f380-39806813.jpg

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.120 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-120.jfk52.r.cloudfront.net

Software

Cloudinary /

Resource Hash

9605eed4e890068ae5c37d71f802b0922de825842e2cb8d6cb3eb84b4a412d15

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 19:06:39 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P4
age: 474484
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 15762
last-modified: Fri, 08 Dec 2023 19:06:27 GMT
server: Cloudinary
etag: "654a9cc24775857d831db38a7ec47bd7"
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control: public, no-transform, max-age=604800
accept-ranges: bytes
timing-allow-origin: *
x-amz-cf-id: z1-Z6A-P49rvnrdGNWLGJn6j-iJjV3D3dm8MoFBXvQ28lJyrY04z9w==

GET
H2 200 655976791db581-46964259.jpeg
images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/ 14 KB
14 KB 41ms
36ms Image
image/jpeg 18.238.55.120
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://images.revcontent.com/revcontent/image/fetch/f_jpg,q_50,h_315,w_420,c_fill,g_faces:auto/pg_1/https://media.revcontent.com/content/images/655976791db581-46964259.jpeg

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.238.55.120 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-238-55-120.jfk52.r.cloudfront.net

Software

cloudflare /

Resource Hash

65507fb5aeffbf4ed756555bce34f86661c8708c3f214428c146cf6379adb872

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:43:44 GMT
strict-transport-security: max-age=604800
x-content-type-options: nosniff
via: 1.1 687bf9bb2353af127d0a3c49056e960c.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK52-P4
age: 475859
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
content-length: 13995
last-modified: Fri, 08 Dec 2023 18:41:49 GMT
server: cloudflare
etag: "ed456b5517350abadd02e5e00bb4fb3d"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control: public, no-transform, max-age=604800
accept-ranges: bytes
cf-ray: 832727dcd9b782b0-IAD
timing-allow-origin: *
x-amz-cf-id: vNsbRbnE3sLU2SPJJFj0csj9GYR8rwtRyErrARRssU3Rf5bguzJMcQ==

GET
BLOB 206
Partial Content b87e8991-0bbf-44c2-b897-32c996a6ecc4
https://49.13.84.163.sslip.io/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/b87e8991-0bbf-44c2-b897-32c996a6ecc4
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
H2 200 mgid_ua.svg
cdn.mgid.com/images/mgid/ 2 KB
1 KB 65ms
38ms Image
image/svg+xml 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.mgid.com/images/mgid/mgid_ua.svg

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: BY1FAN1GRBB0KHGB
age: 6134
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 8SW6vqcLB5w63lCn7DGoFjFMwq5MrvbMI+SypwmYCfpHT+t/HA+IV3R22EpASn+dhOg/hbVSP18=
last-modified: Tue, 08 Mar 2022 17:05:01 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root
etag: W/"617c205137825561208ef7c1a2d8f319"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 835489826ff04bc7-BUF
expires: Fri, 15 Dec 2023 06:54:43 GMT

GET
H2 200 Adchoices.svg
cdn.mgid.com/images/logos/ 836 B
921 B 38ms
36ms Image
image/svg+xml 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.mgid.com/images/logos/Adchoices.svg

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: P6X3J1GY4G5KKAEB
age: 6460
alt-svc: h3=":443"; ma=86400
x-amz-id-2: STGHmRyTPOHYgBuoCYuGKZEvzhlgt7/1AxxBVk1VaMEjTFE6g4dYetwzKHG0Nte8FhfGDDF9ZvvSguuUSWp0Lm+4R4VlLrPbcX+gxCO+qQM=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 835489826fef4bc7-BUF
expires: Fri, 15 Dec 2023 06:54:43 GMT

GET
BLOB 206
Partial Content 1749bdf3-4d77-46f9-abbc-e61083d7a6a7
https://49.13.84.163.sslip.io/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/1749bdf3-4d77-46f9-abbc-e61083d7a6a7
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

GET
BLOB 206
Partial Content fc7bce5f-4c3d-4f95-b8a8-3f17e3abff80
https://49.13.84.163.sslip.io/ 1 KB
0 Media
video/mp4

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/fc7bce5f-4c3d-4f95-b8a8-3f17e3abff80
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 60ddc774c7b5fd0c01d169321a444da403d60c0042f6bee01b0c96f6e1535fda

Request headers

Referer
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Range: bytes=0-

Response headers

Content-Range: bytes 0-1492/1493
Content-Length: 1493
Content-Type: video/mp4

POST
H/1.1 200
OK cors Show response
data.ad-score.com/data/ 50 B
602 B 201ms
57ms Fetch
text/plain 130.211.115.4
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.ad-score.com/data/cors?pm_st=EXHHETdYSHLmOIOludkrAGsPaqyMAQtH-FE7fPshldVTkKDgY03zOFk7F-E03BPslublfiNw==&pm_ct=dbf5be2d690aabe22b31ed0e&pm_pl=1702536883422&pm_td=14&pid=1000177&en=1.1&callback=__pm_glbl_GsWG4I7xP99yy9oPKahrbg1I._gc1&tt=opt&v=9843e51
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 4.115.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 627e64a682a5ef10ad29caafcdca8c9d689ecea6919f43bc3abdd361555c8bdc

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 06:54:43 GMT
Age: 0
Access-Control-Allow-Methods: POST
P3p: CP="CURa ADMa DEVa TAIi PSAi PSDi IVAi IVDi CONi HISa TELi OUR IND DSP CAO COR"
Access-Control-Allow-Origin: https://49.13.84.163.sslip.io
Content-Type: text/plain; charset=utf-8
Cache-Control: post-check=0, pre-check=0, false, proxy-revalidate, no-cache, no-cache=Set-Cookie, no-store, must-revalidate, max-age=0, s-maxage=0
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 50

GET
H/1.1 200
OK x.html Show response
js.ad-score.com/ Frame B092 75 KB
26 KB 25ms
24ms Document
text/html 2600:9000:261f:4400:a:deb0:3380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.ad-score.com/x.html?v=9843e51&pid=1000177
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:261f:4400:a:deb0:3380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: f21d750faa793b5b7e4acc9db538da4c372e72a1f7cbff19b084a5a8786227d1

Request headers

Referer: https://49.13.84.163.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Age: 41383
Cache-Control: public, max-age=86400
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Wed, 13 Dec 2023 19:25:00 GMT
Last-Modified: Wed, 13 Dec 2023 17:01:02 GMT
Transfer-Encoding: chunked
Via: 1.1 1f85764c0bc1f70d16858df07753dfa8.cloudfront.net (CloudFront)
X-Amz-Cf-Id: YmnWCOqc1CVCeZhkvNhrTasLxhUDOEPPPBFaewr8IfA1vx-WMZhHfg==
X-Amz-Cf-Pop: JFK52-P3
X-Cache: Hit from cloudfront

GET
BLOB 200
OK 93a38e57-487e-4e9b-ba73-63094b4310e3
https://49.13.84.163.sslip.io/ 725 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/93a38e57-487e-4e9b-ba73-63094b4310e3
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb32ef70baf6f49f09b1fe50f680f2217d8fc8021f2b91beaabb96f6d582c96b

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Length: 725
Content-Type: text/javascript

GET
H2 200 1 Show response
servicer.mgid.com/1223682/ 3 KB
2 KB 315ms
289ms Script
application/x-javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://servicer.mgid.com/1223682/1?tcfV2=1&mp4=1&ap=1&w=728&h=90&sz=351x87&szp=1,2&szl=1,2&cols=2&sessionId=657aa6b3-14c41&sessionPage=1&sessionNumberWeek=1&sessionNumber=1&lu=https%3A%2F%2F49.13.84.163.sslip.io%2F&cbuster=1702536883580646126634&pvid=18c671b2b1ea03bb64b&implVersion=11&cxurl=https%3A%2F%2Fwww.wnd.com%2F&scum=%3F0&scuw=%3F0&uspString=1---&uniqId=03808&niet=4g&nisd=false&pv=5&lct=1701043200&jsv=es6&pageView=1&dpr=1&ref=&tfre=1912

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad73dc3d968e47deb09a61a062f181d9e43b6438f73004eb32de307fdbc24e23

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 835489829ff94bc7-BUF
alt-svc: h3=":443"; ma=86400

GET
H2 200 remediation-tool-free.js Show response
cdn.userway.org/remediation/free/ 27 KB
11 KB 32ms
32ms Script
application/javascript 2a02:6ea0:c400::12
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userway.org/remediation/free/remediation-tool-free.js?ts=1702474105049
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c400::12 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 80680957b712cc8074f6aa4309adb5636a421fc9eca005951eef1a1a98509d38

Request headers

Referer: https://49.13.84.163.sslip.io/
Origin: https://49.13.84.163.sslip.io
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-77-pop: newyorkUSNY
date: Thu, 14 Dec 2023 06:54:43 GMT
via: 1.1 12fcb6e1bd9ccc1cb02eb21308b59e46.cloudfront.net (CloudFront)
content-encoding: gzip
x-age-lb: 62291
x-amz-cf-pop: YUL62-C1
age: 276
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-accel-date: 1702474592
x-77-nzt: EgwBWbuxDwH3U/MAAAwBnJI76AH3AAAAAA
x-accel-expires: @1728394592
x-77-age: 62291
x-cache-lb: HIT
last-modified: Wed, 13 Dec 2023 13:30:36 GMT
server: CDN77-Turbo
etag: W/"864b4a4c16e3d4e86e7ac865b1541b74"
x-77-nzt-ray: 49be1408b414ee05b3a67a65cee09823
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: application/javascript
x-amz-cf-id: SBqgVvzecYOaJf_q-6Q5CTfyfXHfa4fC4RLg0MB-iKVNkmvcDl0v_w==

GET
H2 200 wheel_right_wh.svg
cdn.userway.org/widgetapp/images/ 938 B
1 KB 30ms
29ms Image
image/svg+xml 2a02:6ea0:c400::12
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.userway.org/widgetapp/images/wheel_right_wh.svg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c400::12 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: e5fc452742c08d505d21569e391d74dde03f076aa236d7d0b1b5b5d0b68b7549

