a.rfihub.com Open in urlscan Pro
193.0.160.129 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A...
Submission: On June 08 via manual (June 8th 2021, 6:32:50 pm UTC) from US

Summary HTTP 58 Redirects Behaviour Indicators

Summary

This website contacted 31 IPs in 5 countries across 29 domains to perform 58 HTTP transactions. The main IP is 193.0.160.129, located in United States and belongs to ROCKETFUEL, US. The main domain is a.rfihub.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 18th 2020. Valid for: 2 years.

This is the only time a.rfihub.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 9	193.0.160.129 193.0.160.129	54312 (ROCKETFUEL) (ROCKETFUEL)
1	2600:9000:215... 2600:9000:2156:6800:1:76cf:fe80:93a1	16509 (AMAZON-02) (AMAZON-02)
1 2	52.208.207.77 52.208.207.77	16509 (AMAZON-02) (AMAZON-02)
1	52.222.174.20 52.222.174.20	16509 (AMAZON-02) (AMAZON-02)
1 2	143.204.98.95 143.204.98.95	16509 (AMAZON-02) (AMAZON-02)
5	52.84.174.88 52.84.174.88	16509 (AMAZON-02) (AMAZON-02)
3 3	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1 2	185.33.221.87 185.33.221.87	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	23.45.99.241 23.45.99.241	16625 (AKAMAI-AS) (AKAMAI-AS)
1	69.173.144.139 69.173.144.139	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	52.17.93.232 52.17.93.232	16509 (AMAZON-02) (AMAZON-02)
1 2	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1288:80:... 2a00:1288:80:800::7001	203220 (YAHOO-DEB) (YAHOO-DEB)
1 3	35.244.174.68 35.244.174.68	15169 (GOOGLE) (GOOGLE)
1 2	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
1	2600:1f18:612... 2600:1f18:612b:4264:262e:5ecd:5178:9f8	14618 (AMAZON-AES) (AMAZON-AES)
1	52.56.111.113 52.56.111.113	16509 (AMAZON-02) (AMAZON-02)
1	99.80.93.68 99.80.93.68	16509 (AMAZON-02) (AMAZON-02)
1 2	52.57.230.211 52.57.230.211	16509 (AMAZON-02) (AMAZON-02)
1	3.124.210.90 3.124.210.90	16509 (AMAZON-02) (AMAZON-02)
2 2	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
1	2.18.235.93 2.18.235.93	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	82.199.68.72 82.199.68.72	15830 (EQUINIX-C...) (EQUINIX-CONNECT)
1	52.22.87.103 52.22.87.103	14618 (AMAZON-AES) (AMAZON-AES)
4	2a02:26f0:6c0... 2a02:26f0:6c00:2b2::4469	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	213.254.244.22 213.254.244.22	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.38 142.250.186.38	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2006	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
58	31

9 193.0.160.129 (United States) 2 redirects

ASN54312 (ROCKETFUEL, US)

a.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
20794017p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:6800:1:76cf:fe80:93a1 (United States)

ASN16509 (AMAZON-02, US)

c1.rfihub.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.208.207.77 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

secure-us.imrworldwide.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.174.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-174-20.cdg50.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.98.95 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-95.fra50.r.cloudfront.net

live.rezync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.84.174.88 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-174-88.cdg50.r.cloudfront.net

choices.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.194 (United States) 3 redirects

ASN15169 (GOOGLE, US)

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.221.87 (Amsterdam, Netherlands) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.45.99.241 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-99-241.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
x.dlx.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.139 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.17.93.232 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-93-232.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.234.21 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:800::7001 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.174.68 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.94.180.126 (United States) 1 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:612b:4264:262e:5ecd:5178:9f8 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.56.111.113 (London, United Kingdom)

ASN16509 (AMAZON-02, US)

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.80.93.68 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

beacon.krxd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.57.230.211 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.124.210.90 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.114.49 (Frankfurt am Main, Germany) 2 redirects

ASN54113 (FASTLY, US)

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.235.93 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-235-93.deploy.static.akamaitechnologies.com

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 82.199.68.72 (Netherlands) 1 redirects

ASN15830 (EQUINIX-CONNECT, GB)

bs.serving-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.22.87.103 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

bpi.rtactivate.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a02:26f0:6c00:2b2::4469 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

rtbcdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn3.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 213.254.244.22 (United States)

ASN3257 (GTT-BACKBONE GTT, US)

rtb0.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
tps20512.doubleverify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.38 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com	53 KB
9	doubleverify.com rtbcdn.doubleverify.com cdn3.doubleverify.com rtb0.doubleverify.com cdn.doubleverify.com tps20512.doubleverify.com	26 KB
9	rfihub.com 2 redirects a.rfihub.com p.rfihub.com 20794017p.rfihub.com	16 KB
6	doubleclick.net 3 redirects cm.g.doubleclick.net ad.doubleclick.net googleads4.g.doubleclick.net	17 KB
5	trustarc.com choices.trustarc.com	21 KB
3	googletagservices.com www.googletagservices.com	56 KB
3	rlcdn.com 1 redirects idsync.rlcdn.com	1010 B
2	everesttech.net 2 redirects sync-tm.everesttech.net	607 B
2	bidswitch.net 1 redirects x.bidswitch.net	859 B
2	spotxchange.com 1 redirects sync.search.spotxchange.com	1 KB
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com	2 KB
2	demdex.net 1 redirects dpm.demdex.net	2 KB
2	adnxs.com 1 redirects ib.adnxs.com	2 KB
2	rezync.com 1 redirects live.rezync.com	804 B
2	imrworldwide.com 1 redirects secure-us.imrworldwide.com	868 B
1	2mdn.net s0.2mdn.net	46 KB
1	rtactivate.com bpi.rtactivate.com	109 B
1	serving-sys.com 1 redirects bs.serving-sys.com	835 B
1	media.net contextual.media.net	696 B
1	eyeota.net ps.eyeota.net	344 B
1	krxd.net beacon.krxd.net	338 B
1	agkn.com aa.agkn.com	238 B
1	tremorhub.com partners.tremorhub.com	183 B
1	addthis.com x.dlx.addthis.com	191 B
1	yahoo.com ads.yahoo.com	444 B
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	bluekai.com 1 redirects stags.bluekai.com	809 B
1	scorecardresearch.com sb.scorecardresearch.com	2 KB
1	rfihub.net c1.rfihub.net	6 KB
58	29

	Domain	Requested by
7	pagead2.googlesyndication.com	ad.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com a.rfihub.com www.googletagservices.com
5	p.rfihub.com	2 redirects a.rfihub.com
5	choices.trustarc.com	a.rfihub.com choices.trustarc.com
4	tps20512.doubleverify.com	a.rfihub.com
3	tpc.googlesyndication.com	ad.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
3	www.googletagservices.com	rtbcdn.doubleverify.com www.googletagservices.com ad.doubleclick.net
3	idsync.rlcdn.com	1 redirects a.rfihub.com
3	cm.g.doubleclick.net	3 redirects
3	a.rfihub.com	a.rfihub.com
2	googleads4.g.doubleclick.net	ad.doubleclick.net
2	rtbcdn.doubleverify.com	a.rfihub.com rtbcdn.doubleverify.com
2	sync-tm.everesttech.net	2 redirects
2	x.bidswitch.net	1 redirects a.rfihub.com
2	sync.search.spotxchange.com	1 redirects a.rfihub.com
2	dsum-sec.casalemedia.com	1 redirects a.rfihub.com
2	dpm.demdex.net	1 redirects a.rfihub.com
2	ib.adnxs.com	1 redirects a.rfihub.com
2	live.rezync.com	1 redirects a.rfihub.com
2	secure-us.imrworldwide.com	1 redirects a.rfihub.com
1	s0.2mdn.net	ad.doubleclick.net
1	ad.doubleclick.net	www.googletagservices.com
1	20794017p.rfihub.com	a.rfihub.com
1	cdn.doubleverify.com	a.rfihub.com
1	rtb0.doubleverify.com	rtbcdn.doubleverify.com
1	cdn3.doubleverify.com	rtbcdn.doubleverify.com
1	bpi.rtactivate.com	a.rfihub.com
1	bs.serving-sys.com	1 redirects
1	contextual.media.net	a.rfihub.com
1	ps.eyeota.net	a.rfihub.com
1	beacon.krxd.net	a.rfihub.com
1	aa.agkn.com	a.rfihub.com
1	partners.tremorhub.com	a.rfihub.com
1	x.dlx.addthis.com	a.rfihub.com
1	ads.yahoo.com	a.rfihub.com
1	pixel.rubiconproject.com	a.rfihub.com
1	stags.bluekai.com	1 redirects
1	sb.scorecardresearch.com	a.rfihub.com
1	c1.rfihub.net	a.rfihub.com
58	38

This site contains no links.

Subject Issuer	Validity	Valid
*.rfihub.com Sectigo RSA Domain Validation Secure Server CA	`2020-06-18` - `2022-06-18`	2 years	crt.sh
*.rfihub.net Sectigo RSA Domain Validation Secure Server CA	`2021-02-10` - `2022-02-10`	a year	crt.sh
*.imrworldwide.com DigiCert TLS RSA SHA256 2020 CA1	`2021-01-28` - `2022-02-01`	a year	crt.sh
*.scorecardresearch.com Amazon	`2021-02-28` - `2022-03-29`	a year	crt.sh
*.rezync.com Amazon	`2021-01-26` - `2022-02-23`	a year	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2020-12-18` - `2022-01-18`	a year	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-05-27` - `2021-07-14`	2 months	crt.sh
*.rlcdn.com Sectigo RSA Domain Validation Secure Server CA	`2021-02-25` - `2022-03-28`	a year	crt.sh
odc-pixel-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2021-04-25` - `2022-04-26`	a year	crt.sh
*.search.spotxchange.com GeoTrust RSA CA 2018	`2021-04-08` - `2022-05-09`	a year	crt.sh
*.tremorhub.com Amazon	`2020-07-25` - `2021-08-25`	a year	crt.sh
*.agkn.com RapidSSL RSA CA 2018	`2020-07-25` - `2022-09-18`	2 years	crt.sh
beacon.krxd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-01-13` - `2022-01-07`	a year	crt.sh
*.bidswitch.net Sectigo RSA Domain Validation Secure Server CA	`2020-04-23` - `2022-05-04`	2 years	crt.sh
*.eyeota.net R3	`2021-04-29` - `2021-07-28`	3 months	crt.sh
*.media.net DigiCert SHA2 Secure Server CA	`2021-04-12` - `2022-04-20`	a year	crt.sh
rtactivate.com Amazon	`2021-05-13` - `2022-06-11`	a year	crt.sh
*.doubleverify.com DigiCert SHA2 Secure Server CA	`2021-01-10` - `2022-01-17`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-05-17` - `2021-08-09`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-05-10` - `2021-08-02`	3 months	crt.sh

This page contains 7 frames:

Primary Page: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Frame ID: 38A0250584F9DCE7E81D095A29FA2024
Requests: 39 HTTP requests in this frame

Frame: https://cdn3.doubleverify.com/bst2tv3.html
Frame ID: D40ACE5683D68C0466829996D5524A57
Requests: 1 HTTP requests in this frame

Frame: https://cdn.doubleverify.com/dv-match6.js
Frame ID: BDEC1784B127F8F08FC3CAE4B89394AE
Requests: 1 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B23901103.270465854;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=4082688182;ord=abrypo;click=https%3A%2F%2Fa.rfihub.com%2Faci%2Fb%2Fc3Q9aHRtbCZhYT00ODA4NTMxLDEyMDI1NDc3NSwyMTMwODAxLDEyMTIxODY4MSwxNzMyMTEsMTM3MTQ5OSw4MmZhYTE0YWE2Y2RhNGMzNWEwNzZlZjRiY2E4ZTkxMCxwLDM5NTMzLDUyNTI2NSw0MDY0MTUzNyw0NTMyMzMsMTEzOTgxMSZtdD0xJnJiPTM1OTI3JnJlPTQ2Njk5JmhjaT0mdXVpZD0xNzkxMzc3MTIzMzkzNzcxMzU0JmRpPSZkYz0zJmRpc3JjPTAmYmlwPTgyLjEwMi4xOC4xMTQmZGlkPXRpZF8xMzcxNDk5fG1lZF9yZWd1bGFyJmxpbXA9MQ..%2Fn%2F;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fa.rfihub.com%2Fsed%3Fw%3D300%26h%3D250%26co%3Doptimize%253Afalse%252CserverId%253Asjc-240%252CnewUser%253Afalse%252CscoreMicroClicks%253A151%252CscoreMicroConversions%253A0%252CuV%253A735264%252CuG%253A0%252CuE%253A0%252CuD%253A0%252Curl%253Asjc-240.sjc-rtb1.rfihub.net%252CbB%253Atrue%252Cbt%253A1623170725630%252Csej%253Afalse%252Cmt%253A1%252Cdid%253Atid_1371499%257Cmed_regular%252CisAI%253Atrue%252CisSkip%253Afalse%252CexId%253A72761623170725487153w1%252Cuuid%253A1791377123393771354%252CdiSrc%253A0%252Coc%253A1200%252Crc%253A1200%252Cip%253A144.160.228.0%252CisFp%253A0%252Cdvct%253A27%252Cfcc%253A3%252Ctagid%253A20459933223%252Csid%253A1068%252Cp39%253A8%252Cge%253A%26ep%3D0.30366%26ri%3D82faa14aa6cda4c35a076ef4bca8e910%26rs%3D%26ai%3D4808531%26rt%3D1371499%26re%3D46699%26ug%3D20459933223%26pv%3D0%26ra%3D1707264000.6983680920526927%26rb%3D35927%26ca%3D%26rc%3D%26rd%3D%26ua%3D%26ub%3D%26uc%3D%26ud%3D%26ue%3D%26pa%3Dppre1707264006500%26pb%3D%26pc%3D%26pd%3D%26pg%3D%26ct%3D1623170726400%26di%3D%26app%3D0%26pe%3Dhttps%253A%252F%252Fs.yimg.com%252Frq%252Fdarla%252F4-6-0%252Fhtml%252Fr-sf.html%26pf%3Dhttps%253A%252F%252Fwww.yahoo.com%252F%26sig%3D2147483615%2C805507055%26loc%3Dhttps%3A%2F%2Fwww.yahoo.com%26dtv%3D1$0;xdt=0;crlt=5drtY6P.ks;sttr=34;prcl=s
Frame ID: 122A5A60D76173099025BA893826D488
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 165CA29559838F837C1885042C3270C0
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js
Frame ID: A64DE8D34C7B6708511446F16C2DA0C3
Requests: 1 HTTP requests in this frame

Frame: https://choices.trustarc.com/get?name=admarker-icon-tr.png
Frame ID: 643111A63B27C4987EE45191E6F9BD9A
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Java (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /Jetty(?:\(([\d\.]*\d+))?/i

Jetty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /Jetty(?:\(([\d\.]*\d+))?/i

Page Statistics

58
Requests

100 %
HTTPS

29 %
IPv6

29
Domains

38
Subdomains

31
IPs

5
Countries

247 kB
Transfer

525 kB
Size

7
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1

https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-rocketfuel&cg=1791377123393771354&cc=1 HTTP 302
https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-rocketfuel&cg=1791377123393771354&cc=1&ja=1

Request Chain 5

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MTc5MTM3NzEyMzM5Mzc3MTM1NA==&forward= HTTP 302
https://cm.g.doubleclick.net/pixel?in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MTc5MTM3NzEyMzM5Mzc3MTM1NA==&forward=&google_tc= HTTP 302
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH20zManON8ZAbJ18S17tXE&google_cver=1

Request Chain 6

https://ib.adnxs.com/setuid?entity=18&code=1791377123393771354 HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D1791377123393771354

Request Chain 7

https://stags.bluekai.com/site/4722?id=1791377123393771354&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D HTTP 302
https://p.rfihub.com/cm?bk_uuid=v1U5wQ9999emoq2Q&forward=

Request Chain 9

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=1791377123393771354&redir= HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=1791377123393771354&redir=

Request Chain 10

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1791377123393771354&forward= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1791377123393771354&forward=&C=1

Request Chain 14

https://sync.search.spotxchange.com/partner?adv_id=7180&uid=1791377123393771354&img=1 HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7180&uid=1791377123393771354&img=1&__user_check__=1&sync_id=e0cf423c-c887-11eb-bb3b-18b2794d0306

Request Chain 18

https://x.bidswitch.net/sync?dsp_id=119&user_id=1791377123393771354&expires=30 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=1791377123393771354&expires=30

Request Chain 19

https://p.rfihub.com/cm?pub=24472&in=1 HTTP 302
https://ps.eyeota.net/match?uid=1791377123393771354&bid=omt9pi0

Request Chain 20

https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=YL_3vAABZuhFigBg HTTP 302
https://p.rfihub.com/cm?in=1&pub=21653&userid=YL_3vAABZuhFigBg&_test=YL_3vAABZuhFigBg

Request Chain 22

https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D HTTP 302
https://p.rfihub.com/cm?in=1&pub=17945&userid=34894589-e75a-4d5b-a6bb-43b058c8ab33

Request Chain 23

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=1791377123393771354&referrer=https%3A%2F%2Fwww.yahoo.com%2F HTTP 302
https://p.rfihub.com/cm?pub=39342&in=0&userid=e492d0bc-5ee9-4a75-9476-a1b5278b1197%3A1623177148.32&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3De492d0bc-5ee9-4a75-9476-a1b5278b1197%253A1623177148.32 HTTP 302
https://idsync.rlcdn.com/501709.gif?partner_uid=e492d0bc-5ee9-4a75-9476-a1b5278b1197%3A1623177148.32 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm HTTP 302
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEI0zhImquNdgOD-uTQAhcMw&google_cver=1

58 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set sed Show response
a.rfihub.com/ 7 KB
8 KB 127ms
34ms Document
text/html 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to

Full URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 86b5af8a8c0eecb101f9b4f24275144e9cd8cb6139db3766957e834858171354

Request headers

Host: a.rfihub.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 18:32:27 GMT
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: no-cache
Content-Type: text/html;charset=utf-8
Set-Cookie: eud=H4sIAAAAAAAAAJvFyGtoZmRsaG5uaGJuaWy-Co1_Co3_Co3_C40_iQmVPwuNvwiNvwqNvwmNvwuN_wldPwsq_xYafxMrmnncaO5H4y8SRuU_QuMDAFtyFLwwAQAA; Path=/; Domain=.rfihub.com; Expires=Sun, 3 Jul 2022 18:32:27 GMT; Secure; SameSite=None ub=H4sIAAAAAAAAAOOKT3R09SoKCU53tLV19EgxNDc2MjR0dDJ0dHR0Sk2tyinJdASKJ2MXd8rAEElHEwEAdoBayGEAAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 3 Jul 2022 18:32:27 GMT; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNjS3NDQ2Nzc0Mja2BNHGpiZCfIa6iWHhZWF5Zk6FZpWpUryGZkbGhkBJE3OgGgCxY05CNAAAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 3 Jul 2022 18:32:27 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNjS3NDQ2Nzc0Mja2BNHGpiZCfIa6iWHhZWF5Zk6FZpWpACvICc4lAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
Content-Length: 7166
Server: Jetty(9.3.29.v20201019)

GET
H2 200 bcS.js Show response
c1.rfihub.net/js/ 18 KB
6 KB 51ms
14ms Script
application/x-javascript 2600:9000:2156:6800:1:76cf:fe80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.rfihub.net/js/bcS.js
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2156:6800:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: ef6c9aaf36bcf57fd7fd87c21ddfbff8bdaa6da3bfa9a35e1b2fc4e90bdfe756

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 17:41:58 GMT
content-encoding: gzip
last-modified: Tue, 08 Jun 2021 17:41:48 GMT
server: Jetty(9.3.29.v20201019)
age: 3030
x-cache: Hit from cloudfront
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
via: 1.1 bab8148a65b29113f79cf2725076287d.cloudfront.net (CloudFront)
cache-control: public, max-age=3600
x-amz-cf-pop: FRA50-C1
content-type: application/x-javascript
content-length: 5618
x-amz-cf-id: DH2eCmlQm_3U0xzucdosJvdRVfV4ldY3VRm6dvzdr-bxPW2hRe-1KA==
expires: Tue, 08 Jun 2021 18:41:58 GMT

GET
H2

200

m
secure-us.imrworldwide.com/cgi-bin/
Redirect Chain

https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-rocketfuel&cg=1791377123393771354&cc=1
https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-rocketfuel&cg=1791377123393771354&cc=1&ja=1