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-77-pop: newyorkUSNY
date: Thu, 14 Dec 2023 06:54:43 GMT
via: 1.1 637dba6131a9a1e300cf019b0a0edd44.cloudfront.net (CloudFront)
content-encoding: gzip
x-age-lb: 62288
x-amz-cf-pop: YUL62-C1
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-accel-date: 1702474595
x-77-nzt: EgwBWbuxDwH3UPMAAAwBnJI76AH3AgAAAA
x-accel-expires: @1728394593
x-77-age: 62290
x-cache-lb: HIT
last-modified: Fri, 13 Jan 2023 11:00:14 GMT
server: CDN77-Turbo
etag: W/"4471efd520fd01abf13415c6253d668e"
x-77-nzt-ray: 49be140864032403b3a67a65f7156725
access-control-max-age: 3000
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: image/svg+xml
x-amz-cf-id: S8DtUj6QUasce-bjHCCkW0DjCm0Opb8BEmu74Tsx5fq_hUj_XbO4mg==

GET
H2 200 spin_wh.svg
cdn.userway.org/widgetapp/images/ 2 KB
1 KB 32ms
31ms Image
image/svg+xml 2a02:6ea0:c400::12
CDN77 ^_^

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.userway.org/widgetapp/images/spin_wh.svg
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c400::12 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: c45f637f905e1ea01ba81aa39e8da62ee7e7f8703c3da4c3bba55f6192e5834c

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-77-pop: newyorkUSNY
date: Thu, 14 Dec 2023 06:54:43 GMT
via: 1.1 9edd97b808f35ec81d31fc57c74508ce.cloudfront.net (CloudFront)
content-encoding: gzip
x-age-lb: 62291
x-amz-cf-pop: YUL62-C1
age: 175
x-amz-server-side-encryption: AES256
x-77-cache: HIT
x-accel-date: 1702474592
x-77-nzt: EgwBWbuxDwH3U/MAAAwBnJI76AH3AAAAAA
x-accel-expires: @1728394592
x-77-age: 62291
x-cache-lb: HIT
last-modified: Fri, 13 Jan 2023 11:00:14 GMT
server: CDN77-Turbo
etag: W/"8e0a35946bf39d10f46a1f1653366a0a"
x-77-nzt-ray: 49be140864032403b3a67a6556926c25
access-control-max-age: 3000
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: GET, HEAD, PUT, POST, DELETE
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Content-Length, ETag, Content-Type
cache-control: max-age=25920000, public
content-type: image/svg+xml
x-amz-cf-id: 9CbAtP71vKicUDICJkrO28jofX-RopA0LKGCH3IO5kylbBihoSB_pQ==

GET
BLOB 200
OK 4af6dbc0-5587-48d9-9ba6-1542a9ab6b64
https://49.13.84.163.sslip.io/ 288 B
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://49.13.84.163.sslip.io/4af6dbc0-5587-48d9-9ba6-1542a9ab6b64
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 97bf326860f50a3e48b937a395da44fb697f230259b45d63cca9dcd24fddb243

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Length: 288
Content-Type: text/javascript

OPTIONS
H2 200 page-view
yeet.revcontent.com/yeet/events/ Frame 0
0 60ms
39ms Preflight 18.235.42.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/page-view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.235.42.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-42-81.compute-1.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://49.13.84.163.sslip.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: https://49.13.84.163.sslip.io
content-length: 0
date: Thu, 14 Dec 2023 06:54:43 GMT
server: envoy
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time: 2
x-rc-region: us-east-1a

OPTIONS
H2 200 widget-loaded
yeet.revcontent.com/yeet/events/ Frame 0
0 58ms
39ms Preflight 18.235.42.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/widget-loaded
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.235.42.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-42-81.compute-1.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://49.13.84.163.sslip.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type
access-control-allow-methods: POST
access-control-allow-origin: https://49.13.84.163.sslip.io
content-length: 0
date: Thu, 14 Dec 2023 06:54:43 GMT
server: envoy
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-envoy-upstream-service-time: 2
x-rc-region: us-east-1a

POST
H2 204 page-view
yeet.revcontent.com/yeet/events/ 0
0 39ms
38ms Fetch 18.235.42.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/page-view
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.235.42.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-42-81.compute-1.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

x-rc-region: us-east-1a
access-control-allow-origin: https://49.13.84.163.sslip.io
date: Thu, 14 Dec 2023 06:54:43 GMT
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
server: envoy
vary: Origin

POST
H2 204 widget-loaded
yeet.revcontent.com/yeet/events/ 0
0 40ms
39ms Fetch 18.235.42.81
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://yeet.revcontent.com/yeet/events/widget-loaded
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.235.42.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-42-81.compute-1.amazonaws.com
Software: envoy /
Resource Hash

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: application/json

Response headers

x-rc-region: us-east-1a
access-control-allow-origin: https://49.13.84.163.sslip.io
date: Thu, 14 Dec 2023 06:54:43 GMT
access-control-allow-credentials: true
x-envoy-upstream-service-time: 2
server: envoy
vary: Origin

GET
H2 200 ecommerce.js Show response
www.google-analytics.com/plugins/ua/ 1 KB
743 B 26ms
26ms Script
text/javascript 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ecommerce.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 630
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 14 Dec 2023 07:54:28 GMT

GET
H2 200 ec.js Show response
www.google-analytics.com/plugins/ua/ 3 KB
1 KB 24ms
24ms Script
text/javascript 2607:f8b0:4006:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/ec.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:816::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:05:28 GMT
content-encoding: br
x-content-type-options: nosniff
age: 2955
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1129
x-xss-protection: 0
last-modified: Tue, 27 Jun 2023 17:28:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Thu, 14 Dec 2023 07:05:28 GMT

HEAD
H/1.1 200
OK x.html Show response
js.ad-score.com/ Frame B092 0
565 B 24ms
24ms XHR
text/html 2600:9000:261f:4400:a:deb0:3380:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.ad-score.com/x.html?v=9843e51&pid=1000177
Requested by: Host: js.ad-score.com
URL: https://js.ad-score.com/x.html?v=9843e51&pid=1000177
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:261f:4400:a:deb0:3380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://js.ad-score.com/x.html?v=9843e51&pid=1000177
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Wed, 13 Dec 2023 19:25:00 GMT
Content-Encoding: gzip
Via: 1.1 1f85764c0bc1f70d16858df07753dfa8.cloudfront.net (CloudFront)
Last-Modified: Wed, 13 Dec 2023 17:01:02 GMT
X-Amz-Cf-Pop: JFK52-P3
Age: 41383
Access-Control-Allow-Methods: GET
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
X-Cache: Hit from cloudfront
Cache-Control: public, max-age=86400
Access-Control-Allow-Credentials: true
Connection: keep-alive
Accept-Ranges: bytes
X-Amz-Cf-Id: r6apvptaOkrlJoM0vJYlSSaPiolj6-hdzfXm74zhVP-AxbK-JcdXgw==

GET
H2 200 mgid_ua.svg
cdn.mgid.com/images/mgid/ 2 KB
994 B 36ms
35ms Image
image/svg+xml 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.mgid.com/images/mgid/mgid_ua.svg

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70d5c4de881e718d0b7638959680ba86722d44eecbe4058d20dd77b8d0d97155

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: BY1FAN1GRBB0KHGB
age: 6134
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 8SW6vqcLB5w63lCn7DGoFjFMwq5MrvbMI+SypwmYCfpHT+t/HA+IV3R22EpASn+dhOg/hbVSP18=
last-modified: Tue, 08 Mar 2022 17:05:01 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1646759091/ctime:1646759091/gid:0/gname:root/md5:617c205137825561208ef7c1a2d8f319/mode:33206/mtime:1646759091/uid:0/uname:root
etag: W/"617c205137825561208ef7c1a2d8f319"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 8354898448584bc7-BUF
expires: Fri, 15 Dec 2023 06:54:43 GMT

GET
H2 200 Adchoices.svg
cdn.mgid.com/images/logos/ 836 B
583 B 36ms
36ms Image
image/svg+xml 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.mgid.com/images/logos/Adchoices.svg

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7992a4430843ef8b4bbae534358be3193aa1ae9c78f273e8e8a70b6af1244ac5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:43 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-amz-request-id: P6X3J1GY4G5KKAEB
age: 6460
alt-svc: h3=":443"; ma=86400
x-amz-id-2: STGHmRyTPOHYgBuoCYuGKZEvzhlgt7/1AxxBVk1VaMEjTFE6g4dYetwzKHG0Nte8FhfGDDF9ZvvSguuUSWp0Lm+4R4VlLrPbcX+gxCO+qQM=
last-modified: Wed, 17 Feb 2021 18:15:53 GMT
server: cloudflare
x-amz-meta-s3cmd-attrs: atime:1613585745/ctime:1613585745/gid:0/gname:root/md5:7d59364b7ed2df3f02507c9f92560df9/mode:33206/mtime:1613585745/uid:0/uname:root
etag: W/"7d59364b7ed2df3f02507c9f92560df9"
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=86400
cf-ray: 83548984485a4bc7-BUF
expires: Fri, 15 Dec 2023 06:54:43 GMT

POST
H/1.1 200
OK cors Show response
data.ad-score.com/data/ 1 B
277 B 56ms
55ms Fetch
text/plain 130.211.115.4
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.ad-score.com/data/cors?pm_st=EXHHETdYSHLmOIOludkrAGsPaqyMAQtH-FE7fPshldVTkKDgY03zOFk7F-E03BPslublfiNw==&pm_ct=dbf5be2d690aabe22b31ed0e&pm_pl=1702536883422&pm_td=456&pid=1000177&en=1.1&callback=__pm_glbl_GsWG4I7xP99yy9oPKahrbg1I._gc2&tt=opt&v=9843e51
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 4.115.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://49.13.84.163.sslip.io
Date: Thu, 14 Dec 2023 06:54:43 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1
Access-Control-Allow-Methods: POST
Content-Type: text/plain; charset=utf-8

POST
H2 204 collect Show response
a.ad.gt/api/v1/ 0
166 B 178ms
120ms XHR
text/html 2606:4700:10::6816:445
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a.ad.gt/api/v1/collect
Requested by: Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/484
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-type: text/plain

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
vary: Origin
content-type: text/html; charset=utf-8
access-control-allow-origin: https://49.13.84.163.sslip.io
access-control-allow-credentials: true
cf-ray: 83548984ce184bc1-BUF

GET
H2 204 getpixels Show response
pixels.ad.gt/api/v1/ 0
109 B 210ms
116ms Script
text/html 2606:4700:10::6816:545
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://pixels.ad.gt/api/v1/getpixels?tagger_id=10a7f29faac0f984c29c7bda2721f0a8&url=https%3A%2F%2F49.13.84.163.sslip.io%2F&code=%27none%27
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:545 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 83548984f8854bc7-BUF
content-type: text/html; charset=utf-8

GET
H3 200 1 Show response
servicer.mgid.com/1177535/ 3 KB
2 KB 349ms
349ms Script
application/x-javascript 2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://servicer.mgid.com/1177535/1?tcfV2=1&mp4=1&ap=1&sessionId=657aa6b3-14c41&sessionPage=1&sessionNumberWeek=1&sessionNumber=1&w=1253&h=349&ident_p=true&sz=614x329&szp=1,2&szl=1,2&cols=2&lu=https%3A%2F%2F49.13.84.163.sslip.io%2F&cbuster=1702536883953858088186&pvid=18c671b2b1ea03bb64b&implVersion=11&cxurl=https%3A%2F%2Fwww.wnd.com%2F&scum=%3F0&scuw=%3F0&uspString=1---&uniqId=153be&childs=1464382&niet=4g&nisd=false&pv=5&lct=1701043200&jsv=es6&pageView=0&dpr=1&ref=&tfre=2286

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3647bb189fa3cf92176b7bb74577826eeffc1c23c56b8b75ac9c9b754fd59792

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 83548984ce1c4bc1-BUF
alt-svc: h3=":443"; ma=86400

GET
H3 200 1 Show response
servicer.mgid.com/1443193/ 3 KB
2 KB 252ms
252ms Script
application/x-javascript 2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://servicer.mgid.com/1443193/1?tcfV2=1&mp4=1&ap=1&sessionId=657aa6b3-14c41&sessionPage=1&sessionNumberWeek=1&sessionNumber=1&w=1253&h=412&ident_p=true&sz=614x364&szp=1,2&szl=1,2&cols=2&lu=https%3A%2F%2F49.13.84.163.sslip.io%2F&cbuster=1702536883956420913701&pvid=18c671b2b1ea03bb64b&implVersion=11&cxurl=https%3A%2F%2Fwww.wnd.com%2F&scum=%3F0&scuw=%3F0&uspString=1---&uniqId=04c7d&childs=1464385&niet=4g&nisd=false&pv=5&lct=1701043200&jsv=es6&pageView=0&dpr=1&ref=&tfre=2288

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4055b68ab06f18fd370fb171e40f8504ab169e90ed28cce574abdd2c08aa92b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 83548984ce1e4bc1-BUF
alt-svc: h3=":443"; ma=86400

GET
H3 200 1 Show response
servicer.mgid.com/1177536/ 3 KB
2 KB 360ms
360ms Script
application/x-javascript 2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://servicer.mgid.com/1177536/1?tcfV2=1&mp4=1&ap=1&sessionId=657aa6b3-14c41&sessionPage=1&sessionNumberWeek=1&sessionNumber=1&w=1253&h=349&ident_p=true&sz=614x329&szp=1,2&szl=1,2&cols=2&lu=https%3A%2F%2F49.13.84.163.sslip.io%2F&cbuster=1702536883958822664285&pvid=18c671b2b1ea03bb64b&implVersion=11&cxurl=https%3A%2F%2Fwww.wnd.com%2F&scum=%3F0&scuw=%3F0&uspString=1---&uniqId=1332d&childs=1464388&niet=4g&nisd=false&pv=5&lct=1701043200&jsv=es6&pageView=0&dpr=1&ref=&tfre=2291

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2afb41a494a9b7191c480ee054a6a91e6eda4301b1ed0b5e1ea48f803f9ebbe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-credentials: true
cf-ray: 83548984ce204bc1-BUF
alt-svc: h3=":443"; ma=86400

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8scV9hdXRvOmdvb2Qsd18xMDIwL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIzLTExLzc5MjA3Ni84Y2Y4M...
s-img.mgid.com/g/17657888/492x328/-/ 25 KB
26 KB 178ms
96ms Image
image/webp 2606:4700:1::6813:844c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s-img.mgid.com/g/17657888/492x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8scV9hdXRvOmdvb2Qsd18xMDIwL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIzLTExLzc5MjA3Ni84Y2Y4Mzg0ZWQ5OWU3Zjk2MDNhN2QzMGM3NjliODEyMi5wbmc.webp?v=1702536883-wOYTGrQeiAcQjHQt1uS41ZE6QDoftPg88vZA8bVpEFs

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:844c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e1467743b599998e4603624bbcb752e6a859f74e3119751afa75f0c2f00fee

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://49.13.84.163.sslip.io/
Origin: https://49.13.84.163.sslip.io
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
last-modified: Fri, 24 Nov 2023 15:02:24 GMT
x-mg-request-uuid: 340eabd4-c5e6-437c-9e8b-050b004db61b
server: cloudflare
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 8354898568a94bc7-BUF
content-length: 25976
alt-svc: h3=":443"; ma=86400

GET
H2 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8scV9hdXRvOmJlc3Qsd18xMDIwL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIzLTEyLzgzMzk5MC9mY2Y3M...
s-img.mgid.com/g/18067153/492x328/-/ 21 KB
21 KB 61ms
38ms Image
image/webp 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s-img.mgid.com/g/18067153/492x328/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzM6MixjX2ZpbGwsZV9zaGFycGVuOjEwMCxmX2pwZyxnX2ZhY2VzOmF1dG8scV9hdXRvOmJlc3Qsd18xMDIwL2h0dHA6Ly9pbWdob3N0cy5jb20vdC8yMDIzLTEyLzgzMzk5MC9mY2Y3MWQ5NzYzYWU0OTFjMGM4MGI5MmE4N2I2MjY0MC5qcGc.webp?v=1702536883-6eQ5V1eFjy_7etL3x5I7KsU2Q4qNdKSrEU8OAVCEMhc

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

769963e623f1be6cea5acea352ad5dbee901616e6e429fe8f0482a70194bef97

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
x-mg-request-uuid: 0fb800f8-26e6-4f8e-a02e-4d98d1e641f9
age: 22191
alt-svc: h3=":443"; ma=86400
content-length: 21440
last-modified: Wed, 13 Dec 2023 19:06:55 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 8354898508894bc7-BUF

GET
H2 200 i.js Show response
cm.mgid.com/ 4 KB
2 KB 74ms
54ms Script
application/javascript 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.mgid.com/i.js?muid=nbdHUG_0MDSm&cbuster=1702536883988948631378&uspString=1---

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1c3329f98ce1da0e0a8b1ef50dbeaf16a7881032cda4e5066cbd87aec8a3e8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: br
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
content-type: application/javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 83548985188c4bc7-BUF
alt-svc: h3=":443"; ma=86400

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 151 KB
33 KB 126ms
41ms Script
text/javascript 2606:4700:10::6816:3456
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

12ba93db33de679d443dc28aee4a2190b580b8ad3fc53216d5bb2678d4e17f29

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Thu, 07 Dec 2023 12:57:20 GMT
server: cloudflare
x-amz-request-id: KNY29QN45MVGW8S4
age: 1100
etag: W/"7229163a9092e2cee472ddee92dcb6ba"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 835489858c524bd5-BUF
x-amz-id-2: mBalHHT+POONn3rG2rjjcverig52+u65oL2xnTphyM9XbtgQ8esnFmFV5NAbPDdalZBT7I0zLzM=

GET
H2 200 pwt.js Show response
ads.pubmatic.com/AdServer/js/pwt/161673/7165/ 207 KB
63 KB 28ms
28ms Script
application/javascript 23.51.57.13
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/pwt/161673/7165/pwt.js
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.51.57.13 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-51-57-13.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: a9f959272120a8fe9fc940b8df6a07a9e6c79d9b72773d62878e82fcd1c51951

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
content-encoding: gzip
last-modified: Sat, 29 Apr 2023 00:55:21 GMT
server: Apache
vary: Accept-Encoding
content-type: application/javascript
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=25603
accept-ranges: bytes
content-length: 63913
expires: Thu, 14 Dec 2023 14:01:27 GMT

POST
H/1.1 200
OK cors Show response
data.ad-score.com/data/ 1 B
277 B 52ms
51ms Fetch
text/plain 130.211.115.4
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.ad-score.com/data/cors?pm_st=EXHHETdYSHLmOIOludkrAGsPaqyMAQtH-FE7fPshldVTkKDgY03zOFk7F-E03BPslublfiNw==&pm_ct=dbf5be2d690aabe22b31ed0e&pm_pl=1702536883422&pm_td=599&pid=1000177&en=1.1&callback=__pm_glbl_GsWG4I7xP99yy9oPKahrbg1I._gc3&tt=opt&v=9843e51
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 4.115.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://49.13.84.163.sslip.io
Date: Thu, 14 Dec 2023 06:54:44 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1
Access-Control-Allow-Methods: POST
Content-Type: text/plain; charset=utf-8

GET
DATA 200
OK truncated
/ 35 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: en-US,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2

200

/ Show response
hde.tynt.com/deb/ Frame 4C68
Redirect Chain

https://ssc-cms.33across.com/ps/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X
https://de.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X
https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1

2 KB
2 KB

107ms
28ms

Document
text/html

67.202.105.34
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.34 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip34.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: 08ec7bae44c80970bc67d04a5820b6fde50e655d77cf9d158f6f95c360f525a2

Request headers

Referer: https://49.13.84.163.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length: 1581
content-type: text/html
date: Thu, 14 Dec 2023 06:54:43 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

Redirect headers

accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length: 0
date: Thu, 14 Dec 2023 06:54:43 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
location: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy: unsafe-url

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 2D48
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=mgid&endpoint=us-west&gdpr=0&gdpr_consent=&us_privacy=
https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=us-west&gdpr=0&gdpr_consent=&us_privacy=

281 B
555 B

106ms
27ms

Document
text/html

23.47.170.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=us-west&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.170.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-170-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://49.13.84.163.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 14 Dec 2023 06:54:44 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Thu, 14 Dec 2023 06:54:44 GMT
location: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=us-west&gdpr=0&gdpr_consent=&us_privacy=
server: AkamaiGHost

GET
H2 200 / Show response
onetag-sys.com/usync/ Frame CBEB 5 KB
2 KB 83ms
26ms Document
text/html 51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Requested by

Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e250df5beb349bd6e3ee915204971539768e6614b706124b3ed7bc24dd7deb42

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://49.13.84.163.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control: no-transform, no-cache
content-encoding: gzip
content-length: 1636
content-type: text/html
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
strict-transport-security: max-age=15552000