44 B
336 B

40ms
39ms

Image
image/gif

52.208.207.77
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-rocketfuel&cg=1791377123393771354&cc=1&ja=1
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.208.207.77 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 18:32:28 GMT
server: nginx
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-us.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
content-type: image/gif
content-length: 44
expires: Thu, 01 Dec 1994 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 18:32:28 GMT
server: nginx
location: https://secure-us.imrworldwide.com/cgi-bin/m?ci=us-rocketfuel&cg=1791377123393771354&cc=1&ja=1
access-control-allow-methods: POST, OPTIONS
p3p: P3P policyref="http://secure-us.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
access-control-allow-origin: *
cache-control: no-cache
content-length: 0
expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H2 200 beacon.js Show response
sb.scorecardresearch.com/ 1 KB
2 KB 69ms
21ms Script
application/javascript 52.222.174.20
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sb.scorecardresearch.com/beacon.js?c1=8&c2=6820648&c3=1&c4=&c5=&c6=
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.174.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-174-20.cdg50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:06:45 GMT
via: 1.1 5330dca0fb4fc616e3711702aab777a8.cloudfront.net (CloudFront)
etag: "1827f116c73f319409b97f10b8a58ade"
last-modified: Fri, 26 Feb 2021 14:35:05 GMT
server: AmazonS3
age: 1544
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: CDG50-P2
accept-ranges: bytes
content-length: 1469
x-amz-cf-id: xtXfQY6xprDDrqLK_VTbUJhnXvixJ-QJeHY2Xg99HwwHvOZaNwPaDQ==

GET
H2 200 sync
live.rezync.com/ 21 B
21 B 306ms
230ms Image
application/javascript 143.204.98.95
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://live.rezync.com/sync?c=16b6410431b6374e780104abb0443ca8&p=47280cac6a7f8d974028ef134d38c959&k=capital_one-pixel-5842&zmpID=capital-one
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-95.fra50.r.cloudfront.net
Software: lighttpd/1.4.33 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:32:28 GMT
via: 1.1 a1098f0eeab192209962e3a9d76d0339.cloudfront.net (CloudFront)
server: lighttpd/1.4.33
x-amz-cf-pop: FRA50-C1
x-cache: Miss from cloudfront
content-type: application/javascript
content-length: 21
x-amz-cf-id: 91dqhvnNJlO3ypN1w2I81hriJwfJwCod2jNJdiAaOEaPUBQAeGZdYg==

GET
H2 200 ca Show response
choices.trustarc.com/ 64 KB
18 KB 231ms
178ms Script
text/javascript 52.84.174.88
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://choices.trustarc.com/ca?pid=zeta01&aid=zetaglobal01&cid=101619&c=bfff50f5-c3d4-47f1-be78-f351c642e359&w=300&h=250&plc=tr
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-88.cdg50.r.cloudfront.net
Software: nginx /
Resource Hash: 9e2ef853ac6f7c0aa87429d333af481f1f054ccc1370622f290032a345a5ae84

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 18:32:28 GMT
content-encoding: gzip
server: nginx
x-amz-cf-pop: CDG50-P1
vary: Accept-Encoding
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
via: 1.1 1c6904dfe9ea43b8174ab14c939bf754.cloudfront.net (CloudFront)
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-amz-cf-id: zAIFBs3jtaWhAKGngHYsaGXb7qjySxpqYFNTCUUWcHIRdy7w_hOl0g==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1

200
OK

Cookie set cm
a.rfihub.com/
Redirect Chain

https://cm.g.doubleclick.net/pixel?&in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MTc5MTM3NzEyMzM5Mzc3MTM1NA==&forward=
https://cm.g.doubleclick.net/pixel?in=0&google_nid=zeta_interactive&google_cm=&google_sc=&google_hm=MTc5MTM3NzEyMzM5Mzc3MTM1NA==&forward=&google_tc=
https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH20zManON8ZAbJ18S17tXE&google_cver=1

42 B
1019 B

36ms
36ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH20zManON8ZAbJ18S17tXE&google_cver=1
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Pragma: no-cache
Sec-Fetch-Site: cross-site
Accept-Encoding: gzip, deflate, br
Host: a.rfihub.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://a.rfihub.com/
Cookie: eud=H4sIAAAAAAAAAJvFyGtoZmRsaG5uaGJuaWy-Co1_Co3_Co3_C40_iQmVPwuNvwiNvwqNvwmNvwuN_wldPwsq_xYafxMrmnncaO5H4y8SRuU_QuMDAFtyFLwwAQAA; ub=H4sIAAAAAAAAAOOKT3R09SoKCU53tLV19EgxNDc2MjR0dDJ0dHR0Sk2tyinJdASKJ2MXd8rAEElHEwEAdoBayGEAAAA; rud=H4sIAAAAAAAAAOMSNjS3NDQ2Nzc0Mja2BNHGpiZCfIa6iWHhZWF5Zk6FZpWpUryGZkbGhkBJE3OgGgCxY05CNAAAAA; ruds=H4sIAAAAAAAAAOMSNjS3NDQ2Nzc0Mja2BNHGpiZCfIa6iWHhZWF5Zk6FZpWpACvICc4lAAAA
Connection: keep-alive
Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 18:32:28 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Set-Cookie: eud=H4sIAAAAAAAAAOOSMXR2dA129TAyqPJNzPP3s4hyTPIytAg2NC-JcA3iNTQzMjY0Nzc0sTA0N5jFiOCbWxqbr0Ljn0Ljv0Lj_0LjT2JC5c9C4y9C469C429C4-9C439C18-Cyr-Fxt_EimYeN5r70fiLhFH5j9D4AOMtMghdAQAA; Path=/; Domain=.rfihub.com; Expires=Sun, 3 Jul 2022 18:32:28 GMT; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNjS3NDQ2Nzc0Mja2BNHGpiZCfIa6iWHhZWF5Zk6FZpWpUryGZkbGhkBJE3OgGgCxY05CNAAAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 3 Jul 2022 18:32:28 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNjS3NDQ2Nzc0Mja2BNHGpiZCfIa6iWHhZWF5Zk6FZpWpACvICc4lAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None euds=H4sIAAAAAAAAAOOSMXR2dA129TAyqPJNzPP3s4hyTPIytAg2NC-JcAUAJS320x4AAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 42
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 18:32:28 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://a.rfihub.com/cm?pub=445&in=0&forward=&google_gid=CAESEH20zManON8ZAbJ18S17tXE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 311
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://ib.adnxs.com/setuid?entity=18&code=1791377123393771354
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D1791377123393771354

43 B
1 KB

36ms
35ms

Image
image/gif

185.33.221.87
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D1791377123393771354

Requested by

Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.87 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

723.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 18:32:28 GMT
X-Proxy-Origin: 82.102.18.114; 82.102.18.114; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.220.234:80
AN-X-Request-Uuid: c55b4b1f-5d0e-4070-bb9f-5d4df0d37caf
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 18:32:28 GMT
X-Proxy-Origin: 82.102.18.114; 82.102.18.114; 723.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com; 185.33.221.44:80
AN-X-Request-Uuid: 12ebc519-cae5-4091-ba16-a58bccbb48d1
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D18%26code%3D1791377123393771354
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

cm
p.rfihub.com/
Redirect Chain

https://stags.bluekai.com/site/4722?id=1791377123393771354&redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fbk_uuid%3D%24_BK_UUID%26forward%3D
https://p.rfihub.com/cm?bk_uuid=v1U5wQ9999emoq2Q&forward=

42 B
1 KB

123ms
32ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?bk_uuid=v1U5wQ9999emoq2Q&forward=
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 18:32:28 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Location: https://p.rfihub.com/cm?bk_uuid=v1U5wQ9999emoq2Q&forward=
Date: Tue, 08 Jun 2021 18:32:28 GMT
Connection: keep-alive
Content-Length: 0
BK-Server: 1933
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

GET
H/1.1 204
No Content tap.php
pixel.rubiconproject.com/ 0
239 B 130ms
31ms Image
image/gif 69.173.144.139
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=13490&nid=2596&put=1791377123393771354
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.139 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 78e3bdce5107450057bade54d54a0a7e
Content-Type: image/gif

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/
Redirect Chain

https://dpm.demdex.net/ibs:dpid=1121&dpuuid=1791377123393771354&redir=
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=1791377123393771354&redir=

42 B
973 B

52ms
51ms

Image
image/gif

52.17.93.232
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=1791377123393771354&redir=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.17.93.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-17-93-232.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v008-0aa8a3632.edge-irl1.demdex.com 6.3.0.20210527085910-PR_1432-SNAPSHOT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: brfkaAT9TyQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v008-015ef1e04.edge-irl1.demdex.com 6.3.0.20210527085910-PR_1432-SNAPSHOT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: DJ6amKh+SLk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=1121&dpuuid=1791377123393771354&redir=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1791377123393771354&forward=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1791377123393771354&forward=&C=1

43 B
1006 B

43ms
43ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1791377123393771354&forward=&C=1
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 18:32:28 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Tue, 08 Jun 2021 18:32:28 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 18:32:28 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=57&external_user_id=1791377123393771354&forward=&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: text/html; charset=iso-8859-1
Content-Length: 295
Expires: Tue, 08 Jun 2021 18:32:28 GMT

GET
H2 204 v1
ads.yahoo.com/cms/ 0
444 B 21ms
6ms Image
text/plain 2a00:1288:80:800::7001
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~84c296ca4cae9f73fbcc48363a3cd4cd34be98f5&nwid=10000648372&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7001 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:32:28 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H2 200 360947.gif
idsync.rlcdn.com/ 42 B
417 B 73ms
26ms Image
image/gif 35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/360947.gif?partner_uid=1791377123393771354
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 18:32:28 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

GET
H2 200 rocketfuel_sync
x.dlx.addthis.com/e/ 43 B
191 B 239ms
173ms Image
image/gif 23.45.99.241
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://x.dlx.addthis.com/e/rocketfuel_sync?na_exid=1791377123393771354

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.45.99.241 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-45-99-241.deploy.static.akamaitechnologies.com

Software

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
Strict-Transport-Security	max-age=2628000

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 18:32:28 GMT
cache-control: max-age=0, no-cache, no-store
expires: Tue, 08 Jun 2021 18:32:28 GMT
content-length: 43
strict-transport-security: max-age=2628000
content-type: image/gif