GET
H2 200 connectmyusers.php Show response
cdn.connectad.io/ Frame 9A72 1 KB
865 B 113ms
38ms Document
text/html 2606:4700:10::ac43:8ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.connectad.io/connectmyusers.php?us_privacy=&gdpr_consent=&cb=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D817115%26c%3D
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:8ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 08f0465386d9897c95370a004f5251b304dc4f94a73541cccd1ee87c02de2f60

Request headers

Referer: https://49.13.84.163.sslip.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

age: 2705
alt-svc: h3=":443"; ma=86400
cache-control: max-age=3600
cf-cache-status: HIT
cf-ray: 83548985fe784bbb-BUF
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Thu, 14 Dec 2023 06:54:44 GMT
last-modified: Thu, 14 Dec 2023 06:09:39 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2

200

db_sync
px.ads.linkedin.com/
Redirect Chain

https://idsync.rlcdn.com/712107.gif?partner_uid=nbdHUG_0MDSm&
https://idsync.rlcdn.com/1000.gif?memo=CKu7KxIYChQIARDDoQoaDG5iZEhVR18wTURTbRAAGg0ItM3qqwYSBQjoBxAAQgBKAA
https://pippio.com/api/sync?pid=5324&it=1&iv=218eaca79f55d61cb96e1767a9340070e92b4c114d50807c616567e6527e3783791426b5417dce21&_=2
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=218eaca79f55d61cb96e1767a9340070e92b4c114d50807c616567e6527e3783791426b5417dce21&rand=00486785
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=218eaca79f55d61cb96e1767a9340070e92b4c114d50807c616567e6527e3783791426b5417dce21&rand=00486785&expected_cookie=63c3135d-c56e-4a18-983f-a34431acd5e7

0
157 B

56ms
56ms

Image
text/plain

2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/db_sync?pid=10339&puuid=218eaca79f55d61cb96e1767a9340070e92b4c114d50807c616567e6527e3783791426b5417dce21&rand=00486785&expected_cookie=63c3135d-c56e-4a18-983f-a34431acd5e7
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: CE86F1F293DE47E5AD6997AC27470133 Ref B: EWR311000104045 Ref C: 2023-12-14T06:54:44Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMcsI6xbvVZak39wyEKQ==

Redirect headers

date: Thu, 14 Dec 2023 06:54:44 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 779DFB804FC24D31BF5CED0B78A50535 Ref B: EWR311000104045 Ref C: 2023-12-14T06:54:44Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: /db_sync?pid=10339&puuid=218eaca79f55d61cb96e1767a9340070e92b4c114d50807c616567e6527e3783791426b5417dce21&rand=00486785&expected_cookie=63c3135d-c56e-4a18-983f-a34431acd5e7
x-li-source-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYMcsI4BoReaZVGOE3jEA==

GET
H/1.1

200
OK

/
ps.eyeota.net/match/bounce/
Redirect Chain

https://ps.eyeota.net/match?bid=dn2m51u&uid=nbdHUG_0MDSm&gdpr=0&gdpr_consent=
https://ps.eyeota.net/match/bounce/?bid=dn2m51u&uid=nbdHUG_0MDSm&gdpr=0&gdpr_consent=

70 B
440 B

40ms
39ms

Image
image/gif

52.3.138.212
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match/bounce/?bid=dn2m51u&uid=nbdHUG_0MDSm&gdpr=0&gdpr_consent=
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: HTTP/1.1
Server: 52.3.138.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-3-138-212.compute-1.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/gif
Date: Thu, 14 Dec 2023 06:54:44 GMT
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: /match/bounce/?bid=dn2m51u&uid=nbdHUG_0MDSm&gdpr=0&gdpr_consent=
Date: Thu, 14 Dec 2023 06:54:44 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H2

200

/
onetag-sys.com/match/
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=161673&gdpr=0&gdpr_consent=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D161673%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fcm.m...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjMyRjA0N0QtNUVBOS00MTExLUIxRkItRDREMzRDOTEyQjgw&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEH5vSuC7ZEOHrU9g9iRt1dM&google_cver=1
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
https://onetag-sys.com/match/?int_id=114&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=B32F047D-5EA9-4111-B1FB-D4D34C912B80

0
340 B

26ms
25ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=114&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=B32F047D-5EA9-4111-B1FB-D4D34C912B80

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: https://onetag-sys.com/match/?int_id=114&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=B32F047D-5EA9-4111-B1FB-D4D34C912B80
date: Thu, 14 Dec 2023 06:54:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 157
content-type: text/html; charset=utf-8

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://rtb-usw.mfadsrvr.com/sync?ssp=mgid
https://rtb-usw.mfadsrvr.com/ul_cb/sync?ssp=mgid
https://cm.mgid.com/m?cdsp=287839&c=27b6dd88-729f-41a1-924a-66f8db1d4c1f

43 B
542 B

56ms
56ms

Image
image/gif

2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.mgid.com/m?cdsp=287839&c=27b6dd88-729f-41a1-924a-66f8db1d4c1f

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 83548987ceb94bc1-BUF
alt-svc: h3=":443"; ma=86400
content-length: 43

Redirect headers

location: //cm.mgid.com/m?cdsp=287839&c=27b6dd88-729f-41a1-924a-66f8db1d4c1f
date: Thu, 14 Dec 2023 06:54:44 GMT
cache-control: no-cache, no-store, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

204

ImgSync
image8.pubmatic.com/AdServer/
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=&cb=https%3A//cm.mgid.com/m%3Fcdsp%3D779131%26c%3D
https://ib.adnxs.com/getuid?https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F0%2F28893%3Fgpp%3D%26gdpr_consent%3D%26gdpr%3D0%26gpp_sid%3D%26us_privacy%3D%26A%3D0fd72110-0a58-41ef-8da5-239c415a6f50%26bidder...
https://prebid.a-mo.net/cchain/0/28893?gpp=&gdpr_consent=&gdpr=0&gpp_sid=&us_privacy=&A=0fd72110-0a58-41ef-8da5-239c415a6f50&bidder=appnexus&cbx=aHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9&uid...
https://rtb.openx.net/sync/prebid?&gdpr=0&us_privacy=1---&r=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%2F28893%3Fgpp%3D%26gdpr_consent%3D%26gdpr%3D0%26gpp_sid%3D%26us_privacy%3D%26A%3D0fd72110-0a58...
https://rtb.openx.net/sync/prebid?gdpr=0&r=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F1%2F28893%3Fgpp%3D%26gdpr_consent%3D%26gdpr%3D0%26gpp_sid%3D%26us_privacy%3D%26A%3D0fd72110-0a58-41ef-8da5-239c41...
https://prebid.a-mo.net/cchain/1/28893?gpp=&gdpr_consent=&gdpr=0&gpp_sid=&us_privacy=&A=0fd72110-0a58-41ef-8da5-239c415a6f50&bidder=openx&cbx=aHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9&uid=3e...
https://id.a-mx.com/u?&gdpr=0&us_privacy=1---&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F4%2F28893%3Fgpp%3D%26gdpr_consent%3D%26gdpr%3D0%26gpp_sid%3D%26us_privacy%3D%26A%3D0fd72110-0a58-41ef-8da5-...
https://prebid.a-mo.net/cchain/4/28893?gpp=&gdpr_consent=&gdpr=0&gpp_sid=&us_privacy=&A=0fd72110-0a58-41ef-8da5-239c415a6f50&bidder=amx_com&cbx=aHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A9Nzc5MTMxJmM9&uid=...
https://ssum.casalemedia.com/usermatchredir?s=191503&gdpr=0&us_privacy=1---&cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F5%2F28893%3Fgpp%3D%26gdpr_consent%3D%26gdpr%3D0%26gpp_sid%3D%26us_privacy%3D%...
https://ssum.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fprebid.a-mo.net%2Fcchain%2F5%2F28893%3Fus_privacy%3D1---%26gpp%3D%26gdpr_consent%3D%26gdpr%3D0%26gpp_sid%3D%26us_privacy%3D%26A%3D0fd721...
https://prebid.a-mo.net/cchain/5/28893?us_privacy=1---&gpp=&gdpr_consent=&gdpr=0&gpp_sid=&us_privacy=&A=0fd72110-0a58-41ef-8da5-239c415a6f50&bidder=index_rtb&cbx=aHR0cHM6Ly9jbS5tZ2lkLmNvbS9tP2Nkc3A...
https://image8.pubmatic.com/AdServer/ImgSync?p=158355&gdpr=0&us_privacy=1---&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D158355%26pmc%3DPM_PMC%26pr%3Dhttps%253A%252F%252Fprebid.a-m...
https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:9150aa01-1aaf-469e-a866-73f2d35211f0&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
https://image8.pubmatic.com/AdServer/ImgSync?gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}

0
125 B

29ms
28ms

Image
text/plain

8.28.7.82
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Server: 8.28.7.82 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
cache-control: private,max-age=86400
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
date: Wed, 13 Dec 2023 21:05:00 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://cs.krushmedia.com/e4e1f5fe20753b6b614cda48b7e3c9f7.gif?redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D827026%26c%3D%5BUID%5D
https://cm.mgid.com/m?cdsp=827026&c=d104b083-5f87-5283-876f-38c0e38d4a21

43 B
494 B

56ms
55ms

Image
image/gif

2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.mgid.com/m?cdsp=827026&c=d104b083-5f87-5283-876f-38c0e38d4a21

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 835489866e6e4bc1-BUF
alt-svc: h3=":443"; ma=86400
content-length: 43

Redirect headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 06:54:44 GMT
Server: nginx
Location: https://cm.mgid.com/m?cdsp=827026&c=d104b083-5f87-5283-876f-38c0e38d4a21
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://cs.admanmedia.com/e4e1f5fe20753b6b614cda48b7e3c9f7.gif?gdpr=0&gdpr_consent=&ccpa=&redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D675043%26c%3D%5BUID%5D
https://cm.mgid.com/m?cdsp=675043&c=3c740365-8354-4d8e-b5a5-ca610f7a4fcc

43 B
495 B

55ms
54ms

Image
image/gif

2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.mgid.com/m?cdsp=675043&c=3c740365-8354-4d8e-b5a5-ca610f7a4fcc

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 835489866e704bc1-BUF
alt-svc: h3=":443"; ma=86400
content-length: 43

Redirect headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 06:54:44 GMT
Server: nginx
Location: https://cm.mgid.com/m?cdsp=675043&c=3c740365-8354-4d8e-b5a5-ca610f7a4fcc
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://ad.360yield.com/server_match?partner_id=1944&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D
https://ad.360yield.com/ul_cb/server_match?partner_id=1944&gdpr=0&gdpr_consent=&us_privacy=&r=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D665953%26c%3D%7BPUB_USER_ID%7D
https://cm.mgid.com/m?cdsp=665953&c=2104bfe3-cb8a-4a86-93c1-8fb0556e799f

43 B
511 B

76ms
75ms

Image
image/gif

2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.mgid.com/m?cdsp=665953&c=2104bfe3-cb8a-4a86-93c1-8fb0556e799f

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 83548986ae7d4bc1-BUF
alt-svc: h3=":443"; ma=86400
content-length: 43

Redirect headers

location: https://cm.mgid.com/m?cdsp=665953&c=2104bfe3-cb8a-4a86-93c1-8fb0556e799f
access-control-allow-origin: *
date: Thu, 14 Dec 2023 06:54:44 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D709070%26c%3D%24UID
https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D709070%26c%3D%24UID&sovrn_retry=true
https://cm.mgid.com/m?cdsp=709070&c=H0X-iLZHve4WUJtJQaGwABc-

43 B
510 B

68ms
65ms

Image
image/gif

2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.mgid.com/m?cdsp=709070&c=H0X-iLZHve4WUJtJQaGwABc-

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 83548986ae7c4bc1-BUF
alt-svc: h3=":443"; ma=86400
content-length: 43

Redirect headers

Date: Thu, 14 Dec 2023 06:54:44 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Location: https://cm.mgid.com/m?cdsp=709070&c=H0X-iLZHve4WUJtJQaGwABc-
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2dca1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 0

GET
H3

200

google
cm.mgid.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=marketgid&google_cm=&google_ula={guid}&google_hm=bmJkSFVHXzBNRFNt&muidn=nbdHUG_0MDSm
https://cm.mgid.com/google?muidn=nbdHUG_0MDSm&google_ula={guid},5&google_gid=CAESEL4VDNqFrUiv5zlaZ9GH3Lc&google_cver=1

0
173 B

56ms
55ms

Image
text/plain

2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.mgid.com/google?muidn=nbdHUG_0MDSm&google_ula={guid},5&google_gid=CAESEL4VDNqFrUiv5zlaZ9GH3Lc&google_cver=1

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: text/plain
cf-ray: 83548985ce504bc1-BUF
alt-svc: h3=":443"; ma=86400
content-length: 0

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://cm.mgid.com/google?muidn=nbdHUG_0MDSm&google_ula={guid},5&google_gid=CAESEL4VDNqFrUiv5zlaZ9GH3Lc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 327
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://cm.rtbsystem.com/mgid?c=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=&cd=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D556372%26c%3D%24%7BUSER%7D
https://cm.mgid.com/m?cdsp=556372&c=a75257b6-d0a8-5f01-8f36-4e57a2ccafba

43 B
527 B

80ms
80ms

Image
image/gif

2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.mgid.com/m?cdsp=556372&c=a75257b6-d0a8-5f01-8f36-4e57a2ccafba

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 835489872e934bc1-BUF
alt-svc: h3=":443"; ma=86400
content-length: 43

Redirect headers

date: Thu, 14 Dec 2023 06:54:44 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y%2BadFcCsNrl9esy9fWOVK1FyKqsnn0%2Bt6zw9Brg3Fn07AzYdJ2wrgFu%2FVd3grHuDcKzW%2FBYv3c%2BhWFb80wjk1PLnM7%2FtqZnqS42%2FlKlzlEr4CJEaSS8OHKcexuFnzj1LCILJQ6mBXQ9CLphAy2xz"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
location: https://cm.mgid.com/m?cdsp=556372&c=a75257b6-d0a8-5f01-8f36-4e57a2ccafba
cf-ray: 835489866dea4bcf-BUF
alt-svc: h3=":443"; ma=86400
content-length: 43

GET
H2 200 /
cm.idealmedia.io/setmuidn/ 0
158 B 142ms
57ms Image
image/gif 2606:4700::6813:9722
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.idealmedia.io/setmuidn/?muidf=nbdHUG_0MDSm

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9722 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cf-ray: 835489874ce54bcd-BUF
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://tracker.direct.e-volution.ai/sync?id=5&gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D737576%26c%3D%7BPLL_USER_ID%7D
https://cm.mgid.com/m?cdsp=737576&c=4494ca0e-6013-f7bf-193a-5a445ca6ca52

43 B
527 B

64ms
64ms

Image
image/gif

2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.mgid.com/m?cdsp=737576&c=4494ca0e-6013-f7bf-193a-5a445ca6ca52

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 835489878ea74bc1-BUF
alt-svc: h3=":443"; ma=86400
content-length: 43

Redirect headers

location: https://cm.mgid.com/m?cdsp=737576&c=4494ca0e-6013-f7bf-193a-5a445ca6ca52
content-length: 88
content-type: text/plain; charset=utf-8

GET
H2

200

v1
match.sharethrough.com/sync/
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=303&user_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=
https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=&seat_user_id=nbdHUG_0MDSm&seat_key=303&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=

68 B
280 B

141ms
35ms

Image
image/png

34.225.212.107
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=&seat_user_id=nbdHUG_0MDSm&seat_key=303&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Server: 34.225.212.107 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-225-212-107.compute-1.amazonaws.com
Software: /
Resource Hash: 6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
cache-control: no-cache
content-length: 68
content-type: image/png

Redirect headers

Location: //match.sharethrough.com/sync/v1?source_id=bf2b131f1f7eff9d8892972c&source_user_id=&seat_user_id=nbdHUG_0MDSm&seat_key=303&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
Date: Thu, 14 Dec 2023 06:54:44 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3

200

m
cm.mgid.com/
Redirect Chain

https://creativecdn.com/cm-notify?pi=mgid&gdpr=0&gdpr_consent=&us_privacy=
https://creativecdn.com/cm-notify?pi=mgid&gdpr=0&gdpr_consent=&us_privacy=&tc=1
https://cm.mgid.com/m?cdsp=501037&c=9gIs7KLWh32cGmjrWHcsSItL96KT2iR2V5Awav7emE0&pi=mgid&gdpr=0&gdpr_consent=&us_privacy=&tc=1

43 B
558 B

54ms
53ms

Image
image/gif

2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.mgid.com/m?cdsp=501037&c=9gIs7KLWh32cGmjrWHcsSItL96KT2iR2V5Awav7emE0&pi=mgid&gdpr=0&gdpr_consent=&us_privacy=&tc=1

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 83548989ff2a4bc1-BUF
alt-svc: h3=":443"; ma=86400
content-length: 43

Redirect headers

location: https://cm.mgid.com/m?cdsp=501037&c=9gIs7KLWh32cGmjrWHcsSItL96KT2iR2V5Awav7emE0&pi=mgid&gdpr=0&gdpr_consent=&us_privacy=&tc=1
pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT, Thu, 14 Dec 2023 06:54:44 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 712056.gif
id.rlcdn.com/ 42 B
307 B 82ms
56ms Image
image/gif 35.244.154.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://id.rlcdn.com/712056.gif?
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.154.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.154.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

GET
H/1.1 204
No Content 34b9aae5baa016b251b9fc488f4a97cd.gif
sync.e-volution.ai/ 0
103 B 362ms
103ms Image
text/plain 109.206.161.21
SERVEREL-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.e-volution.ai/34b9aae5baa016b251b9fc488f4a97cd.gif?puid=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&ccpa_consent=
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 109.206.161.21 Amsterdam, Netherlands, ASN50245 (SERVEREL-AS, US),
Reverse DNS: 109.206.161.21.serverel.net
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Connection: keep-alive
Date: Thu, 14 Dec 2023 06:54:44 GMT
Server: nginx

GET
H2 400 sync
t.adx.opera.com/pub/ 0
412 B 362ms
103ms Image
text/plain 82.145.213.8
NO-OPERA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://t.adx.opera.com/pub/sync?pub6103523253312&gdpr=0&consent=&us_privacy=
Requested by: Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 82.145.213.8 , Norway, ASN39832 (NO-OPERA, NO),
Reverse DNS: n-sysadmin-jumpbox-03.feednews.opera.technology
Software: Tengine /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
server: Tengine
access-control-allow-methods: POST, GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
content-length: 0
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK cors Show response
data.ad-score.com/data/ 1 B
277 B 56ms
55ms Fetch
text/plain 130.211.115.4
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://data.ad-score.com/data/cors?pm_st=EXHHETdYSHLmOIOludkrAGsPaqyMAQtH-FE7fPshldVTkKDgY03zOFk7F-E03BPslublfiNw==&pm_ct=dbf5be2d690aabe22b31ed0e&pm_pl=1702536883422&pm_td=673&pid=1000177&en=1.1&callback=__pm_glbl_GsWG4I7xP99yy9oPKahrbg1I._gc4&tt=opt&v=9843e51
Requested by: Host: cadmus.script.ac
URL: https://cadmus.script.ac/d1zxg9iar5y3ur/script.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_GCM
Server: 130.211.115.4 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 4.115.211.130.bc.googleusercontent.com
Software: /
Resource Hash: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

Referer: https://49.13.84.163.sslip.io/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://49.13.84.163.sslip.io
Date: Thu, 14 Dec 2023 06:54:44 GMT
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1
Access-Control-Allow-Methods: POST
Content-Type: text/plain; charset=utf-8

GET
H2

200

/
onetag-sys.com/match/ Frame CBEB
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=75&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D1%26uid%3D%5BMM_UUID%5D%26gdpr%3D0%26gdpr_consent%3D
https://onetag-sys.com/match/?int_id=1&uid=a627657a-a6b4-4300-9597-2809ddea0630&gdpr=0&gdpr_consent=

0
340 B

25ms
25ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=1&uid=a627657a-a6b4-4300-9597-2809ddea0630&gdpr=0&gdpr_consent=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Date: Thu, 14 Dec 2023 06:54:44 GMT
Server: MT3 1237 600843f master ord ord-pixel-x19 config_version:"3667"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://onetag-sys.com/match/?int_id=1&uid=a627657a-a6b4-4300-9597-2809ddea0630&gdpr=0&gdpr_consent=
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Thu, 14 Dec 2023 06:54:43 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame CBEB
Redirect Chain

https://pixel-eu.rubiconproject.com/exchange/sync.php?p=onetag&gdpr=0&gdpr_consent=
https://onetag-sys.com/match/?int_id=2&uid=LQ4UI2RA-X-D3D1&gdpr=0