GET
H/1.1

200

partner
sync.search.spotxchange.com/
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7180&uid=1791377123393771354&img=1
https://sync.search.spotxchange.com/partner?adv_id=7180&uid=1791377123393771354&img=1&__user_check__=1&sync_id=e0cf423c-c887-11eb-bb3b-18b2794d0306

43 B
548 B

56ms
55ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7180&uid=1791377123393771354&img=1&__user_check__=1&sync_id=e0cf423c-c887-11eb-bb3b-18b2794d0306
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.126 , United States, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 18:32:28 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 96
Connection: keep-alive
Content-Length: 43

Redirect headers

Date: Tue, 08 Jun 2021 18:32:28 GMT
Server: nginx
Location: /partner?adv_id=7180&uid=1791377123393771354&img=1&__user_check__=1&sync_id=e0cf423c-c887-11eb-bb3b-18b2794d0306
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 66
Connection: keep-alive
Content-Length: 0

GET
H2 200 sync
partners.tremorhub.com/ 43 B
183 B 282ms
93ms Image
image/gif 2600:1f18:612b:4264:262e:5ecd:5178:9f8
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://partners.tremorhub.com/sync?UIRF=1791377123393771354&r=yMCtMKi4Dm1B
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4264:262e:5ecd:5178:9f8 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:32:28 GMT
server: Apache-Coyote/1.1
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
content-type: image/gif

GET
H2 200 g.pixel
aa.agkn.com/adscores/ 43 B
238 B 93ms
29ms Image
image/gif 52.56.111.113
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aa.agkn.com/adscores/g.pixel?sid=9212192898&rf=1791377123393771354
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.56.111.113 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AAWebServer /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 18:32:28 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 43
expires: 0

GET
H2 204 usermatch.gif
beacon.krxd.net/ 0
338 B 118ms
36ms Image
text/plain 99.80.93.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://beacon.krxd.net/usermatch.gif?partner_id=rfuel&partner_user_id=1791377123393771354
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.80.93.68 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:32:28 GMT
cache-control: private, no-cache, no-store
x-request-time: D=36 t=1623177148
x-served-by: beacon-n020-dub-prod.krxd.net
p3p: policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=119&user_id=1791377123393771354&expires=30
https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=1791377123393771354&expires=30

43 B
345 B

38ms
37ms

Image
image/gif

52.57.230.211
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=1791377123393771354&expires=30
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.57.230.211 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:32:28 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

location: https://x.bidswitch.net/ul_cb/sync?dsp_id=119&user_id=1791377123393771354&expires=30
date: Tue, 08 Jun 2021 18:32:28 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://p.rfihub.com/cm?pub=24472&in=1
https://ps.eyeota.net/match?uid=1791377123393771354&bid=omt9pi0

0
344 B

122ms
32ms

Image
text/plain

3.124.210.90
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?uid=1791377123393771354&bid=omt9pi0
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.124.210.90 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 18:32:28 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: https://ps.eyeota.net/match?uid=1791377123393771354&bid=omt9pi0
Date: Tue, 08 Jun 2021 18:32:28 GMT
Server: Jetty(9.3.29.v20201019)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1

200
OK

cm
p.rfihub.com/
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D
https://sync-tm.everesttech.net/ct/upi/pid/Mlpt2JaG/?redir=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D21653%26userid%3D%24%7BTM_USER_ID%7D&_test=YL_3vAABZuhFigBg
https://p.rfihub.com/cm?in=1&pub=21653&userid=YL_3vAABZuhFigBg&_test=YL_3vAABZuhFigBg

42 B
1 KB

41ms
34ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?in=1&pub=21653&userid=YL_3vAABZuhFigBg&_test=YL_3vAABZuhFigBg
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 18:32:28 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 18:32:28 GMT
via: 1.1 varnish
server: Varnish
x-timer: S1623177148.416826,VS0,VE0
x-served-by: cache-hhn4081-HHN
x-cache: HIT
location: https://p.rfihub.com/cm?in=1&pub=21653&userid=YL_3vAABZuhFigBg&_test=YL_3vAABZuhFigBg
cache-control: no-cache
accept-ranges: bytes
content-length: 0
retry-after: 0
x-cache-hits: 0

GET
H2 200 cksync.php
contextual.media.net/ 46 B
696 B 132ms
60ms Image
image/gif 2.18.235.93
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://contextual.media.net/cksync.php?cs=3&type=rkt&ovsid=1791377123393771354

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.18.235.93 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a2-18-235-93.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

579a172ca2c700734ebcfa06d105a134f31ec2357660e58e0874cfdee8472fd4

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=604800
server: Apache
date: Tue, 08 Jun 2021 18:32:28 GMT
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control: max-age=0, no-cache, no-store
content-type: image/gif
content-length: 46
x-mnet-hl2: E
expires: Tue, 08 Jun 2021 18:32:28 GMT

GET
H/1.1

200
OK

cm
p.rfihub.com/
Redirect Chain

https://bs.serving-sys.com/serving?cn=um&dpid=12&rtu=https%3A%2F%2Fp.rfihub.com%2Fcm%3Fin%3D1%26pub%3D17945%26userid%3D%5B%25tp_UserID%25%5D
https://p.rfihub.com/cm?in=1&pub=17945&userid=34894589-e75a-4d5b-a6bb-43b058c8ab33

42 B
1 KB

35ms
35ms

Image
image/gif

193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.rfihub.com/cm?in=1&pub=17945&userid=34894589-e75a-4d5b-a6bb-43b058c8ab33
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 18:32:28 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Redirect headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 18:32:27 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="NOI DEVa OUR BUS UNI"
Location: https://p.rfihub.com/cm?in=1&pub=17945&userid=34894589-e75a-4d5b-a6bb-43b058c8ab33
Cache-Control: no-cache, no-store
Content-Type: text/html; charset=UTF-8
Content-Length: 213
Expires: Sun, 05-Jun-2005 22:00:00 GMT

GET
H2

200

362358.gif
idsync.rlcdn.com/
Redirect Chain

https://live.rezync.com/pixel?c=bd8618c307ae9885a12561b7191e2cea&cid=1791377123393771354&referrer=https%3A%2F%2Fwww.yahoo.com%2F
https://p.rfihub.com/cm?pub=39342&in=0&userid=e492d0bc-5ee9-4a75-9476-a1b5278b1197%3A1623177148.32&forward=https%3A//idsync.rlcdn.com/501709.gif%3Fpartner_uid%3De492d0bc-5ee9-4a75-9476-a1b5278b1197...
https://idsync.rlcdn.com/501709.gif?partner_uid=e492d0bc-5ee9-4a75-9476-a1b5278b1197%3A1623177148.32
https://cm.g.doubleclick.net/pixel?google_nid=epsilon&google_cm
https://idsync.rlcdn.com/362358.gif?google_gid=CAESEI0zhImquNdgOD-uTQAhcMw&google_cver=1

42 B
300 B

26ms
26ms

Image
image/gif

35.244.174.68
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEI0zhImquNdgOD-uTQAhcMw&google_cver=1
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 68.174.244.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 18:32:28 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: clear
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 08 Jun 2021 18:32:28 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://idsync.rlcdn.com/362358.gif?google_gid=CAESEI0zhImquNdgOD-uTQAhcMw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 289
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
bpi.rtactivate.com/tag/ 43 B
109 B 367ms
150ms Image
image/gif 52.22.87.103
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bpi.rtactivate.com/tag/?id=11017&user_id=1791377123393771354
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.22.87.103 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: awselb/2.0 /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:32:28 GMT
server: awselb/2.0
content-length: 43
content-type: image/gif

GET
H/1.1 200
OK bsredirect5.js Show response
rtbcdn.doubleverify.com/ 2 KB
1 KB 29ms
6ms Script
application/javascript 2a02:26f0:6c00:2b2::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://rtbcdn.doubleverify.com/bsredirect5.js?callback=__dvredirect_callback_474115797048
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b2::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: d48792bcfe22f120e4714680f5aa5d0a72ab213a41da0af59d001f513328201c

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Tue, 08 Jun 2021 18:32:27 GMT
Content-Encoding: gzip
Last-Modified: Tue, 08 Jun 2021 06:11:40 GMT
Server: Microsoft-IIS/10.0
ETag: "21947c252d5cd71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1054

GET
H/1.1 200
OK bsredirect5_internal66.js Show response
rtbcdn.doubleverify.com/ 44 KB
14 KB 8ms
8ms Script
application/javascript 2a02:26f0:6c00:2b2::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://rtbcdn.doubleverify.com/bsredirect5_internal66.js
Requested by: Host: rtbcdn.doubleverify.com
URL: https://rtbcdn.doubleverify.com/bsredirect5.js?callback=__dvredirect_callback_474115797048
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b2::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: dc2bcf1cb85cd51019d3e935815554c42e077b0ef2df9cdf4779ec8ed72721a8

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Tue, 08 Jun 2021 18:32:28 GMT
Content-Encoding: gzip
Last-Modified: Tue, 25 May 2021 11:10:15 GMT
Server: Microsoft-IIS/10.0
ETag: "8085b3895651d71:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=946080000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13582

GET
H/1.1 200
OK bst2tv3.html Show response
cdn3.doubleverify.com/ Frame D40A 1 KB
1 KB 20ms
6ms Document
text/html 2a02:26f0:6c00:2b2::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn3.doubleverify.com/bst2tv3.html
Requested by: Host: rtbcdn.doubleverify.com
URL: https://rtbcdn.doubleverify.com/bsredirect5_internal66.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b2::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 86be5d6a3d661fd3d5d72f254a347dec5c66cad569117f51dad297acba02f558

Request headers

Host: cdn3.doubleverify.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://a.rfihub.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a.rfihub.com/

Response headers

Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Tue, 02 Sep 2014 17:01:36 GMT
Accept-Ranges: bytes
ETag: "01818ecfc6cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Content-Length: 806
Cache-Control: max-age=40224
Date: Tue, 08 Jun 2021 18:32:28 GMT
Connection: keep-alive

GET
H/1.1 200
OK verifyc.js Show response
rtb0.doubleverify.com/ 7 KB
3 KB 115ms
35ms Script
text/javascript 213.254.244.22
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to