0
340 B

34ms
24ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=2&uid=LQ4UI2RA-X-D3D1&gdpr=0

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://onetag-sys.com/match/?int_id=2&uid=LQ4UI2RA-X-D3D1&gdpr=0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 7c5d24517ee193cc868994bc18883d1d
Expires: 0

GET
H2

200

/
onetag-sys.com/match/ Frame CBEB
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D98%26gdpr%3D0%26gdpr_consent%3D%26uid%3D$UID
https://onetag-sys.com/match/?int_id=98&gdpr=0&gdpr_consent=&uid=5640016288828445218

0
340 B

32ms
30ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=98&gdpr=0&gdpr_consent=&uid=5640016288828445218

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
an-x-request-uuid: 68338b5b-a124-40a0-85a4-40a8701ff91e
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://onetag-sys.com/match/?int_id=98&gdpr=0&gdpr_consent=&uid=5640016288828445218
x-proxy-origin: 96.9.246.195; 96.9.246.195; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame CBEB
Redirect Chain

https://ads.stickyadstv.com/user-matching?id=3679&gdpr=0&gdpr_consent=
https://onetag-sys.com/match/?int_id=3&uid=7ee4f7238a3681c19cf855d055613a3e&gdpr_consent=&gdpr=0

0
340 B

26ms
26ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=3&uid=7ee4f7238a3681c19cf855d055613a3e&gdpr_consent=&gdpr=0

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 06:54:44 GMT
Server: nginx
Access-Control-Allow-Origin: *
Location: https://onetag-sys.com/match/?int_id=3&uid=7ee4f7238a3681c19cf855d055613a3e&gdpr_consent=&gdpr=0
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
x-sticky-vk: 1702536884284058-177

GET
H/1.1 200
OK tap.php
pixel.rubiconproject.com/ Frame CBEB 42 B
927 B 152ms
33ms Image
image/gif 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=223352&nid=4584&put=5UmJfM_qHm4K3EtYAOz7AODazEpMxlre77qs7xM2LK4
Requested by: Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 2fcb300b847bad3e7dd1184ec8a1c2f5
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2

200

/
onetag-sys.com/match/ Frame CBEB
Redirect Chain

https://cs.admanmedia.com/73c1e1bfc3bde354d60b80e601ae3914.gif?puid=[UID]&redir=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D164%26gdpr%3D%24%7BGDPR%7D%26gdpr_consent%3D%24%7BGDPR_STRING%7D%2...
https://onetag-sys.com/match/?int_id=164&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=13e7e2f5-5675-4e57-95f1-d4706c7fb748

0
340 B

28ms
23ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=164&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=13e7e2f5-5675-4e57-95f1-d4706c7fb748

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 06:54:44 GMT
Server: nginx
Location: https://onetag-sys.com/match/?int_id=164&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=13e7e2f5-5675-4e57-95f1-d4706c7fb748
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame CBEB
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&ot_initiated=1
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABjGcbL9wHVq3DA5sd0rNua0PKFum7-zSDFg

170 B
188 B

47ms
43ms

Image
image/png

142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABjGcbL9wHVq3DA5sd0rNua0PKFum7-zSDFg

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=AAABjGcbL9wHVq3DA5sd0rNua0PKFum7-zSDFg
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

/
onetag-sys.com/match/ Frame CBEB
Redirect Chain

https://ssbsync-global.smartadserver.com/api/sync?callerId=5&gdpr=0&gdpr_consent=&us_privacy=&redirectUri=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D107%26uid%3D[ssb_sync_pid]
https://onetag-sys.com/match/?int_id=107&uid=8682852645158157850

0
340 B

25ms
25ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=107&uid=8682852645158157850

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: https://onetag-sys.com/match/?int_id=107&uid=8682852645158157850
date: Thu, 14 Dec 2023 06:54:44 GMT
content-length: 0

GET
H/1.1

200
OK

ecm3
s.amazon-adsystem.com/ Frame CBEB
Redirect Chain

https://onetag-sys.com/match/?int_id=113&gdpr=0&gdpr_consent=&callback=https%3A%2F%2Fs.amazon-adsystem.com%2Fecm3%3Fex%3Donetag.com%26id%3D%24%7BUSER_TOKEN%7D&ot_initiated=1
https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=5UmJfM_qHm4K3EtYAOz7AODazEpMxlre77qs7xM2LK4

43 B
479 B

114ms
34ms

Image
image/gif

209.54.182.161
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=5UmJfM_qHm4K3EtYAOz7AODazEpMxlre77qs7xM2LK4

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

HTTP/1.1

Server

209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 14 Dec 2023 06:54:44 GMT
Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Server: Server
x-amz-rid: 0DDR47TV520QN6HPKXMF
Vary: Content-Type,Accept-Encoding,User-Agent
Content-Type: image/gif
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 43
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

location: https://s.amazon-adsystem.com/ecm3?ex=onetag.com&id=5UmJfM_qHm4K3EtYAOz7AODazEpMxlre77qs7xM2LK4
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

/
onetag-sys.com/match/ Frame CBEB
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=159706&gdpr=0&gdpr_consent=&us_privacy=&pu=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D114%26gdpr%3D${GDPR}%26gdpr_consent%3D${GDPR_STRING}%26u...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=QjMyRjA0N0QtNUVBOS00MTExLUIxRkItRDREMzRDOTEyQjgw&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEH5vSuC7ZEOHrU9g9iRt1dM&google_cver=1
https://image8.pubmatic.com/AdServer/ImgSync?gdpr=0&gdpr_consent=&us_privacy=${US_PRIVACY}
https://onetag-sys.com/match/?int_id=114&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=B32F047D-5EA9-4111-B1FB-D4D34C912B80

0
340 B

25ms
24ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=114&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=B32F047D-5EA9-4111-B1FB-D4D34C912B80

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: https://onetag-sys.com/match/?int_id=114&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=B32F047D-5EA9-4111-B1FB-D4D34C912B80
date: Thu, 14 Dec 2023 06:54:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 157
content-type: text/html; charset=utf-8

GET
H2

200

/
onetag-sys.com/match/ Frame CBEB
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=onetag_eb&google_cm
https://onetag-sys.com/match/?int_id=106&google_gid=CAESEAY0KXMSuOvY2FcaKloADPY&google_cver=1

0
340 B

31ms
24ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=106&google_gid=CAESEAY0KXMSuOvY2FcaKloADPY&google_cver=1

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=106&google_gid=CAESEAY0KXMSuOvY2FcaKloADPY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 298
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
onetag-sys.com/match/ Frame CBEB
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=562985&ev=1&us_privacy=&rurl=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D149%26gdpr%3D%24%7BGDPR%7D%26gdpr_consent%3D%24%7BGDPR_STRING%7D%26uid%3D%25%2...
https://onetag-sys.com/match/?int_id=149&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=R2DEH0Msfbfo&ev=1&us_privacy=&pid=562985

0
340 B

32ms
30ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=149&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=R2DEH0Msfbfo&ev=1&us_privacy=&pid=562985

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

strict-transport-security: max-age=15768000
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server: Jetty(10.0.14)
content-language: en-US
location: https://onetag-sys.com/match/?int_id=149&gdpr=${GDPR}&gdpr_consent=${GDPR_STRING}&uid=R2DEH0Msfbfo&ev=1&us_privacy=&pid=562985
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-5c6449b65-ftd9k
expires: -1

GET
H2

200

/
onetag-sys.com/match/ Frame CBEB
Redirect Chain

https://prebid-match.dotomi.com/match/bounce/current?version=1&networkId=72582&rurl=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D90%26gdpr%3D0%26gdpr_consent%3D%26uid%3D
https://prebid-match.dotomi.com/match/bounce/current?DotomiTest=4cac978b8b141345&is_secure=true&version=1&networkId=72582&rurl=https%3A%2F%2Fonetag-sys.com%2Fmatch%2F%3Fint_id%3D90%26gdpr%3D0%26gdp...
https://onetag-sys.com/match/?int_id=90&gdpr=0&gdpr_consent=&uid=AAAGU7VSGoAtGANWwIH3AAAAAAA&expiration=1702623284

0
340 B

26ms
25ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=90&gdpr=0&gdpr_consent=&uid=AAAGU7VSGoAtGANWwIH3AAAAAAA&expiration=1702623284

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
server: nginx
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"
location: https://onetag-sys.com/match/?int_id=90&gdpr=0&gdpr_consent=&uid=AAAGU7VSGoAtGANWwIH3AAAAAAA&expiration=1702623284
cache-control: no-cache, private, max-age=0, no-store
content-length: 0
expires: 0

GET
H2

200

/
onetag-sys.com/match/ Frame CBEB
Redirect Chain

https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58488/occ?&gdpr=0&gdpr_consent=&verify=true
https://onetag-sys.com/match/?int_id=92&uid=y-CjJaABRE2uHntlGSK1k.FRhNVp1ZaJ9XeaTtCdQ-~A

0
340 B

25ms
25ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=92&uid=y-CjJaABRE2uHntlGSK1k.FRhNVp1ZaJ9XeaTtCdQ-~A

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: https://onetag-sys.com/match/?int_id=92&uid=y-CjJaABRE2uHntlGSK1k.FRhNVp1ZaJ9XeaTtCdQ-~A
date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.94
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2

200

/
onetag-sys.com/match/ Frame CBEB
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=vw6iyrn&ttd_tpi=1&gpdr=0&gdpr_consent=
https://onetag-sys.com/match/?int_id=29&uid=ee1f9bfd-2e68-49de-875c-950277e092f2&gdpr=0&gdpr_consent=

0
340 B

31ms
29ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=29&uid=ee1f9bfd-2e68-49de-875c-950277e092f2&gdpr=0&gdpr_consent=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

location: https://onetag-sys.com/match/?int_id=29&uid=ee1f9bfd-2e68-49de-875c-950277e092f2&gdpr=0&gdpr_consent=
date: Thu, 14 Dec 2023 06:54:44 GMT
server: Kestrel
content-length: 233

GET
H2

200

/
onetag-sys.com/match/ Frame CBEB
Redirect Chain

https://x.bidswitch.net/sync?ssp=onetag&gdpr=0&gdpr_consent=
https://x.bidswitch.net/ul_cb/sync?ssp=onetag&gdpr=0&gdpr_consent=
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=onetag
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=onetag
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=0b981ff1-cccb-412a-b4b5-3d4970390a8d&ssp=onetag
https://onetag-sys.com/match/?int_id=30&uid=7d49d498-6114-4e12-834a-234386e2584c&gdpr=&gdpr_consent=&us_privacy=

0
340 B

27ms
24ms

Image
text/plain

51.222.39.184
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=30&uid=7d49d498-6114-4e12-834a-234386e2584c&gdpr=&gdpr_consent=&us_privacy=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Server

51.222.39.184 , Canada, ASN16276 (OVH, FR),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

Location: //onetag-sys.com/match/?int_id=30&uid=7d49d498-6114-4e12-834a-234386e2584c&gdpr=&gdpr_consent=&us_privacy=
Date: Thu, 14 Dec 2023 06:54:44 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H3 200 m
cm.mgid.com/ Frame CBEB 43 B
495 B 55ms
54ms Image
image/gif 2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.mgid.com/m?cdsp=834098&c=5UmJfM_qHm4K3EtYAOz7AODazEpMxlre77qs7xM2LK4&gdpr=0&consent=&us_privacy=

Requested by

Host: onetag-sys.com
URL: https://onetag-sys.com/usync/?pubId=7cd9d7c7c13ff36&sync_id=nbdHUG_0MDSm&gdpr=0&gdpr_consent=&us_privacy=

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://onetag-sys.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 835489862e5b4bc1-BUF
alt-svc: h3=":443"; ma=86400
content-length: 43

GET
H2 204 1
sync-eu.connectad.io/syncer/ Frame F54C 0
0 143ms
132ms Document
text/html 2606:4700:10::ac43:8ae
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-eu.connectad.io/syncer/1?us_privacy=&gdpr_consent=&cb=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D817115%26c%3D
Requested by: Host: cdn.connectad.io
URL: https://cdn.connectad.io/connectmyusers.php?us_privacy=&gdpr_consent=&cb=https%3A%2F%2Fcm.mgid.com%2Fm%3Fcdsp%3D817115%26c%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::ac43:8ae , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://cdn.connectad.io/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 835489866e994bbb-BUF
content-type: text/html; charset=UTF-8
date: Thu, 14 Dec 2023 06:54:44 GMT
server: cloudflare
vary: Accept-Encoding Origin

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMy0xMS82NjcwNzIvYjg4N...
s-img.mgid.com/g/17972957/492x277/-/ 17 KB
18 KB 36ms
35ms Image
image/webp 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s-img.mgid.com/g/17972957/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMy0xMS82NjcwNzIvYjg4NDMwN2ZiMzZjNzBiYWRkZmVkOWU0ZWQxNzk0MGEucG5n.webp?v=1702536884-QEQwKl-yJ7U6X4I7_ZUcOX9OVTWiW3Ix_3AGXTUUas0

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5bdfd0372fb153968a3f0d7c1b17caf2bde14d8b5d2fa85909dfbf86f24d7795

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://49.13.84.163.sslip.io/
Origin: https://49.13.84.163.sslip.io
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
x-mg-request-uuid: 0ce9bdc6-229c-4503-80ce-c2140c53ef27
age: 578246
alt-svc: h3=":443"; ma=86400
content-length: 17910
last-modified: Tue, 05 Dec 2023 19:34:40 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 83548986bbdf4bc0-BUF

GET
H2 206 e31a83633999f24179bf2156a0195dce.mp4
cl.imghosts.com/imgh/video/upload/ar_16:9,c_fill,w_680/videos/t/2023-10/826889/ 444 KB
445 KB 129ms
39ms Media
video/mp4 2606:4700:4400::ac40:9281
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cl.imghosts.com/imgh/video/upload/ar_16:9,c_fill,w_680/videos/t/2023-10/826889/e31a83633999f24179bf2156a0195dce.mp4?v=1702536884-aUL5TEvo6fwVW80Yk93e5Rc8JQAs9KFf-9VQwjdzelw

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9281 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dd2accc0000a7a59daa8eb7507a0d3ca609b74353ef9bd4e2921b433b064aaf6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://49.13.84.163.sslip.io/
Accept-Encoding: identity;q=1, *;q=0
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1630584
Content-Range: bytes 0-454475/454476
server-timing: cld-cloudflare;mitm=c;dur=123;start=2023-11-12T07:41:44.731Z;desc=miss,content-info;desc="width=680,height=382,abps=64313,fps=30.0,du=7.067,vc="h264",bytes=454476,owidth=680,oheight=382,oabps=71201,ofps=30.0,odu=7.067,ovc="h264",obytes=503155,oformat="mp4";";cloudinary;dur=97;start=2023-11-12T07:41:44.752Z
alt-svc: h3=":443"; ma=86400
Content-Length: 454476
last-modified: Thu, 26 Oct 2023 19:38:37 GMT
server: cloudflare
etag: "e2c1ba5c160fb108b0f99aa90de2afc0"
vary: Accept-Encoding
content-type: video/mp4;codecs=avc1
access-control-allow-origin: *
access-control-expose-headers: Content-Length,ETag,Server-Timing,Vary,x-content-type-options
cache-control: public, max-age=31536000, no-transform, immutable
timing-allow-origin: *
x-robots-tag: noindex
cf-ray: 835489884ec84bc1-BUF

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 2D48 46 KB
13 KB 32ms
32ms Script
text/html 23.47.170.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=us-west&gdpr=0&gdpr_consent=&us_privacy=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.170.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-170-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ee91000e39f742df4e2c64bcf8b21d1838b207da85c15245c7423956d1d8d64b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=mgid&endpoint=us-west&gdpr=0&gdpr_consent=&us_privacy=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:54:44 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Dec 2023 14:17:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=26535
Connection: keep-alive
Content-Length: 13232
Expires: Thu, 14 Dec 2023 14:16:59 GMT

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmJlc3Qsd18xMDIwLHhfMzQseV81NDEvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjMtMTEvO...
s-img.mgid.com/g/17916344/492x277/-/ 13 KB
13 KB 39ms
39ms Image
image/webp 2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s-img.mgid.com/g/17916344/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ194eV9jZW50ZXIscV9hdXRvOmJlc3Qsd18xMDIwLHhfMzQseV81NDEvaHR0cDovL2ltZ2hvc3RzLmNvbS90LzIwMjMtMTEvODMzOTkwL2JlZTNlYzViOWZiNTBjYmZlZjI1Y2JkNGQyNjc2NzIyLmpwZw.webp?v=1702536883-OfQv_ffxhvZCRBOd3sga5tD-v2nfwQ14NtNCPrMNXOw

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9c61f281d1dbfe78c787240f9fc42f49b0dcc3e30c0ad4933dcff8b658d2076

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
x-mg-request-uuid: 67bbe1f0-07ce-49aa-8261-2b371fe42e62
age: 741495
alt-svc: h3=":443"; ma=86400
content-length: 12904
last-modified: Mon, 04 Dec 2023 14:33:06 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 835489871e8d4bc1-BUF

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpiZXN0LHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMy0xMi84MzM5OTAvZmNmN...
s-img.mgid.com/g/18067153/492x277/-/ 18 KB
18 KB 36ms
35ms Image
image/webp 2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s-img.mgid.com/g/18067153/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpiZXN0LHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMy0xMi84MzM5OTAvZmNmNzFkOTc2M2FlNDkxYzBjODBiOTJhODdiNjI2NDAuanBn.webp?v=1702536883-K4A-qIr7ROyIGQXbnlwbzCha2Uo3uryIOUO-LImGuk4

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9056ef2a5fb38ba85b5dd2c734e390364e05439f97cb80c29b9f33a44d2190f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
x-mg-request-uuid: 9b0416f7-7d86-4c87-b0a3-c4f376c74ea6
age: 22191
alt-svc: h3=":443"; ma=86400
content-length: 18136
last-modified: Wed, 13 Dec 2023 19:06:55 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 835489871e8e4bc1-BUF

GET
H3 200 widget-ssp-performance
c.mgid.com/ 43 B
183 B 84ms
83ms Image
image/gif 2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.mgid.com/widget-ssp-performance?time=363&uspString=1---

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 835489872e924bc1-BUF
alt-svc: h3=":443"; ma=86400
content-type: image/gif

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 2D48 7 B
861 B 32ms
31ms XHR
application/json 69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?gdpr=0&us_privacy=1---
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: f69a50991384d09413b97a37bb74928b
Expires: 0

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpiZXN0LHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMy0xMi84MzM5OTAvZmNmN...
s-img.mgid.com/g/18067153/492x277/-/ 18 KB
18 KB 66ms
65ms Image
image/webp 2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9056ef2a5fb38ba85b5dd2c734e390364e05439f97cb80c29b9f33a44d2190f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://49.13.84.163.sslip.io/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
x-mg-request-uuid: 9b0416f7-7d86-4c87-b0a3-c4f376c74ea6
age: 22191
alt-svc: h3=":443"; ma=86400
content-length: 18136
last-modified: Wed, 13 Dec 2023 19:06:55 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 835489874e994bc1-BUF

GET
H3 200 aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMy0xMi8yNzg2MDUvMjEyY...
s-img.mgid.com/g/18042451/492x277/-/ 8 KB
9 KB 36ms
35ms Image
image/webp 2606:4700:1::6813:814c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s-img.mgid.com/g/18042451/492x277/-/aHR0cDovL2NsLmltZ2hvc3RzLmNvbS9pbWdoL2ltYWdlL2ZldGNoL2FyXzE2OjksY19maWxsLGVfc2hhcnBlbjoxMDAsZl9qcGcsZ19mYWNlczphdXRvLHFfYXV0bzpnb29kLHdfMTAyMC9odHRwOi8vaW1naG9zdHMuY29tL3QvMjAyMy0xMi8yNzg2MDUvMjEyYWFlNGQ5ZTBkN2JlNjEyM2NhYTNmNDIxNWE0YzUuanBn.webp?v=1702536884-nSvRmS6ZH1Wf-KeX0GMC9I2FsKGNqP6O2ecg-iEs1iI

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:1::6813:814c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c85be9b6f349381e5102bd8982fda9ffb14691b30a244a1248a97e7350ee4214

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Referer: https://49.13.84.163.sslip.io/
Origin: https://49.13.84.163.sslip.io
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: HIT
x-mg-request-uuid: 231b929c-5b77-400f-a4e8-96e6ec19e4e3
age: 206611
alt-svc: h3=":443"; ma=86400
content-length: 8270
last-modified: Mon, 11 Dec 2023 17:27:55 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/webp
access-control-allow-origin: *
cache-control: immutable, max-age=31536000
accept-ranges: bytes
x-robots-tag: noindex
cf-ray: 835489874c024bc0-BUF