Full URL: https://rtb0.doubleverify.com/verifyc.js?ctx=1069526&cmp=25823064&plc=304534571&sid=4945791&num=5&srcurlD=0&callback=__verify_callback_474115797048&jsTagObjCallback=__tagObject_callback_474115797048&ssl=1&refD=0&htmlmsging=1&guid=1623177148021977&brid=0&brver=&bridua=3&m1=13&fcifrms=1&brh=2&fwc=0&fcl=399&flt=1&fec=9&vavbkt=&lvvn=28&dvp_idcerr=undefined&eparams=5G0FC%3Dl9EEADTbpTauTau2%5DC7%3A9F3%5D4%40%3ETauD65TbuHTbsb__Tae9Tbsad_Tae4%40Tbs%40AE%3A%3E%3AK6Tadbp72%3DD6TadarD6CG6Cx5TadbpD%3B4%5Cac_Tadar%3F6H%26D6CTadbp72%3DD6TadarD4%40C6%7C%3A4C%40r%3D%3A4%3CDTadbp%60d%60TadarD4%40C6%7C%3A4C%40r%40%3FG6CD%3A%40%3FDTadbp_TadarF%27TadbpfbdaecTadarFvTadbp_TadarFtTadbp_TadarFsTadbp_TadarFC%3DTadbpD%3B4%5Cac_%5DD%3B4%5CCE3%60%5DC7%3A9F3%5D%3F6ETadar3qTadbpECF6Tadar3ETadbp%60eab%60f_fadeb_TadarD6%3BTadbp72%3DD6Tadar%3EETadbp%60Tadar5%3A5TadbpE%3A50%60bf%60chhTadfr%3E650C68F%3D2CTadar%3ADpxTadbpECF6Tadar%3AD%24%3C%3AATadbp72%3DD6Tadar6Ix5Tadbpfafe%60eab%60f_fadcgf%60dbH%60TadarFF%3A5Tadbp%60fh%60bff%60abbhbff%60bdcTadar5%3A%24C4Tadbp_Tadar%404Tadbp%60a__TadarC4Tadbp%60a__Tadar%3AATadbp%60cc%5D%60e_%5Daag%5D_Tadar%3ADuATadbp_Tadar5G4ETadbpafTadar744TadbpbTadarE28%3A5Tadbpa_cdhhbbaabTadarD%3A5Tadbp%60_egTadarAbhTadbpgTadar86TadbpTae6ATbs_%5Db_beeTaeC%3ATbsga722%60c22e452c4bd2_fe67c342g6h%60_TaeCDTbsTae2%3ATbscg_gdb%60TaeCETbs%60bf%60chhTaeC6TbsceehhTaeF8Tbsa_cdhhbbaabTaeAGTbs_TaeC2Tbs%60f_faec___%5Dehgbeg_ha_daehafTaeC3TbsbdhafTae42TbsTaeC4TbsTaeC5TbsTaeF2TbsTaeF3TbsTaeF4TbsTaeF5TbsTaeF6TbsTaeA2TbsAAC6%60f_faec__ed__TaeA3TbsTaeA4TbsTaeA5TbsTaeA8TbsTae4ETbs%60eab%60f_faec__Tae5%3ATbsTae2AATbs_TaeA6Tbs9EEADTadbpTadauTadauD%5DJ%3A%3E8%5D4%40%3ETadauCBTadau52C%3D2Tadauc%5Ce%5C_Tadau9E%3E%3DTadauC%5CD7%5D9E%3E%3DTaeA7Tbs9EEADTadbpTadauTadauHHH%5DJ29%40%40%5D4%40%3ETadauTaeD%3A8Tbsa%60cfcgbe%60dTarg_dd_f_ddTae%3D%404Tbs9EEADTbpTauTauHHH%5DJ29%40%40%5D4%40%3ETae5EGTbs%60&ver=95&dvp_exetime=7.80
Requested by: Host: rtbcdn.doubleverify.com
URL: https://rtbcdn.doubleverify.com/bsredirect5_internal66.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 288d2e348d7093c21d63c969e0722a975cfea40fa23b8f400b3dd3cc7559925c

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Pragma: no-cache
X-DV-Response: 1
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Date: Tue, 08 Jun 2021 18:32:27 GMT
Vary: Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: max-age=0
Transfer-Encoding: chunked
Expires: 6/7/2021 6:32:28 PM

GET
H/1.1 200
OK dv-match6.js Show response
cdn.doubleverify.com/ Frame BDEC 4 KB
2 KB 21ms
7ms Script
application/javascript 2a02:26f0:6c00:2b2::4469
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.doubleverify.com/dv-match6.js
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2b2::4469 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: d03755898b05a3d69377bf7da16ccb307e789a0f569b4dbbcb7b29bdecf967c5

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 18:32:28 GMT
Content-Encoding: gzip
Last-Modified: Sun, 11 Mar 2018 04:45:12 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
ETag: "03c84bdf3b8d31:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=39400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1935

GET
H2 200 dcmads.js Show response
www.googletagservices.com/dcm/ 8 KB
4 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/dcmads.js

Requested by

Host: rtbcdn.doubleverify.com
URL: https://rtbcdn.doubleverify.com/bsredirect5_internal66.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f7c1022dbae2ac5b2997f6e92f1f25907b053736a52aa40753fb44fcf4760370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 08 Jun 2021 17:49:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2588
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3796
x-xss-protection: 0
last-modified: Mon, 07 Jun 2021 18:22:56 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 08 Jun 2021 18:49:20 GMT

GET
H/1.1 200
OK bsevent.gif
tps20512.doubleverify.com/ 807 B
1 KB 96ms
31ms Image
image/gif 213.254.244.22
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20512.doubleverify.com/bsevent.gif?impid=ff54b25e1e264694a2d55dcd4ed1b11b&vfdur=116&cbust=1623177148147590
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 18:32:27 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 6/7/2021 6:32:28 PM

GET
H/1.1 200
OK ca.gif
20794017p.rfihub.com/ 42 B
1 KB 128ms
32ms Image
image/gif 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://20794017p.rfihub.com/ca.gif?rb=824&ca=20794017&ra=&cbust=1623177148147786
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 18:32:28 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Content-Type: image/gif
Content-Length: 42
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H/1.1 200
OK bsevent.gif
tps20512.doubleverify.com/ 807 B
1 KB 93ms
30ms Image
image/gif 213.254.244.22
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20512.doubleverify.com/bsevent.gif?impid=ff54b25e1e264694a2d55dcd4ed1b11b&pltfrm=Linux%20x86_64&dvp_ac_version=0507&dvp_acibv=&bsigr=549755813907&cbust=1623177148149885
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 18:32:27 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 6/7/2021 6:32:28 PM

GET
H3-29 200 impl_v75.js Show response
www.googletagservices.com/dcm/ 37 KB
15 KB 22ms
7ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/dcm/impl_v75.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/dcmads.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7529b11940f8a77767d97b70e5392487b7fffeb7bcd408da18bdc71665a81d41

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Tue, 08 Jun 2021 16:19:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 8002
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-dcm-tag
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15538
x-xss-protection: 0
last-modified: Fri, 04 Jun 2021 19:52:24 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jun 2022 16:19:06 GMT

GET
H2 200 B23901103.270465854;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=4082688182;ord=abrypo;click=https%3A%2F%2Fa.rfihub.com%2Faci%2Fb%2Fc3Q9aHRtbCZhYT00ODA4NTMxLDEyMDI1NDc3NSwyMTMwODAxLDEyMTIxODY4MSwxN... Show response
ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/ Frame 122A 29 KB
16 KB 127ms
58ms Document
text/html 142.250.186.38
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B23901103.270465854;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=4082688182;ord=abrypo;click=https%3A%2F%2Fa.rfihub.com%2Faci%2Fb%2Fc3Q9aHRtbCZhYT00ODA4NTMxLDEyMDI1NDc3NSwyMTMwODAxLDEyMTIxODY4MSwxNzMyMTEsMTM3MTQ5OSw4MmZhYTE0YWE2Y2RhNGMzNWEwNzZlZjRiY2E4ZTkxMCxwLDM5NTMzLDUyNTI2NSw0MDY0MTUzNyw0NTMyMzMsMTEzOTgxMSZtdD0xJnJiPTM1OTI3JnJlPTQ2Njk5JmhjaT0mdXVpZD0xNzkxMzc3MTIzMzkzNzcxMzU0JmRpPSZkYz0zJmRpc3JjPTAmYmlwPTgyLjEwMi4xOC4xMTQmZGlkPXRpZF8xMzcxNDk5fG1lZF9yZWd1bGFyJmxpbXA9MQ..%2Fn%2F;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fa.rfihub.com%2Fsed%3Fw%3D300%26h%3D250%26co%3Doptimize%253Afalse%252CserverId%253Asjc-240%252CnewUser%253Afalse%252CscoreMicroClicks%253A151%252CscoreMicroConversions%253A0%252CuV%253A735264%252CuG%253A0%252CuE%253A0%252CuD%253A0%252Curl%253Asjc-240.sjc-rtb1.rfihub.net%252CbB%253Atrue%252Cbt%253A1623170725630%252Csej%253Afalse%252Cmt%253A1%252Cdid%253Atid_1371499%257Cmed_regular%252CisAI%253Atrue%252CisSkip%253Afalse%252CexId%253A72761623170725487153w1%252Cuuid%253A1791377123393771354%252CdiSrc%253A0%252Coc%253A1200%252Crc%253A1200%252Cip%253A144.160.228.0%252CisFp%253A0%252Cdvct%253A27%252Cfcc%253A3%252Ctagid%253A20459933223%252Csid%253A1068%252Cp39%253A8%252Cge%253A%26ep%3D0.30366%26ri%3D82faa14aa6cda4c35a076ef4bca8e910%26rs%3D%26ai%3D4808531%26rt%3D1371499%26re%3D46699%26ug%3D20459933223%26pv%3D0%26ra%3D1707264000.6983680920526927%26rb%3D35927%26ca%3D%26rc%3D%26rd%3D%26ua%3D%26ub%3D%26uc%3D%26ud%3D%26ue%3D%26pa%3Dppre1707264006500%26pb%3D%26pc%3D%26pd%3D%26pg%3D%26ct%3D1623170726400%26di%3D%26app%3D0%26pe%3Dhttps%253A%252F%252Fs.yimg.com%252Frq%252Fdarla%252F4-6-0%252Fhtml%252Fr-sf.html%26pf%3Dhttps%253A%252F%252Fwww.yahoo.com%252F%26sig%3D2147483615%2C805507055%26loc%3Dhttps%3A%2F%2Fwww.yahoo.com%26dtv%3D1$0;xdt=0;crlt=5drtY6P.ks;sttr=34;prcl=s

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/dcm/impl_v75.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.38 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f6.1e100.net

Software

cafe /

Resource Hash

aa0f3194c049b30a93f86ad8f15dc89c13ae5289df47343645ef4eb738bcdb35

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: ad.doubleclick.net
:scheme: https
:path: /ddm/adi/N1395.150740DOUBLEVERIFY/B23901103.270465854;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=4082688182;ord=abrypo;click=https%3A%2F%2Fa.rfihub.com%2Faci%2Fb%2Fc3Q9aHRtbCZhYT00ODA4NTMxLDEyMDI1NDc3NSwyMTMwODAxLDEyMTIxODY4MSwxNzMyMTEsMTM3MTQ5OSw4MmZhYTE0YWE2Y2RhNGMzNWEwNzZlZjRiY2E4ZTkxMCxwLDM5NTMzLDUyNTI2NSw0MDY0MTUzNyw0NTMyMzMsMTEzOTgxMSZtdD0xJnJiPTM1OTI3JnJlPTQ2Njk5JmhjaT0mdXVpZD0xNzkxMzc3MTIzMzkzNzcxMzU0JmRpPSZkYz0zJmRpc3JjPTAmYmlwPTgyLjEwMi4xOC4xMTQmZGlkPXRpZF8xMzcxNDk5fG1lZF9yZWd1bGFyJmxpbXA9MQ..%2Fn%2F;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fa.rfihub.com%2Fsed%3Fw%3D300%26h%3D250%26co%3Doptimize%253Afalse%252CserverId%253Asjc-240%252CnewUser%253Afalse%252CscoreMicroClicks%253A151%252CscoreMicroConversions%253A0%252CuV%253A735264%252CuG%253A0%252CuE%253A0%252CuD%253A0%252Curl%253Asjc-240.sjc-rtb1.rfihub.net%252CbB%253Atrue%252Cbt%253A1623170725630%252Csej%253Afalse%252Cmt%253A1%252Cdid%253Atid_1371499%257Cmed_regular%252CisAI%253Atrue%252CisSkip%253Afalse%252CexId%253A72761623170725487153w1%252Cuuid%253A1791377123393771354%252CdiSrc%253A0%252Coc%253A1200%252Crc%253A1200%252Cip%253A144.160.228.0%252CisFp%253A0%252Cdvct%253A27%252Cfcc%253A3%252Ctagid%253A20459933223%252Csid%253A1068%252Cp39%253A8%252Cge%253A%26ep%3D0.30366%26ri%3D82faa14aa6cda4c35a076ef4bca8e910%26rs%3D%26ai%3D4808531%26rt%3D1371499%26re%3D46699%26ug%3D20459933223%26pv%3D0%26ra%3D1707264000.6983680920526927%26rb%3D35927%26ca%3D%26rc%3D%26rd%3D%26ua%3D%26ub%3D%26uc%3D%26ud%3D%26ue%3D%26pa%3Dppre1707264006500%26pb%3D%26pc%3D%26pd%3D%26pg%3D%26ct%3D1623170726400%26di%3D%26app%3D0%26pe%3Dhttps%253A%252F%252Fs.yimg.com%252Frq%252Fdarla%252F4-6-0%252Fhtml%252Fr-sf.html%26pf%3Dhttps%253A%252F%252Fwww.yahoo.com%252F%26sig%3D2147483615%2C805507055%26loc%3Dhttps%3A%2F%2Fwww.yahoo.com%26dtv%3D1$0;xdt=0;crlt=5drtY6P.ks;sttr=34;prcl=s
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://a.rfihub.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlrH3-8DCE8z5XOGKAiCeQ1ShDxz1cSbS_kcxGCYitMABcfyV4gcqK8G2LsxuY
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://a.rfihub.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 08 Jun 2021 18:32:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
server: cafe
content-length: 15744
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK Cookie set tk.gif
a.rfihub.com/ 42 B
882 B 38ms
37ms Image
image/gif 193.0.160.129
ROCKETFUEL

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.rfihub.com/tk.gif?rb=35927&re=46699&aa=4808531,120254775,2130801,121218681,173211,1371499,82faa14aa6cda4c35a076ef4bca8e910,https%3A%2F%2Fwww.capitalone.com%2F,39533,525265,40641537,453233,1139811&pa=ppre1707264006500&id=&mt=1&dc=3&di=&hci=&uuid=1791377123393771354&disrc=0&ra=1771482030.8713414601726863&ct=1623177148203
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 193.0.160.129 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software: Jetty(9.3.29.v20201019) /
Resource Hash: 47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292

Request headers

Pragma: no-cache
Sec-Fetch-Site: same-origin
Accept-Encoding: gzip, deflate, br
Host: a.rfihub.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: no-cors
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control: no-cache
Sec-Fetch-Dest: image
Referer: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Cookie: ub=H4sIAAAAAAAAAOOKT3R09SoKCU53tLV19EgxNDc2MjR0dDJ0dHR0Sk2tyinJdASKJ2MXd8rAEElHEwEAdoBayGEAAAA; rud=H4sIAAAAAAAAAOMSNjS3NDQ2Nzc0Mja2BNHGpiZCfIa6iWHhZWF5Zk6FZpWpUryGZkbGhkBJE3OgGgCxY05CNAAAAA; ruds=H4sIAAAAAAAAAOMSNjS3NDQ2Nzc0Mja2BNHGpiZCfIa6iWHhZWF5Zk6FZpWpACvICc4lAAAA; eud=H4sIAAAAAAAAAOOSMXR2dA129TAyqPJNzPP3s4hyTPIytAg2NC-JcA3iNTQzMjY0Nzc0sTA0N5jFiOCbWxqbr0Ljn0Ljv0Lj_0LjT2JC5c9C4y9C469C429C4-9C439C18-Cyr-Fxt_EimYeN5r70fiLhFH5j9D4AOMtMghdAQAA; euds=H4sIAAAAAAAAAOOSMXR2dA129TAyqPJNzPP3s4hyTPIytAg2NC-JcAUAJS320x4AAAA
Connection: keep-alive
Referer: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Tue, 08 Jun 2021 18:32:28 GMT
Cache-Control: no-cache
Server: Jetty(9.3.29.v20201019)
Set-Cookie: eud=H4sIAAAAAAAAAOOSMXR2dA129TAyqPJNzPP3s4hyTPIytAg2NC-JcA3iNTQzMjY0Nzc0sTA0N5jFiOCbWxqbr0Ljn0Ljv0Lj_0LjT2JC5c9C4y9C469C429C4-9C439C18-Cyr-Fxt_EimYeN5r70fiLhFH5j9D4AOMtMghdAQAA; Path=/; Domain=.rfihub.com; Expires=Sun, 3 Jul 2022 18:32:28 GMT; Secure; SameSite=None rud=H4sIAAAAAAAAAOMSNjS3NDQ2Nzc0Mja2BNHGpiZCfIa6iWHhZWF5Zk6FZpWpUryGZkbGhkBJE3OgGgCxY05CNAAAAA; Path=/; Domain=.rfihub.com; Expires=Sun, 3 Jul 2022 18:32:28 GMT; Secure; SameSite=None ruds=H4sIAAAAAAAAAOMSNjS3NDQ2Nzc0Mja2BNHGpiZCfIa6iWHhZWF5Zk6FZpWpACvICc4lAAAA; Path=/; Domain=.rfihub.com; Secure; SameSite=None
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 42
Content-Type: image/gif

GET
H2 200 cap
choices.trustarc.com/ 43 B
382 B 123ms
122ms Image
image/gif 52.84.174.88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://choices.trustarc.com/cap?aid=zetaglobal01&pid=zeta01&cid=101619&w=300&h=250&c=49b8
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.174.88 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-174-88.cdg50.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 18:32:28 GMT
via: 1.1 1c6904dfe9ea43b8174ab14c939bf754.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: CDG50-P1
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: UBtKWqmvHdFVym-SAJetBCud0EAb9Ztg5Pbu2knegCz5um3GIr34rg==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK bsevent.gif
tps20512.doubleverify.com/ 807 B
1 KB 94ms
32ms Image
image/gif 213.254.244.22
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20512.doubleverify.com/bsevent.gif?impid=ff54b25e1e264694a2d55dcd4ed1b11b&dvp_or1=1&cbust=1623177148240279
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 18:32:27 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 6/7/2021 6:32:28 PM

GET
H/1.1 200
OK bsevent.gif
tps20512.doubleverify.com/ 807 B
1 KB 92ms
30ms Image
image/gif 213.254.244.22
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tps20512.doubleverify.com/bsevent.gif?impid=ff54b25e1e264694a2d55dcd4ed1b11b&dvp_or2=1&cbust=1623177148240503
Requested by: Host: a.rfihub.com
URL: https://a.rfihub.com/sed?w=300&h=250&co=optimize%3Afalse%2CserverId%3Asjc-240%2CnewUser%3Afalse%2CscoreMicroClicks%3A151%2CscoreMicroConversions%3A0%2CuV%3A735264%2CuG%3A0%2CuE%3A0%2CuD%3A0%2Curl%3Asjc-240.sjc-rtb1.rfihub.net%2CbB%3Atrue%2Cbt%3A1623170725630%2Csej%3Afalse%2Cmt%3A1%2Cdid%3Atid_1371499%7Cmed_regular%2CisAI%3Atrue%2CisSkip%3Afalse%2CexId%3A72761623170725487153w1%2Cuuid%3A1791377123393771354%2CdiSrc%3A0%2Coc%3A1200%2Crc%3A1200%2Cip%3A144.160.228.0%2CisFp%3A0%2Cdvct%3A27%2Cfcc%3A3%2Ctagid%3A20459933223%2Csid%3A1068%2Cp39%3A8%2Cge%3A&ep=0.30366&ri=82faa14aa6cda4c35a076ef4bca8e910&rs=&ai=4808531&rt=1371499&re=46699&ug=20459933223&pv=0&ra=1707264000.6983680920526927&rb=35927&ca=&rc=&rd=&ua=&ub=&uc=&ud=&ue=&pa=ppre1707264006500&pb=&pc=&pd=&pg=&ct=1623170726400&di=&app=0&pe=https%3A%2F%2Fs.yimg.com%2Frq%2Fdarla%2F4-6-0%2Fhtml%2Fr-sf.html&pf=https%3A%2F%2Fwww.yahoo.com%2F&sig=2147483615,805507055&loc=https://www.yahoo.com&dtv=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 213.254.244.22 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: Microsoft-IIS/10.0 /
Resource Hash: 78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 08 Jun 2021 18:32:27 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
Content-Type: image/gif
Cache-Control: max-age=0
Content-Length: 860
Expires: 6/7/2021 6:32:28 PM

GET
H2 200 COVID_PSA_MASKMOJI_ENGLISH_300x250.jpg
s0.2mdn.net/2276943/ Frame 122A 45 KB
46 KB 30ms
7ms Image
image/jpeg 2a00:1450:4001:803::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/2276943/COVID_PSA_MASKMOJI_ENGLISH_300x250.jpg

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N1395.150740DOUBLEVERIFY/B23901103.270465854;dc_ver=75.217;sz=300x250;u_sd=1;nel=1;dc_adk=4082688182;ord=abrypo;click=https%3A%2F%2Fa.rfihub.com%2Faci%2Fb%2Fc3Q9aHRtbCZhYT00ODA4NTMxLDEyMDI1NDc3NSwyMTMwODAxLDEyMTIxODY4MSwxNzMyMTEsMTM3MTQ5OSw4MmZhYTE0YWE2Y2RhNGMzNWEwNzZlZjRiY2E4ZTkxMCxwLDM5NTMzLDUyNTI2NSw0MDY0MTUzNyw0NTMyMzMsMTEzOTgxMSZtdD0xJnJiPTM1OTI3JnJlPTQ2Njk5JmhjaT0mdXVpZD0xNzkxMzc3MTIzMzkzNzcxMzU0JmRpPSZkYz0zJmRpc3JjPTAmYmlwPTgyLjEwMi4xOC4xMTQmZGlkPXRpZF8xMzcxNDk5fG1lZF9yZWd1bGFyJmxpbXA9MQ..%2Fn%2F;uach=%5B%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%5B%5D%5D;dc_rfl=0,https%3A%2F%2Fa.rfihub.com%2Fsed%3Fw%3D300%26h%3D250%26co%3Doptimize%253Afalse%252CserverId%253Asjc-240%252CnewUser%253Afalse%252CscoreMicroClicks%253A151%252CscoreMicroConversions%253A0%252CuV%253A735264%252CuG%253A0%252CuE%253A0%252CuD%253A0%252Curl%253Asjc-240.sjc-rtb1.rfihub.net%252CbB%253Atrue%252Cbt%253A1623170725630%252Csej%253Afalse%252Cmt%253A1%252Cdid%253Atid_1371499%257Cmed_regular%252CisAI%253Atrue%252CisSkip%253Afalse%252CexId%253A72761623170725487153w1%252Cuuid%253A1791377123393771354%252CdiSrc%253A0%252Coc%253A1200%252Crc%253A1200%252Cip%253A144.160.228.0%252CisFp%253A0%252Cdvct%253A27%252Cfcc%253A3%252Ctagid%253A20459933223%252Csid%253A1068%252Cp39%253A8%252Cge%253A%26ep%3D0.30366%26ri%3D82faa14aa6cda4c35a076ef4bca8e910%26rs%3D%26ai%3D4808531%26rt%3D1371499%26re%3D46699%26ug%3D20459933223%26pv%3D0%26ra%3D1707264000.6983680920526927%26rb%3D35927%26ca%3D%26rc%3D%26rd%3D%26ua%3D%26ub%3D%26uc%3D%26ud%3D%26ue%3D%26pa%3Dppre1707264006500%26pb%3D%26pc%3D%26pd%3D%26pg%3D%26ct%3D1623170726400%26di%3D%26app%3D0%26pe%3Dhttps%253A%252F%252Fs.yimg.com%252Frq%252Fdarla%252F4-6-0%252Fhtml%252Fr-sf.html%26pf%3Dhttps%253A%252F%252Fwww.yahoo.com%252F%26sig%3D2147483615%2C805507055%26loc%3Dhttps%3A%2F%2Fwww.yahoo.com%26dtv%3D1$0;xdt=0;crlt=5drtY6P.ks;sttr=34;prcl=s

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

885170fb29ca49c9c870b7463a9f2c8dd78544b927a74450ad8ba02adfaae856

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 07:51:15 GMT
x-content-type-options: nosniff
last-modified: Fri, 25 Sep 2020 16:12:09 GMT
server: sffe
age: 38473
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46365
x-xss-protection: 0
expires: Wed, 09 Jun 2021 07:51:15 GMT

GET
H2 200 sodar_loader.js Show response
pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/xfa/ Frame 122A 10 KB
4 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/xfa/sodar_loader.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1a0b09cbb763ef7e1ab6183b36a3ff732a874dc4faa20f375c807d8ade0438d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 17:08:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 5053
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4190
x-xss-protection: 0
server: cafe
etag: 13053538017912979805
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Jun 2021 17:08:15 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/elements/html/ Frame 122A 8 KB
3 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:27:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 290
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 22 Jun 2021 18:27:38 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 122A 122 KB
37 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f28c37beb838d695f95710805308cfe7f1fcc286bd744ab0184a23a10d5a4ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:32:28 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1623066169988846"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37960
x-xss-protection: 0
expires: Tue, 08 Jun 2021 18:32:28 GMT

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 122A 0
60 B 108ms
41ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvR4KsoZArzsG1Ar-u1Fp3KqwTrK9Dvdrab2SzR66kMindhi_-s9jx6-7LnypuiKkVsp_aJI4d6bB1ySN8xFFkZu1LVDthiXA4LYLl1v1mPjeCRT5FEn4_J8FEDLeteVHAbdAVeWFeOkWrsFDBc&sig=Cg0ArKJSzN1E4-vAReBmEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cstd=0&cisv=r20210603.43992&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 18:32:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 122A 41 KB
15 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 06:20:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 43935
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jun 2022 06:20:13 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 122A 6 KB
4 KB 27ms
25ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/xfa/sodar_loader.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8d17cfc62886642ffd6cb7ead0cf2762cd3be25fe5c38f61f4244ba5fafc521e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 18:32:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4361
x-xss-protection: 0

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 165C 22 KB
8 KB 17ms
14ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://ad.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://ad.doubleclick.net/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Tue, 08 Jun 2021 14:44:09 GMT
expires: Wed, 08 Jun 2022 14:44:09 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 13699
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 122A 0
528 B 43ms
40ms Ping
image/gif 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Tue, 08 Jun 2021 18:32:28 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 122A 17 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20210603/r20110914/xfa/sodar_loader.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 18:32:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1616005470650935"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6437
x-xss-protection: 0
expires: Tue, 08 Jun 2021 18:32:28 GMT

GET
H3-29 200 tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js Show response
pagead2.googlesyndication.com/bg/ Frame 165C 14 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 14:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15594
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jun 2022 14:12:34 GMT

GET
H3-29 200 tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js Show response
pagead2.googlesyndication.com/bg/ Frame A64D 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/tE64XG1cXAHgdRZqLuUmMLCyOuQ9s7LE_kL_xOEQzyo.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 08 Jun 2021 14:12:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 15594
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5784
x-xss-protection: 0
last-modified: Mon, 31 May 2021 08:58:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 08 Jun 2022 14:12:34 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 165C 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BCPvjvLe_YIfoEYLT3gOwlrSYAgAAAAA4AeAEAg&bg=!Y2ClYCTNAAY6sG-_OrA7ACkAdvg8WshcIKszG2yVP3h3msqA7J_ZYdc4dgeISPeIPCLoJl8VPMwnSAIAAABbUgAAAAdoAQcKAMWisgXdSogLZ7oqdA6ut3-ulEAvac5vDdryUk-6rjqcrXbpVw6GqEadzwXDDhJtkoxRdjrIT3XhukvzhMXyUFjucknJAVCmWqpFhZMOIus2Qtl3khy3loDDq9x-MUOPhfsFovIEfQU7bkftK3Zg9vu7slpqz6FOqXIwspig8nhro_UXv6D2llUMnwS2aN1HmFYEaVjnmUbvgsbUaBQGu-7dyjRNtWMjyCdXOy-cVuo6GmcbxBY8NAAXWmfer9BkTEjk-Z1brZkCjg-Uo6xiJ2JJokHJINqx4vpOrH7KHi1DS9NsFNyOw4UR6sTgAyudSXbPU1y9TVhlJn52J7y3MbjgpKJbaG3ejiTjgg4RhpRToBF2zJ5ek0N8si33g3EdEsOrZSHMqSYYJG_mLynv0A0VaR6c2afzzl4ghM3kT2IZ8fJ0hprLXl7xdb8KCBqul11chDcSNnTv-upHfUCo3tzXyW5w-Y-wq03e4YfS31qLJLYqgkehieZgw11UbBecQdBNHExhdCeyaGHc-unktp6NHuoI0roMk7_NNms3aKYJuQBdP8uawdGQWPzrtNhbmn24VaQuHmaPFTmuq5c7d-Vl-twSKPrsDFct5n8m6wdzifqp0cDLTrW2C2caLdjZXNUh9D_n6J0Fy75e0Yuwav9FJ9Q9xBWr0n7eWOoeteapdwVoFwB4SQ54NmhkYBtguMUgMiw0vpTYS47eON55rfp4tFJ1jQai6pjqYBwOP_4Mi9LtGU3wVkVHQcriXqKxAbH12ngyJ29nE8v1hhcYa_7amviE_vnmvnjx4oCR-hYsw5eO8rN8JVs6SjMSfjBUi_cE2QedXKos2SYQt0m4QIpt6N91DjZWtHn9MEccl_L7LO4Fp6E_SLQr-BQS53noOTc3RrItP9qGe_d7fXiqesMnLH1ORq0WPd-sfcX8dMHDqyZ7HXvizSvUSeCI2C85OadM_36Co9EE57XijsPpIdITAbyVe3nF3StMEty2wjhFJryMl64Y9XUOhOdD7FBNktDMm6c1A9CJZaL0uIxkeJ1prthuGAsbME5Nppv4hXL5MU1_QStV4ryr8l-whAHQIbC-Q4aWXr1_gaqdYK5T6oIqU3DedgVY890Sv3QdOdHarN6ZVG_Qjg

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 18:32:28 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 get
choices.trustarc.com/ 287 B
631 B 22ms
21ms Image
image/png 52.84.174.88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://choices.trustarc.com/get?name=admarker-icon-tr.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.84.174.88 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-84-174-88.cdg50.r.cloudfront.net

Software

nginx /

Resource Hash

821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Security Headers

Name	Value
X-Frame-Options	ALLOWALL

Request headers

Referer: https://a.rfihub.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Tue, 18 May 2021 21:15:29 GMT
via: 1.1 1c6904dfe9ea43b8174ab14c939bf754.cloudfront.net (CloudFront)
server: nginx
age: 1804620
x-frame-options: ALLOWALL
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: CDG50-P1
content-length: 287
x-amz-cf-id: yyHfBUp3rQ2t5nmH58JY7FmqvNg-4hYOGaLMmju5fPeK3dFfxKuvTw==
expires: Thu, 17 Jun 2021 21:15:29 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 122A 42 B
64 B 14ms
14ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvyz7r9-F4r5V5Cp8mhbV6-Rp5EOQACtKE7f8-554171xeuOicdelc4gUqSoII9HePPdc7pvVNmatX741Ewpk6kFS8e7-l_&sig=Cg0ArKJSzOSnvHeO2t-NEAE&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210607&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=33&adk=4082688182&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdXQ%3D%3D&vs=4&eosm=0&r=v

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 08 Jun 2021 18:32:29 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 6431 287 B
631 B 21ms
21ms Image
image/png 52.84.174.88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://choices.trustarc.com/get?name=admarker-icon-tr.png

Requested by

Host: choices.trustarc.com
URL: https://choices.trustarc.com/ca?pid=zeta01&aid=zetaglobal01&cid=101619&c=bfff50f5-c3d4-47f1-be78-f351c642e359&w=300&h=250&plc=tr

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.84.174.88 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-84-174-88.cdg50.r.cloudfront.net

Software

nginx /

Resource Hash

821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1

Security Headers

Name	Value
X-Frame-Options	ALLOWALL

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Tue, 18 May 2021 21:15:29 GMT
via: 1.1 1c6904dfe9ea43b8174ab14c939bf754.cloudfront.net (CloudFront)
server: nginx
age: 1804620
x-frame-options: ALLOWALL
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: CDG50-P1
content-length: 287
x-amz-cf-id: dhdzQkwuJ_btNNsG2z996fm5RVkGo-S9OVurF9qLNBep8qMEUWgOew==
expires: Thu, 17 Jun 2021 21:15:29 GMT

GET
H2 200 get
choices.trustarc.com/ Frame 6431 739 B
1 KB 21ms
21ms Image
image/png 52.84.174.88
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://choices.trustarc.com/get?name=admarker-full-tr.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.84.174.88 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-84-174-88.cdg50.r.cloudfront.net

Software

nginx /

Resource Hash

093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e

Security Headers

Name	Value
X-Frame-Options	ALLOWALL

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: public
date: Sat, 29 May 2021 23:07:30 GMT
via: 1.1 1c6904dfe9ea43b8174ab14c939bf754.cloudfront.net (CloudFront)
server: nginx
age: 847499
x-frame-options: ALLOWALL
x-cache: Hit from cloudfront
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=2592000
x-amz-cf-pop: CDG50-P1
content-length: 739
x-amz-cf-id: 7hSLI8Meszf3hc2m28N_ZOVeAzc22M0wM0aUr9q2gOPeLZu5dzkFoQ==
expires: Mon, 28 Jun 2021 23:07:30 GMT

Verdicts & Comments Add Verdict or Comment

113 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 04:14:33	Name: IDE Value: AHWqTUlrH3-8DCE8z5XOGKAiCeQ1ShDxz1cSbS_kcxGCYitMABcfyV4gcqK8G2LsxuY
.rfihub.com/	1969-12-31 23:59:59	Name: euds Value: H4sIAAAAAAAAAOOSMXR2dA129TAyqPJNzPP3s4hyTPIytAg2NC-JcFUSKDMMNS0PtASC1Nz8QqPAVYwCkT7xxmWOjk5RpRlumelO6QAbg3wsQwAAAA
.rfihub.com/	1970-01-20 04:14:33	Name: eud Value: H4sIAAAAAAAAAOOSMXR2dA129TAyqPJNzPP3s4hyTPIytAg2NC-JcA3iNTQzMjY0Nzc0sTA0N5jFiOCbWxqbr0Ljn0Ljv0Lj_0LjT2JC5c9C4y9C469C429C4-9C439C18-Cyr-Fxl_EKhDpE29c5ujoFFWa4ZaZ7pS-ihUpCExMLTexolnJjeZFNP4iYVT-IzQ-AEYSlvyAAQAA
.rfihub.com/	1969-12-31 23:59:59	Name: ruds Value: H4sIAAAAAAAAAOMSNjS3NDQ2Nzc0Mja2BNHGpiZCfIa6iWHhZWF5Zk6FZpWpACvICc4lAAAA
.rfihub.com/	1970-01-20 04:14:33	Name: cmd Value: H4sIAAAAAAAAAONiNBTiNTQzMjY0Nzc0sTA2MgMA1rIWVRIAAAA
.rfihub.com/	1970-01-20 04:14:33	Name: rud Value: H4sIAAAAAAAAAOMSNjS3NDQ2Nzc0Mja2BNHGpiZCfIa6iWHhZWF5Zk6FZpWpUryGZkbGhkBJE3OgGgCxY05CNAAAAA
.rfihub.com/	1970-01-20 04:14:33	Name: ub Value: H4sIAAAAAAAAAOOKT3R09SoKCU53tLV19EgxNDc2MjR0dDJ0dHR0Sk2tyinJdASKJ2MXd8rAEElHEwEAdoBayGEAAAA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20794017p.rfihub.com
a.rfihub.com
aa.agkn.com
ad.doubleclick.net
ads.yahoo.com
beacon.krxd.net
bpi.rtactivate.com
bs.serving-sys.com
c1.rfihub.net
cdn.doubleverify.com
cdn3.doubleverify.com
choices.trustarc.com
cm.g.doubleclick.net
contextual.media.net
dpm.demdex.net
dsum-sec.casalemedia.com
googleads4.g.doubleclick.net
ib.adnxs.com
idsync.rlcdn.com
live.rezync.com
p.rfihub.com
pagead2.googlesyndication.com
partners.tremorhub.com
pixel.rubiconproject.com
ps.eyeota.net
rtb0.doubleverify.com
rtbcdn.doubleverify.com
s0.2mdn.net
sb.scorecardresearch.com
secure-us.imrworldwide.com
stags.bluekai.com
sync-tm.everesttech.net
sync.search.spotxchange.com
tpc.googlesyndication.com
tps20512.doubleverify.com
www.googletagservices.com
x.bidswitch.net
x.dlx.addthis.com
142.250.185.194
142.250.186.38
142.250.186.98
143.204.98.95
151.101.114.49
185.33.221.87
185.94.180.126
193.0.160.129
2.18.234.21
2.18.235.93
213.254.244.22
23.45.99.241
2600:1f18:612b:4264:262e:5ecd:5178:9f8
2600:9000:2156:6800:1:76cf:fe80:93a1
2a00:1288:80:800::7001
2a00:1450:4001:803::2006
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:813::2001
2a00:1450:4001:827::2002
2a00:1450:4001:82b::2002
2a02:26f0:6c00:2b2::4469
3.124.210.90
35.244.174.68
52.17.93.232
52.208.207.77
52.22.87.103
52.222.174.20
52.56.111.113
52.57.230.211
52.84.174.88
69.173.144.139
82.199.68.72
99.80.93.68
093d94d4b660253c55e87d4503dffcb6cedc8f222f9d85d1faa68ff619ac9d3e
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1a0b09cbb763ef7e1ab6183b36a3ff732a874dc4faa20f375c807d8ade0438d9
288d2e348d7093c21d63c969e0722a975cfea40fa23b8f400b3dd3cc7559925c
2f28c37beb838d695f95710805308cfe7f1fcc286bd744ab0184a23a10d5a4ec
47043e4823a6c21a8881de789b4185355330b5804629d23f6b43dd93f5265292
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
579a172ca2c700734ebcfa06d105a134f31ec2357660e58e0874cfdee8472fd4
5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3
7529b11940f8a77767d97b70e5392487b7fffeb7bcd408da18bdc71665a81d41
78fdf5abc0ba7951eb52c6d66c9d1a9f8766f4d1c60ca05173c26623de3f3416
821262a8c32b52639f97ddf4f34c494e82156651752608fa6a23ffa3df2f84b1
86b5af8a8c0eecb101f9b4f24275144e9cd8cb6139db3766957e834858171354
86be5d6a3d661fd3d5d72f254a347dec5c66cad569117f51dad297acba02f558
885170fb29ca49c9c870b7463a9f2c8dd78544b927a74450ad8ba02adfaae856
8d17cfc62886642ffd6cb7ead0cf2762cd3be25fe5c38f61f4244ba5fafc521e
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9e2ef853ac6f7c0aa87429d333af481f1f054ccc1370622f290032a345a5ae84
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a256529bd5b1b8846f8d2536ce7581fb6cea4479992f222d01535903dff48d79
aa0f3194c049b30a93f86ad8f15dc89c13ae5289df47343645ef4eb738bcdb35
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b44eb85c6d5c5c01e075166a2ee52630b0b23ae43db3b2c4fe42ffc4e110cf2a
c61a719b48533a1fa932729f4927ba1377a96c441b0d6a427096b867742b4645
d03755898b05a3d69377bf7da16ccb307e789a0f569b4dbbcb7b29bdecf967c5
d48792bcfe22f120e4714680f5aa5d0a72ab213a41da0af59d001f513328201c
dc2bcf1cb85cd51019d3e935815554c42e077b0ef2df9cdf4779ec8ed72721a8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6c9aaf36bcf57fd7fd87c21ddfbff8bdaa6da3bfa9a35e1b2fc4e90bdfe756
f7c1022dbae2ac5b2997f6e92f1f25907b053736a52aa40753fb44fcf4760370

a.rfihub.com Open in urlscan Pro 193.0.160.129 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

58 Requests

100 %HTTPS

29 %IPv6

29 Domains

38 Subdomains

31 IPs

5 Countries

247 kBTransfer

525 kBSize

7 Cookies

0 Outgoing links

Redirected requests

58 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

a.rfihub.com Open in urlscan Pro
193.0.160.129 Public Scan

Screenshot
Live screenshot

Full Image

58
Requests

100 %
HTTPS

29 %
IPv6

29
Domains

38
Subdomains

31
IPs

5
Countries

247 kB
Transfer

525 kB
Size

7
Cookies

58 HTTP transactions
0 data transactions