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame CD69
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=33across&endpoint=us-east&us_privacy=
https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=

281 B
555 B

28ms
27ms

Document
text/html

23.47.170.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.170.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-170-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Thu, 14 Dec 2023 06:54:44 GMT
ETag: "280525-119-60930cbd3cec0"
Last-Modified: Thu, 02 Nov 2023 19:57:23 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Thu, 14 Dec 2023 06:54:44 GMT
location: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
server: AkamaiGHost

GET
H2

200

user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame DA86
Redirect Chain

https://ssc-cms.33across.com/ps/?us_privacy=&ts=1702536884353.7&ri=25&ru=https%3A%2F%2Fads.pubmatic.com%2FAdServer%2Fjs%2Fuser_sync.html%3F%26p%3D156423%26us_privacy%3D%24%7BUS_PRIVACY%7D%26predire...
https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D

16 KB
6 KB

29ms
28ms

Document
text/html

23.51.57.13
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.51.57.13 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-51-57-13.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 8e53e50181b7a9e2caa94173c37fcd9de8fa75750764a2ad8ad02fac3306d652

Request headers

Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=95255
content-encoding: gzip
content-length: 5622
content-type: text/html
date: Thu, 14 Dec 2023 06:54:44 GMT
expires: Fri, 15 Dec 2023 09:22:19 GMT
last-modified: Thu, 16 Nov 2023 09:11:44 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

Redirect headers

cache-control: no-store, no-cache, must-revalidate
content-length: 0
date: Thu, 14 Dec 2023 06:54:43 GMT
expires: Thu, 01-Jan-70 00:00:01 GMT
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
pragma: no-cache
referrer-policy: unsafe-url
server: 33XP016
x-33x-status: 40000000008200000A

GET
H3

200

m
cm.mgid.com/ Frame 4C68
Redirect Chain

https://ssc-cms.33across.com/ps/?_=1702536884353.&ri=0013300001hSPhhAAG&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X
https://cm.mgid.com/m?cdsp=796887&c=212289453085754

43 B
543 B

62ms
62ms

Image
image/gif

2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.mgid.com/m?cdsp=796887&c=212289453085754

Requested by

Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1

Protocol

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 83548987ceba4bc1-BUF
alt-svc: h3=":443"; ma=86400
content-length: 43

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
referrer-policy: unsafe-url
server: 33XP018
x-33x-status: 100000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://cm.mgid.com/m?cdsp=796887&c=212289453085754
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 4C68
Redirect Chain

https://x.bidswitch.net/sync?ssp=the33across&us_privacy=
https://cms.quantserve.com/pixel/p-zLwwakwy-hZw3.gif?idmatch=0&ssp=the33across&gdpr=&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=76&user_group=2&ssp=the33across&gdpr=0&user_id=ouMe1vXgS4W5tE-G8rME1PXlS4O5tU-O8eZNJbbx
https://ssc-cms.33across.com/ps/?xi=10&us_privacy=&xu=7d49d498-6114-4e12-834a-234386e2584c
https://events-ssc.33across.com/match?bidder_id=10&external_user_id=7d49d498-6114-4e12-834a-234386e2584c&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
117 B

33ms
33ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=10&external_user_id=7d49d498-6114-4e12-834a-234386e2584c&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-US,en;q=0.9
Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:43 GMT
referrer-policy: unsafe-url
server: 33XP016
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=10&external_user_id=7d49d498-6114-4e12-834a-234386e2584c&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 4C68
Redirect Chain

https://ups.analytics.yahoo.com/ups/58350/sync?redir=true
https://ssc-cms.33across.com/ps/?xi=99&us_privacy=&xu=y-bfVVWSpE2uFyIbqrv4R4U63vQHoKi49X~A
https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-bfVVWSpE2uFyIbqrv4R4U63vQHoKi49X%7EA&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
216 B

98ms
32ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-bfVVWSpE2uFyIbqrv4R4U63vQHoKi49X%7EA&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-US,en;q=0.9
Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
referrer-policy: unsafe-url
server: 33XP008
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=99&external_user_id=y-bfVVWSpE2uFyIbqrv4R4U63vQHoKi49X%7EA&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 4C68
Redirect Chain

https://33across-match.dotomi.com/match/bounce/current?networkId=78390&version=1&us_privacy=
https://33across-match.dotomi.com/match/bounce/current?DotomiTest=7bb027d66530fbf&is_secure=true&networkId=78390&version=1&us_privacy=
https://ssc-cms.33across.com/ps?xi=64&xu=AAAGU7VSGoAtGQMqy1v_AAAAAAA&expiration=1702623284&is_secure=true&us_privacy=
https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAGU7VSGoAtGQMqy1v_AAAAAAA&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
117 B

43ms
34ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAGU7VSGoAtGQMqy1v_AAAAAAA&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-US,en;q=0.9
Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
referrer-policy: unsafe-url
server: 33XP013
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=64&external_user_id=AAAGU7VSGoAtGQMqy1v_AAAAAAA&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H2

200

match
events-ssc.33across.com/ Frame 4C68
Redirect Chain

https://eb2.3lift.com/getuid?gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D33%26xu%3D%24UID
https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Fssc-cms.33across.com%2Fps%2F%3Fus_privacy%3D%26xi%3D33%26xu%3D%24UID
https://ssc-cms.33across.com/ps/?us_privacy=&xi=33&xu=2925943474985103838346
https://events-ssc.33across.com/match?bidder_id=33&external_user_id=2925943474985103838346&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=

68 B
117 B

53ms
53ms

Image
image/png

34.117.239.71
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://events-ssc.33across.com/match?bidder_id=33&external_user_id=2925943474985103838346&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: hde.tynt.com
URL: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
Protocol: H2
Server: 34.117.239.71 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 71.239.117.34.bc.googleusercontent.com
Software: /
Resource Hash: 2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11

Request headers

accept-language: en-US,en;q=0.9
Referer: https://hde.tynt.com/deb/?m=xch&rt=html&id=0013300001hSPhhAAG&us_privacy=&ru=https%3A//cm.mgid.com/m%3Fcdsp%3D796887%26c%3D33XUSERID33X&b=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date: Thu, 14 Dec 2023 06:54:44 GMT
cache-control: no-cache, no-store, max-age=0, must-revalidate
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68
content-type: image/png

Redirect headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:43 GMT
referrer-policy: unsafe-url
server: 33XP007
x-33x-status: 8000000008200000A
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
location: https://events-ssc.33across.com/match?bidder_id=33&external_user_id=2925943474985103838346&ts=1702536884&gdpr_58=&gdpr=0&gdpr_consent=&us_privacy=
cache-control: no-store, no-cache, must-revalidate
content-length: 0
expires: Thu, 01-Jan-70 00:00:01 GMT

GET
H3

200

m
cm.mgid.com/ Frame 2D48
Redirect Chain

https://pixel-us-west.rubiconproject.com/exchange/sync.php?p=mgid&gdpr=0&gdpr_consent=&us_privacy=&gdpr=0&us_privacy=1---&khaos=LQ4UI2RA-X-D3D1
https://cm.mgid.com/m?cdsp=43070&c=LQ4UI2RA-X-D3D1&gdpr=0

43 B
558 B

54ms
53ms

Image
image/gif

2606:4700:1::6813:824c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.mgid.com/m?cdsp=43070&c=LQ4UI2RA-X-D3D1&gdpr=0

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

2606:4700:1::6813:824c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif
cache-control: no-store, no-cache, must-revalidate, max-age=0
cf-ray: 8354898a2f384bc1-BUF
alt-svc: h3=":443"; ma=86400
content-length: 43

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.mgid.com/m?cdsp=43070&c=LQ4UI2RA-X-D3D1&gdpr=0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 84c4202fed6248b1767e8f951a1c3654
Expires: 0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame CD69 46 KB
13 KB 33ms
32ms Script
text/html 23.47.170.102
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.47.170.102 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-47-170-102.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: ee91000e39f742df4e2c64bcf8b21d1838b207da85c15245c7423956d1d8d64b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=33across&endpoint=us-east&us_privacy=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date: Thu, 14 Dec 2023 06:54:44 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Dec 2023 14:17:09 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=26535
Connection: keep-alive
Content-Length: 13232
Expires: Thu, 14 Dec 2023 14:16:59 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame DA86 5 KB
6 KB 110ms
29ms Script
text/html 8.28.7.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=87468006&p=156423&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1---
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?&p=156423&us_privacy=&predirect=https%3A%2F%2Fevents-ssc.33across.com%2Fmatch%3Fliv%3Dh%26us_privacy%3D%26bidder_id%3D25%26external_user_id%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 8.28.7.81 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 3fb5df04f94fe9a8529c553b4e26b54c1a0ca741fe5f3c167b2ac0f12dc8362b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Thu, 14 Dec 2023 06:54:42 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2D48
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n&gdpr=0&us_privacy=1---
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmNhZGU4M2QwMGRmOGJjNjIyMmRlM2EyYTM1M2M5ZDRjMGRiNGY1MQ&gdpr=0&us_privacy=1---

170 B
188 B

42ms
41ms

Image
image/png

142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmNhZGU4M2QwMGRmOGJjNjIyMmRlM2EyYTM1M2M5ZDRjMGRiNGY1MQ&gdpr=0&us_privacy=1---

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 14 Dec 2023 06:54:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=NmNhZGU4M2QwMGRmOGJjNjIyMmRlM2EyYTM1M2M5ZDRjMGRiNGY1MQ&gdpr=0&us_privacy=1---
Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: d67ad46d58ddbab9fb03c088eabaaff8
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2D48
Redirect Chain

https://token.rubiconproject.com/token?pid=25470&gdpr=0&us_privacy=1---
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TFE0VUkyUkEtWC1EM0Qx&gdpr=0&us_privacy=1---
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&gdpr=0&google_gid=CAESEEdECUGeJyMtK51KYBEIGcU&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFE0VUkyUkEtWC1EM0Qx&google_push=&gdpr=0

170 B
188 B

43ms
42ms

Image
image/png

142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TFE0VUkyUkEtWC1EM0Qx&google_push=&gdpr=0

Requested by

Host: 49.13.84.163.sslip.io
URL: https://49.13.84.163.sslip.io/

Protocol

Server

142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS