paint.toys
3.33.186.135 Public Scan Open in urlscan Pro

Go To Rescan
Add Verdict Report

Submitted URL:
https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyMC0yNTg5OTkyMi0xMDA4M... 4mo old
Effective URL:
https://paint.toys/oil/ 6yr old
Submission: On March 24 via api (March 24th 2026, 12:57:23 am UTC) from BE — Scanned from AU

Summary HTTP 443 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 134 IPs in 12 countries across 110 domains to perform 443 HTTP transactions. The main IP is 3.33.186.135, located in United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is paint.toys. 6yr old
TLS certificate: Issued by E8 on January 28th 2026. Valid for: 3mo.

This is the only time paint.toys was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 2	103.29.183.22 103.29.183.22	150393 (LWPL-AS-A...) (LWPL-AS-AP LAYER WEBHOST PVT. LIMITED)
1 8	3.33.186.135 3.33.186.135	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
17	104.18.21.56 104.18.21.56	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	142.250.195.136 142.250.195.136	15169 (GOOGLE) (GOOGLE - Google LLC)
1	142.250.195.234 142.250.195.234	15169 (GOOGLE) (GOOGLE - Google LLC)
2	34.8.176.186 34.8.176.186	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
19 37	142.250.183.34 142.250.183.34	15169 (GOOGLE) (GOOGLE - Google LLC)
1	142.250.183.35 142.250.183.35	15169 (GOOGLE) (GOOGLE - Google LLC)
1 8	104.18.20.56 104.18.20.56	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	3.175.115.110 3.175.115.110	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	172.66.171.133 172.66.171.133	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	108.158.21.92 108.158.21.92	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	185.199.110.133 185.199.110.133	54113 (FASTLY) (FASTLY - Fastly)
2	108.158.20.119 108.158.20.119	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	3.169.231.69 3.169.231.69	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	142.251.42.110 142.251.42.110	15169 (GOOGLE) (GOOGLE - Google LLC)
11	172.66.148.140 172.66.148.140	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
7	142.250.207.6 142.250.207.6	15169 (GOOGLE) (GOOGLE - Google LLC)
2	34.36.200.111 34.36.200.111	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1	104.20.20.189 104.20.20.189	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
14	142.250.195.142 142.250.195.142	15169 (GOOGLE) (GOOGLE - Google LLC)
1	104.18.10.207 104.18.10.207	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
8	52.91.215.149 52.91.215.149	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	172.217.25.202 172.217.25.202	15169 (GOOGLE) (GOOGLE - Google LLC)
8	182.161.73.131 182.161.73.131	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
7 13	162.19.138.117 162.19.138.117	16276 (OVH OVH SAS) (OVH OVH SAS)
1	54.254.93.97 54.254.93.97	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	100.55.136.84 100.55.136.84	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	79.127.255.4 79.127.255.4	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
2	18.213.222.188 18.213.222.188	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 13	13.237.11.119 13.237.11.119	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 4	18.139.188.200 18.139.188.200	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	108.158.27.219 108.158.27.219	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	3.175.115.79 3.175.115.79	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	54.169.114.26 54.169.114.26	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	104.18.26.193 104.18.26.193	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	146.190.187.27 146.190.187.27	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
1	35.219.182.198 35.219.182.198	15169 (GOOGLE) (GOOGLE - Google LLC)
5 6	103.43.90.53 103.43.90.53	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - Xandr Inc.)
1	69.173.158.65 69.173.158.65	26667 (RUBICONPR...) (RUBICONPROJECT - Magnite)
1	15.197.196.10 15.197.196.10	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 3	35.186.253.211 35.186.253.211	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1	54.151.166.244 54.151.166.244	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	18.139.66.122 18.139.66.122	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	104.85.231.104 104.85.231.104	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	172.66.166.119 172.66.166.119	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	172.66.169.55 172.66.169.55	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
3	130.211.23.194 130.211.23.194	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1	207.65.33.78 207.65.33.78	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
1	182.161.73.172 182.161.73.172	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
3	35.162.56.239 35.162.56.239	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
6 6	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
7 9	54.80.182.216 54.80.182.216	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
8 8	183.177.68.210 183.177.68.210	10310 (YAHOO-1) (YAHOO-1 - Yahoo Holdings Inc.)
1	141.95.33.120 141.95.33.120	16276 (OVH OVH SAS) (OVH OVH SAS)
13	72.34.249.225 72.34.249.225	27630 (AS-XFERNET) (AS-XFERNET - XFERNET)
1	3.175.115.10 3.175.115.10	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1	34.96.70.87 34.96.70.87	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1	182.161.73.173 182.161.73.173	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
1	54.36.119.82 54.36.119.82	16276 (OVH OVH SAS) (OVH OVH SAS)
3	162.19.138.83 162.19.138.83	16276 (OVH OVH SAS) (OVH OVH SAS)
1	3.237.175.195 3.237.175.195	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	35.190.39.111 35.190.39.111	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
2 16	3.0.38.223 3.0.38.223	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	142.250.195.129 142.250.195.129	15169 (GOOGLE) (GOOGLE - Google LLC)
23	142.250.195.226 142.250.195.226	15169 (GOOGLE) (GOOGLE - Google LLC)
3 3	198.8.71.130 198.8.71.130	54312 (ROCKETFUEL) (ROCKETFUEL - Rocket Fuel Inc.)
11 11	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
8 8	35.213.7.90 35.213.7.90	19527 (GOOGLE-2) (GOOGLE-2 - Google LLC)
3 4	151.101.130.58 151.101.130.58	54113 (FASTLY) (FASTLY - Fastly)
3 3	207.65.33.79 207.65.33.79	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
1 13	207.65.33.82 207.65.33.82	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
1 7	207.65.33.76 207.65.33.76	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
3 3	34.36.216.150 34.36.216.150	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
6 10	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1 3	54.251.237.125 54.251.237.125	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	216.200.232.253 216.200.232.253	30419 (PAEDAE-INC) (PAEDAE-INC - PaeDae)
5 5	185.184.8.90 185.184.8.90	204995 (RTB-HOUSE...) (RTB-HOUSE-AMS RTB Marketing and Tech Services Ltd)
2 2	74.214.196.131 74.214.196.131	19189 (PULSEPOINT) (PULSEPOINT - Pulsepoint Inc)
4 6	103.43.89.4 103.43.89.4	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - Xandr Inc.)
1	80.77.82.130 80.77.82.130	46636 (NATCOWEB) (NATCOWEB - NatCoWeb Corp.)
1 2	172.67.75.205 172.67.75.205	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 4	98.82.156.207 98.82.156.207	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2 3	104.17.201.65 104.17.201.65	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 3	172.64.146.152 172.64.146.152	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 3	54.71.255.99 54.71.255.99	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 3	150.171.22.12 150.171.22.12	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
2	52.86.211.58 52.86.211.58	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
3	23.221.132.242 23.221.132.242	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	104.18.25.18 104.18.25.18	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	151.101.129.108 151.101.129.108	54113 (FASTLY) (FASTLY - Fastly)
1 8	34.98.64.218 34.98.64.218	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
2	47.129.15.147 47.129.15.147	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
8	184.31.253.153 184.31.253.153	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	159.89.52.47 159.89.52.47	14061 (DIGITALOC...) (DIGITALOCEAN-ASN - DigitalOcean)
2 2	184.27.43.153 184.27.43.153	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2 2	16.146.220.77 16.146.220.77	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	3.175.115.80 3.175.115.80	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	108.158.20.75 108.158.20.75	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
12 21	69.173.158.64 69.173.158.64	26667 (RUBICONPR...) (RUBICONPROJECT - Magnite)
5	172.217.25.193 172.217.25.193	15169 (GOOGLE) (GOOGLE - Google LLC)
1	51.195.34.222 51.195.34.222	16276 (OVH OVH SAS) (OVH OVH SAS)
2	51.195.34.220 51.195.34.220	16276 (OVH OVH SAS) (OVH OVH SAS)
2	135.125.146.86 135.125.146.86	16276 (OVH OVH SAS) (OVH OVH SAS)
2	51.195.115.36 51.195.115.36	16276 (OVH OVH SAS) (OVH OVH SAS)
1	135.125.146.80 135.125.146.80	16276 (OVH OVH SAS) (OVH OVH SAS)
1	51.195.73.74 51.195.73.74	16276 (OVH OVH SAS) (OVH OVH SAS)
1	51.195.126.30 51.195.126.30	16276 (OVH OVH SAS) (OVH OVH SAS)
2	51.195.127.115 51.195.127.115	16276 (OVH OVH SAS) (OVH OVH SAS)
1	51.195.73.71 51.195.73.71	16276 (OVH OVH SAS) (OVH OVH SAS)
2	51.195.73.113 51.195.73.113	16276 (OVH OVH SAS) (OVH OVH SAS)
1	51.195.127.100 51.195.127.100	16276 (OVH OVH SAS) (OVH OVH SAS)
1 1	44.207.129.19 44.207.129.19	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	150.171.27.10 150.171.27.10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
3 4	34.142.217.223 34.142.217.223	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
4 4	13.214.211.90 13.214.211.90	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
5 5	35.77.190.60 35.77.190.60	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	35.213.50.78 35.213.50.78	19527 (GOOGLE-2) (GOOGLE-2 - Google LLC)
3 3	182.161.73.175 182.161.73.175	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
2	54.165.213.217 54.165.213.217	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
4	207.65.33.86 207.65.33.86	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
7	182.161.73.164 182.161.73.164	55569 (CRITEO-AS...) (CRITEO-AS-AP Criteo APAC)
5 5	13.238.69.64 13.238.69.64	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	3.112.152.219 3.112.152.219	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	8.2.109.252 8.2.109.252	46636 (NATCOWEB) (NATCOWEB - NatCoWeb Corp.)
4 4	82.145.213.8 82.145.213.8	39832 (NO-OPERA ...) (NO-OPERA Opera Norway AS)
3 5	104.18.27.193 104.18.27.193	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	54.255.134.76 54.255.134.76	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 5	67.199.150.81 67.199.150.81	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
4 4	108.158.32.12 108.158.32.12	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	220.150.223.50 220.150.223.50	4686 (BEKKOAME ...) (BEKKOAME BEKKOAME INTERNET INC.)
4	23.46.10.245 23.46.10.245	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1 1	35.212.100.6 35.212.100.6	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	35.227.244.76 35.227.244.76	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1 1	104.16.55.62 104.16.55.62	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
5 6	185.84.60.23 185.84.60.23	198622 (ADFORM Ad...) (ADFORM Adform A/S)
20	67.199.150.86 67.199.150.86	62713 (AS-PUBMATIC) (AS-PUBMATIC - PubMatic)
2 2	35.213.45.194 35.213.45.194	19527 (GOOGLE-2) (GOOGLE-2 - Google LLC)
1 2	151.101.194.49 151.101.194.49	54113 (FASTLY) (FASTLY - Fastly)
2 2	103.229.10.180 103.229.10.180	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	35.186.193.173 35.186.193.173	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
2 2	50.31.142.191 50.31.142.191	23352 (SERVERCEN...) (SERVERCENTRAL - DEFT.COM)
1 1	172.233.225.103 172.233.225.103	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
2 2	172.64.150.63 172.64.150.63	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 1	172.104.35.51 172.104.35.51	63949 (AKAMAI-LI...) (AKAMAI-LINODE-AP Akamai Connected Cloud)
1 1	174.137.133.49 174.137.133.49	27257 (WEBAIR-IN...) (WEBAIR-INTERNET - Webair Internet Development Company Inc.)
2 2	18.139.40.15 18.139.40.15	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3 3	35.244.154.8 35.244.154.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1	107.178.254.65 107.178.254.65	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
9 10	95.173.218.112 95.173.218.112	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
1 1	37.157.2.235 37.157.2.235	198622 (ADFORM Ad...) (ADFORM Adform A/S)
5	52.42.137.213 52.42.137.213	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	23.46.10.246 23.46.10.246	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	23.221.132.28 23.221.132.28	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1 2	67.220.228.200 67.220.228.200	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	3.175.115.78 3.175.115.78	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	108.158.20.89 108.158.20.89	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 1	95.173.218.113 95.173.218.113	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
1 1	52.77.161.21 52.77.161.21	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	52.220.128.223 52.220.128.223	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
3	15.135.13.43 15.135.13.43	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	18.67.93.87 18.67.93.87	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 3	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
3	130.211.115.4 130.211.115.4	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM - Google LLC)
1 2	151.101.66.49 151.101.66.49	54113 (FASTLY) (FASTLY - Fastly)
1 1	50.116.239.137 50.116.239.137	6336 (TURN-US-ASN) (TURN-US-ASN - Turn Inc.)
2 2	54.179.144.225 54.179.144.225	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	18.138.18.111 18.138.18.111	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	195.5.165.20 195.5.165.20	44968 (IPROM-AS ...) (IPROM-AS IPROM d.o.o)
2	169.197.150.8 169.197.150.8	398989 (DEEPINTENT) (DEEPINTENT - DeepIntent)
6 6	52.220.98.53 52.220.98.53	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2 2	18.142.84.60 18.142.84.60	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	151.101.193.44 151.101.193.44	54113 (FASTLY) (FASTLY - Fastly)
443	134

2 103.29.183.22 (Netherlands) 1 redirects

ASN150393 (LWPL-AS-AP LAYER WEBHOST PVT. LIMITED, PK)
PTR: iiboox.com

qerty2.integrityss.com.au 4mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

8 3.33.186.135 (United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: afa7f374f51cc8991.awsglobalaccelerator.com

paint.toys 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

17 104.18.21.56 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.intergient.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
pbs.intergient.com 4mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 142.250.195.136 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: tzsyda-ab-in-f8.1e100.net

www.googletagmanager.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 142.250.195.234 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: pnsyda-af-in-f10.1e100.net

fonts.googleapis.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 34.8.176.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 186.176.8.34.bc.googleusercontent.com

faucetfoot.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

37 142.250.183.34 (United States) 19 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: bom12s11-in-f2.1e100.net

securepubads.g.doubleclick.net 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
cm.g.doubleclick.net 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 142.250.183.35 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: pnsyda-aj-in-f3.1e100.net

fonts.gstatic.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

8 104.18.20.56 (Ascension Island) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.intergient.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
prebid.intergient.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.175.115.110 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-3-175-115-110.syd3.r.cloudfront.net

impression-inferences-edge-prod.playwire.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.66.171.133 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

btloader.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 108.158.21.92 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-108-158-21-92.syd62.r.cloudfront.net

c.amazon-adsystem.com 12yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 185.199.110.133 (United States)

ASN54113 (FASTLY - Fastly, Inc., US)
PTR: cdn-185-199-110-133.github.com

raw.githubusercontent.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 108.158.20.119 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-108-158-20-119.syd62.r.cloudfront.net

tags.crwdcntrl.net 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.169.231.69 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-3-169-231-69.lax54.r.cloudfront.net

static.adsafeprotected.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 142.251.42.110 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: tzsyda-af-in-f14.1e100.net

www.google-analytics.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

11 172.66.148.140 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

ad-delivery.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

7 142.250.207.6 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: tzsyda-ah-in-f6.1e100.net

ad.doubleclick.net 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 34.36.200.111 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 111.200.36.34.bc.googleusercontent.com

ab.dns-finder.com 8mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 104.20.20.189 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

btloader.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

14 142.250.195.142 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: maa03s40-in-f14.1e100.net

fundingchoicesmessages.google.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 104.18.10.207 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

config.playwire.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

8 52.91.215.149 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-91-215-149.compute-1.amazonaws.com

carbon-cdn.ccgateway.net 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
privacy-location-edge.ccgateway.net 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
script-api.ccgateway.net 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.217.25.202 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: nrt12s13-in-f10.1e100.net

imasdk.googleapis.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

8 182.161.73.131 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

gum.criteo.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

13 162.19.138.117 (Frankfurt am Main, Germany) 7 redirects

ASN16276 (OVH OVH SAS, FR)
PTR: ns31533568.ip-162-19-138.eu

id5-sync.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 54.254.93.97 (Singapore, Singapore)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-254-93-97.ap-southeast-1.compute.amazonaws.com

id.crwdcntrl.net 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 100.55.136.84 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-100-55-136-84.compute-1.amazonaws.com

fid.agkn.com 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 79.127.255.4 (San Jose, United States)

ASN60068 (CDN77 Datacamp Limited, GB)
PTR: unn-79-127-255-4.datapacket.com

lexicon.33across.com 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 18.213.222.188 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-18-213-222-188.compute-1.amazonaws.com

idx.liadm.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

13 13.237.11.119 (Sydney, Australia) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-13-237-11-119.ap-southeast-2.compute.amazonaws.com

ps.eyeota.net 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 18.139.188.200 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-139-188-200.ap-southeast-1.compute.amazonaws.com

bcp.crwdcntrl.net 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
sync.crwdcntrl.net 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 108.158.27.219 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-108-158-27-219.syd3.r.cloudfront.net

aax.amazon-adsystem.com 12yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.175.115.79 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-3-175-115-79.syd3.r.cloudfront.net

config.aps.amazon-adsystem.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 54.169.114.26 (Singapore, Singapore)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-169-114-26.ap-southeast-1.compute.amazonaws.com

btlr.sharethrough.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 104.18.26.193 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

htlb.casalemedia.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 146.190.187.27 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)

exchange.cootlogix.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 35.219.182.198 (Las Vegas, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: 198.182.219.35.bc.googleusercontent.com

hb.yellowblue.io 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

6 103.43.90.53 (Singapore, Singapore) 5 redirects

ASN29990 (ASN-APPNEXUS - Xandr Inc., US)
PTR: 594.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

ib.adnxs.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
secure.adnxs.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 69.173.158.65 (Ashburn, United States)

ASN26667 (RUBICONPROJECT - Magnite, Inc., US)

fastlane.rubiconproject.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 15.197.196.10 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ae69789f15ba8a942.awsglobalaccelerator.com

direct.adsrvr.org 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 35.186.253.211 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 211.253.186.35.bc.googleusercontent.com

rtb.openx.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 54.151.166.244 (Singapore, Singapore)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-151-166-244.ap-southeast-1.compute.amazonaws.com

tlx.3lift.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 18.139.66.122 (Singapore, Singapore)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-139-66-122.ap-southeast-1.compute.amazonaws.com

g2.gumgum.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 104.85.231.104 (Melbourne, Australia)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-85-231-104.deploy.static.akamaitechnologies.com

secure.cdn.fastclick.net 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.66.166.119 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.hadronid.net 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.66.169.55 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.id5-sync.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 130.211.23.194 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 194.23.211.130.bc.googleusercontent.com

api.btloader.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 207.65.33.78 (Singapore)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

hbopenbid.pubmatic.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 182.161.73.172 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

grid-bidder.criteo.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 35.162.56.239 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-162-56-239.us-west-2.compute.amazonaws.com

cd836371f1d.cdn.intergient.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

6 3.33.220.150 (Seattle, United States) 6 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

9 54.80.182.216 (Ashburn, United States) 7 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-80-182-216.compute-1.amazonaws.com

sync.srv.stackadapt.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

8 183.177.68.210 (Hong Kong) 8 redirects

ASN10310 (YAHOO-1 - Yahoo Holdings Inc., US)
PTR: e1-ha.ycpi.aue.yahoo.com

ups.analytics.yahoo.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 141.95.33.120 (Germany)

ASN16276 (OVH OVH SAS, FR)
PTR: ns3203256.ip-141-95-33.eu

api.id5-sync.com 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

13 72.34.249.225 (United States)

ASN27630 (AS-XFERNET - XFERNET, US)

sync.go.sonobi.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.175.115.10 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-3-175-115-10.syd3.r.cloudfront.net

connectid.analytics.yahoo.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 34.96.70.87 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 87.70.96.34.bc.googleusercontent.com

invstatic101.creativecdn.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 182.161.73.173 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

static.criteo.net 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 54.36.119.82 (France)

ASN16276 (OVH OVH SAS, FR)

lbs.eu-1-id5-sync.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 162.19.138.83 (Frankfurt am Main, Germany)

ASN16276 (OVH OVH SAS, FR)
PTR: ns31532338.ip-162-19-138.eu

lb.eu-1-id5-sync.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.237.175.195 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-237-175-195.compute-1.amazonaws.com

pogo.ccgateway.net 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 35.190.39.111 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 111.39.190.35.bc.googleusercontent.com

esp.rtbhouse.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

16 3.0.38.223 (Singapore, Singapore) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com

eb2.3lift.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 142.250.195.129 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: maa03s40-in-f1.1e100.net

3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com 3mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

23 142.250.195.226 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: maa03s43-in-f2.1e100.net

pagead2.googlesyndication.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
googleads.g.doubleclick.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 198.8.71.130 (United States) 3 redirects

ASN54312 (ROCKETFUEL - Rocket Fuel Inc., US)

p.rfihub.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

11 35.71.131.137 (United States) 11 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

8 35.213.7.90 (Tokyo, Japan) 8 redirects

ASN19527 (GOOGLE-2 - Google LLC, US)
PTR: 90.7.213.35.bc.googleusercontent.com

x.bidswitch.net 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 151.101.130.58 (United States) 3 redirects

ASN54113 (FASTLY - Fastly, Inc., US)

www.temu.com 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 207.65.33.79 (Singapore) 3 redirects

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

image8.pubmatic.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

13 207.65.33.82 (Singapore) 1 redirects

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

image2.pubmatic.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

7 207.65.33.76 (Singapore) 1 redirects

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

image4.pubmatic.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
simage4.pubmatic.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 34.36.216.150 (Kansas City, United States) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 150.216.36.34.bc.googleusercontent.com

pixel-sync.sitescout.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

10 34.111.113.62 (Kansas City, United States) 6 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 54.251.237.125 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-251-237-125.ap-southeast-1.compute.amazonaws.com

sync.crwdcntrl.net 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 216.200.232.253 (United States) 2 redirects

ASN30419 (PAEDAE-INC - PaeDae, Inc., US)

sync.mathtag.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 185.184.8.90 (Amsterdam, Netherlands) 5 redirects

ASN204995 (RTB-HOUSE-AMS RTB Marketing and Tech Services Ltd, CY)
PTR: ip-185-184-8-90.rtbhouse.net

creativecdn.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 74.214.196.131 (Sunnyvale, United States) 2 redirects

ASN19189 (PULSEPOINT - Pulsepoint Inc, US)

bh.contextweb.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

6 103.43.89.4 (Singapore, Singapore) 4 redirects

ASN29990 (ASN-APPNEXUS - Xandr Inc., US)
PTR: 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

ib.adnxs.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 80.77.82.130 (Clifton, United States)

ASN46636 (NATCOWEB - NatCoWeb Corp., US)

cs.krushmedia.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 172.67.75.205 (Ascension Island) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

fei.pro-market.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 98.82.156.207 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-98-82-156-207.compute-1.amazonaws.com

s.amazon-adsystem.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 104.17.201.65 (Ascension Island) 2 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cm.mgid.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 172.64.146.152 (Ascension Island) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

capi.connatix.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 54.71.255.99 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-71-255-99.us-west-2.compute.amazonaws.com

dpm.demdex.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 150.171.22.12 (United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

px.ads.linkedin.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 52.86.211.58 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-86-211-58.compute-1.amazonaws.com

i.liadm.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 23.221.132.242 (Sydney, Australia)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-221-132-242.deploy.static.akamaitechnologies.com

ads.pubmatic.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 104.18.25.18 (Ascension Island)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js-sec.indexww.com 11yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 151.101.129.108 (United States)

ASN54113 (FASTLY - Fastly, Inc., US)

acdn.adnxs.com 11yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

8 34.98.64.218 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 218.64.98.34.bc.googleusercontent.com

playwire-d.openx.net 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
us-u.openx.net 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
jp-u.openx.net 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
u.openx.net 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 47.129.15.147 (Singapore, Singapore)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-47-129-15-147.ap-southeast-1.compute.amazonaws.com

usersync.gumgum.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

8 184.31.253.153 (Sydney, Australia)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a184-31-253-153.deploy.static.akamaitechnologies.com

eus.rubiconproject.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 159.89.52.47 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US)

sync.cootlogix.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 184.27.43.153 (Sydney, Australia) 2 redirects

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a184-27-43-153.deploy.static.akamaitechnologies.com

secure-assets.rubiconproject.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 16.146.220.77 (Boardman, United States) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-16-146-220-77.us-west-2.compute.amazonaws.com

dpm.demdex.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.175.115.80 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-3-175-115-80.syd3.r.cloudfront.net

secure-gl.imrworldwide.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 108.158.20.75 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-108-158-20-75.syd62.r.cloudfront.net

cdn.flashtalking.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

21 69.173.158.64 (Singapore, Singapore) 12 redirects

ASN26667 (RUBICONPROJECT - Magnite, Inc., US)

token.rubiconproject.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
pixel.rubiconproject.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 172.217.25.193 (United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: nrt12s13-in-f193.1e100.net

tpc.googlesyndication.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 51.195.34.222 (France)

ASN16276 (OVH OVH SAS, FR)
PTR: ip222.ip-51-195-34.eu

d0.eu-3-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 51.195.34.220 (France)

ASN16276 (OVH OVH SAS, FR)
PTR: ip220.ip-51-195-34.eu

d1.eu-3-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
d1.eu-4-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 135.125.146.86 (Germany)

ASN16276 (OVH OVH SAS, FR)
PTR: ip86.ip-135-125-146.eu

d2.eu-3-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
d3.eu-3-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 51.195.115.36 (France)

ASN16276 (OVH OVH SAS, FR)
PTR: ip36.ip-51-195-115.eu

d4.eu-3-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
d3.eu-4-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 135.125.146.80 (Germany)

ASN16276 (OVH OVH SAS, FR)
PTR: ip80.ip-135-125-146.eu

d5.eu-3-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 51.195.73.74 (France)

ASN16276 (OVH OVH SAS, FR)
PTR: ip74.ip-51-195-73.eu

d6.eu-3-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 51.195.126.30 (Germany)

ASN16276 (OVH OVH SAS, FR)
PTR: ip30.ip-51-195-126.eu

d7.eu-3-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 51.195.127.115 (Germany)

ASN16276 (OVH OVH SAS, FR)
PTR: ip115.ip-51-195-127.eu

d0.eu-4-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
d2.eu-4-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 51.195.73.71 (France)

ASN16276 (OVH OVH SAS, FR)
PTR: ip71.ip-51-195-73.eu

d4.eu-4-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 51.195.73.113 (France)

ASN16276 (OVH OVH SAS, FR)
PTR: ip113.ip-51-195-73.eu

d5.eu-4-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
d7.eu-4-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 51.195.127.100 (Germany)

ASN16276 (OVH OVH SAS, FR)
PTR: ip100.ip-51-195-127.eu

d6.eu-4-id5-sync.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 44.207.129.19 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-44-207-129-19.compute-1.amazonaws.com

sync.ipredictive.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 150.171.27.10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

c.bing.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 34.142.217.223 (Singapore, Singapore) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 223.217.142.34.bc.googleusercontent.com

um.simpli.fi 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 13.214.211.90 (Singapore, Singapore) 4 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-13-214-211-90.ap-southeast-1.compute.amazonaws.com

triplelift-match.dotomi.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
pubmatic-match.dotomi.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 35.77.190.60 (Tokyo, Japan) 5 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-35-77-190-60.ap-northeast-1.compute.amazonaws.com

match.prod.bidr.io 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 35.213.50.78 (Tokyo, Japan) 2 redirects

ASN19527 (GOOGLE-2 - Google LLC, US)
PTR: 78.50.213.35.bc.googleusercontent.com

a.sportradarserving.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 182.161.73.175 (Singapore) 3 redirects

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

dis.criteo.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 54.165.213.217 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-165-213-217.compute-1.amazonaws.com

rp.liadm.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 207.65.33.86 (Singapore)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

ut.pubmatic.com 3yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

7 182.161.73.164 (Singapore)

ASN55569 (CRITEO-AS-AP Criteo APAC, JP)

ssp-sync.criteo.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 13.238.69.64 (Sydney, Australia) 5 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-13-238-69-64.ap-southeast-2.compute.amazonaws.com

ad.turn.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.112.152.219 (Tokyo, Japan) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-3-112-152-219.ap-northeast-1.compute.amazonaws.com

ds.uncn.jp 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 8.2.109.252 (United States) 1 redirects

ASN46636 (NATCOWEB - NatCoWeb Corp., US)

cs.admanmedia.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 82.145.213.8 (Amsterdam, Netherlands) 4 redirects

ASN39832 (NO-OPERA Opera Norway AS, NO)
PTR: n-sysadmin-jumpbox-03.feednews.opera.technology

t.adx.opera.com 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
t.oa.opera.com 5mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 104.18.27.193 (Ascension Island) 3 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

dsum-sec.casalemedia.com 12yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
ssum-sec.casalemedia.com 12yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 54.255.134.76 (Singapore, Singapore)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-255-134-76.ap-southeast-1.compute.amazonaws.com

match.sharethrough.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 67.199.150.81 (Singapore, Singapore) 1 redirects

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

image6.pubmatic.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 108.158.32.12 (United States) 4 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-108-158-32-12.syd3.r.cloudfront.net

cr-p3.ladsp.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
cr-p10.ladsp.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 220.150.223.50 (Japan)

ASN4686 (BEKKOAME BEKKOAME INTERNET INC., JP)
PTR: 50.223.150.220.in-addr.arpa

sync-dsp.ad-m.asia 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

4 23.46.10.245 (Sydney, Australia)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-46-10-245.deploy.static.akamaitechnologies.com

servedby.flashtalking.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 35.212.100.6 (Washington, United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 6.100.212.35.bc.googleusercontent.com

mweb.ck.inmobi.com 5yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 35.227.244.76 (United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 76.244.227.35.bc.googleusercontent.com

cs.media.net 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 104.16.55.62 (Ascension Island) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

s.seedtag.com 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

6 185.84.60.23 (Denmark) 5 redirects

ASN198622 (ADFORM Adform A/S, DK)

c1.adform.net 12yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
dmp.adform.net 12yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

20 67.199.150.86 (Singapore, Singapore)

ASN62713 (AS-PUBMATIC - PubMatic, Inc., US)

simage2.pubmatic.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 35.213.45.194 (Tokyo, Japan) 2 redirects

ASN19527 (GOOGLE-2 - Google LLC, US)
PTR: 194.45.213.35.bc.googleusercontent.com

pool.liftdsp.com 9mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 151.101.194.49 (United States) 1 redirects

ASN54113 (FASTLY - Fastly, Inc., US)

sync-tm.everesttech.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 103.229.10.180 (Singapore) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

cms.quantserve.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 35.186.193.173 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 173.193.186.35.bc.googleusercontent.com

ipac.ctnsnet.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 50.31.142.191 (Deerfield, United States) 2 redirects

ASN23352 (SERVERCENTRAL - DEFT.COM, US)
PTR: chi.outbrain.com

b1sync.outbrain.com 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.233.225.103 (Ashburn, United States) 1 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 172-233-225-103.ip.linodeusercontent.com

cm-mx.advolve.io 1yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 172.64.150.63 (Ascension Island) 2 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

a.tribalfusion.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
s.tribalfusion.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 172.104.35.51 (Singapore, Singapore) 1 redirects

ASN63949 (AKAMAI-LINODE-AP Akamai Connected Cloud, SG)
PTR: 172-104-35-51.ip.linodeusercontent.com

gocm.c.appier.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 174.137.133.49 (Garden City, United States) 1 redirects

ASN27257 (WEBAIR-INTERNET - Webair Internet Development Company Inc., US)

dsp.adkernel.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 18.139.40.15 (Singapore, Singapore) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-139-40-15.ap-southeast-1.compute.amazonaws.com

cm.adgrx.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 35.244.154.8 (Kansas City, United States) 3 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
id.rlcdn.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 107.178.254.65 (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com 12yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

10 95.173.218.112 (Singapore, Singapore) 9 redirects

ASN60068 (CDN77 Datacamp Limited, GB)
PTR: unn-95-173-218-112.datapacket.com

uipglob.semasio.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
sg.semasio.net 2yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools
sa.semasio.net 1yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 37.157.2.235 (Denmark) 1 redirects

ASN198622 (ADFORM Adform A/S, DK)

track.adform.net 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

5 52.42.137.213 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-42-137-213.us-west-2.compute.amazonaws.com

pb-ing-02.ccgateway.net 10mo old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 23.46.10.246 (Sydney, Australia)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-46-10-246.deploy.static.akamaitechnologies.com

ajs-assets.ftstatic.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 23.221.132.28 (Sydney, Australia)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a23-221-132-28.deploy.static.akamaitechnologies.com

hbx.media.net 8yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 67.220.228.200 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

aax-eu.amazon-adsystem.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 3.175.115.78 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-3-175-115-78.syd3.r.cloudfront.net

secure-gl.imrworldwide.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 108.158.20.89 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-108-158-20-89.syd62.r.cloudfront.net

agen-assets.ftstatic.com 4yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 95.173.218.113 (Singapore, Singapore) 1 redirects

ASN60068 (CDN77 Datacamp Limited, GB)
PTR: unn-95-173-218-113.datapacket.com

uipglob.semasio.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 52.77.161.21 (Singapore, Singapore) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-77-161-21.ap-southeast-1.compute.amazonaws.com

eb2.3lift.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 52.220.128.223 (Singapore, Singapore)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-220-128-223.ap-southeast-1.compute.amazonaws.com

crb.kargo.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 15.135.13.43 (Sydney, Australia)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-15-135-13-43.ap-southeast-2.compute.amazonaws.com

d9.flashtalking.com 11yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 18.67.93.87 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-18-67-93-87.syd62.r.cloudfront.net

js.ad-score.com 11yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 34.96.105.8 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

3 130.211.115.4 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US)
PTR: 4.115.211.130.bc.googleusercontent.com

data.ad-score.com 11yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 151.101.66.49 (United States) 1 redirects

ASN54113 (FASTLY - Fastly, Inc., US)

sync-tm.everesttech.net 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 50.116.239.137 (United States) 1 redirects

ASN6336 (TURN-US-ASN - Turn Inc., US)

d.turn.com 13yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 54.179.144.225 (Singapore, Singapore) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-179-144-225.ap-southeast-1.compute.amazonaws.com

eyeota-match.dotomi.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 18.138.18.111 (Singapore, Singapore) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-138-18-111.ap-southeast-1.compute.amazonaws.com

cm.ambientdsp.com 7yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 195.5.165.20 (Slovenia)

ASN44968 (IPROM-AS IPROM d.o.o, SI)

core.iprom.net 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 169.197.150.8 (United States)

ASN398989 (DEEPINTENT - DeepIntent, Inc., US)
PTR: g.deepintent.com

match.deepintent.com 9yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

6 52.220.98.53 (Singapore, Singapore) 6 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-220-98-53.ap-southeast-1.compute.amazonaws.com

sync.1rx.io 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

2 18.142.84.60 (Singapore, Singapore) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-142-84-60.ap-southeast-1.compute.amazonaws.com

sync.targeting.unrulymedia.com 6yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

1 151.101.193.44 (United States)

ASN54113 (FASTLY - Fastly, Inc., US)

trc.taboola.com 10yr old	Domain lookup VirusTotal SecurityTrails crt.sh Domaintools

	Apex Domain Subdomains	Transfer
56	pubmatic.com 6 redirects hbopenbid.pubmatic.com — Cisco Umbrella Rank: 748 8yr old image8.pubmatic.com — Cisco Umbrella Rank: 823 8yr old image2.pubmatic.com — Cisco Umbrella Rank: 972 10yr old image4.pubmatic.com — Cisco Umbrella Rank: 1465 9yr old ads.pubmatic.com — Cisco Umbrella Rank: 623 10yr old ut.pubmatic.com — Cisco Umbrella Rank: 1108 3yr old image6.pubmatic.com — Cisco Umbrella Rank: 913 10yr old simage2.pubmatic.com — Cisco Umbrella Rank: 973 10yr old simage4.pubmatic.com — Cisco Umbrella Rank: 1324 9yr old	50 KB
46	doubleclick.net 19 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 284 10yr old ad.doubleclick.net — Cisco Umbrella Rank: 200 10yr old cm.g.doubleclick.net — Cisco Umbrella Rank: 282 10yr old googleads.g.doubleclick.net — Cisco Umbrella Rank: 68 9yr old	278 KB
32	rubiconproject.com 14 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 679 10yr old eus.rubiconproject.com — Cisco Umbrella Rank: 708 8yr old secure-assets.rubiconproject.com — Cisco Umbrella Rank: 1132 10yr old token.rubiconproject.com — Cisco Umbrella Rank: 631 10yr old pixel.rubiconproject.com — Cisco Umbrella Rank: 466 10yr old	43 KB
28	googlesyndication.com 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com 3mo old pagead2.googlesyndication.com — Cisco Umbrella Rank: 149 10yr old tpc.googlesyndication.com — Cisco Umbrella Rank: 211 13yr old	344 KB
28	intergient.com 1 redirects cdn.intergient.com — Cisco Umbrella Rank: 8208 7yr old pbs.intergient.com — Cisco Umbrella Rank: 12875 4mo old cd836371f1d.cdn.intergient.com — Cisco Umbrella Rank: 9978 2yr old prebid.intergient.com — Cisco Umbrella Rank: 21036 2yr old	454 KB
19	criteo.com 3 redirects gum.criteo.com — Cisco Umbrella Rank: 465 10yr old grid-bidder.criteo.com — Cisco Umbrella Rank: 1015 2yr old dis.criteo.com — Cisco Umbrella Rank: 735 13yr old ssp-sync.criteo.com — Cisco Umbrella Rank: 878 4yr old	19 KB
18	3lift.com 3 redirects tlx.3lift.com — Cisco Umbrella Rank: 883 10yr old eb2.3lift.com — Cisco Umbrella Rank: 490 10yr old	20 KB
18	adsrvr.org 17 redirects direct.adsrvr.org — Cisco Umbrella Rank: 1234 8yr old match.adsrvr.org — Cisco Umbrella Rank: 388 10yr old	13 KB
15	id5-sync.com 7 redirects id5-sync.com — Cisco Umbrella Rank: 515 9yr old cdn.id5-sync.com — Cisco Umbrella Rank: 741 7yr old api.id5-sync.com — Cisco Umbrella Rank: 1323 5yr old	51 KB
14	ccgateway.net carbon-cdn.ccgateway.net — Cisco Umbrella Rank: 6387 8yr old privacy-location-edge.ccgateway.net — Cisco Umbrella Rank: 7273 5yr old pogo.ccgateway.net — Cisco Umbrella Rank: 11622 5yr old script-api.ccgateway.net — Cisco Umbrella Rank: 6951 5yr old pb-ing-02.ccgateway.net — Cisco Umbrella Rank: 6565 10mo old	20 KB
14	google.com fundingchoicesmessages.google.com — Cisco Umbrella Rank: 640 7yr old www.google.com Failed 13yr old	78 KB
13	sonobi.com sync.go.sonobi.com — Cisco Umbrella Rank: 1216 10yr old	12 KB
13	adnxs.com 9 redirects ib.adnxs.com — Cisco Umbrella Rank: 297 10yr old acdn.adnxs.com — Cisco Umbrella Rank: 778 11yr old secure.adnxs.com — Cisco Umbrella Rank: 626 10yr old	29 KB
13	eyeota.net 1 redirects ps.eyeota.net — Cisco Umbrella Rank: 1072 13yr old	9 KB
12	amazon-adsystem.com 2 redirects c.amazon-adsystem.com — Cisco Umbrella Rank: 447 12yr old aax.amazon-adsystem.com — Cisco Umbrella Rank: 687 12yr old config.aps.amazon-adsystem.com — Cisco Umbrella Rank: 855 3yr old s.amazon-adsystem.com — Cisco Umbrella Rank: 451 13yr old aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1095 13yr old	102 KB
11	semasio.net 10 redirects uipglob.semasio.net — Cisco Umbrella Rank: 1424 9yr old sg.semasio.net — Cisco Umbrella Rank: 3151 2yr old sa.semasio.net — Cisco Umbrella Rank: 36803 1yr old	5 KB
11	flashtalking.com cdn.flashtalking.com — Cisco Umbrella Rank: 1342 13yr old servedby.flashtalking.com — Cisco Umbrella Rank: 978 10yr old d9.flashtalking.com — Cisco Umbrella Rank: 1563 11yr old	121 KB
11	openx.net 2 redirects rtb.openx.net — Cisco Umbrella Rank: 730 9yr old playwire-d.openx.net — Cisco Umbrella Rank: 20118 8yr old us-u.openx.net — Cisco Umbrella Rank: 615 10yr old jp-u.openx.net — Cisco Umbrella Rank: 14009 10yr old u.openx.net — Cisco Umbrella Rank: 851 10yr old	9 KB
11	ad-delivery.net ad-delivery.net — Cisco Umbrella Rank: 1215 9yr old	2 KB
10	tapad.com 6 redirects pixel.tapad.com — Cisco Umbrella Rank: 600 10yr old	3 KB
10	crwdcntrl.net 2 redirects tags.crwdcntrl.net — Cisco Umbrella Rank: 964 13yr old id.crwdcntrl.net — Cisco Umbrella Rank: 2587 6yr old bcp.crwdcntrl.net — Cisco Umbrella Rank: 1086 10yr old sync.crwdcntrl.net — Cisco Umbrella Rank: 976 8yr old	30 KB
9	yahoo.com 8 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 507 7yr old connectid.analytics.yahoo.com — Cisco Umbrella Rank: 1775 4yr old pbs.yahoo.com Failed 3yr old	12 KB
9	stackadapt.com 7 redirects sync.srv.stackadapt.com — Cisco Umbrella Rank: 689 10yr old	3 KB
8	eu-4-id5-sync.com d0.eu-4-id5-sync.com — Cisco Umbrella Rank: 25367 2yr old d1.eu-4-id5-sync.com — Cisco Umbrella Rank: 25342 2yr old d2.eu-4-id5-sync.com — Cisco Umbrella Rank: 25346 2yr old d3.eu-4-id5-sync.com — Cisco Umbrella Rank: 25341 2yr old d4.eu-4-id5-sync.com — Cisco Umbrella Rank: 25354 2yr old d5.eu-4-id5-sync.com — Cisco Umbrella Rank: 25333 2yr old d6.eu-4-id5-sync.com — Cisco Umbrella Rank: 25357 2yr old d7.eu-4-id5-sync.com — Cisco Umbrella Rank: 25350 2yr old	1 KB
8	eu-3-id5-sync.com d0.eu-3-id5-sync.com — Cisco Umbrella Rank: 25649 2yr old d1.eu-3-id5-sync.com — Cisco Umbrella Rank: 25574 2yr old d2.eu-3-id5-sync.com — Cisco Umbrella Rank: 25571 2yr old d3.eu-3-id5-sync.com — Cisco Umbrella Rank: 25520 2yr old d4.eu-3-id5-sync.com — Cisco Umbrella Rank: 25524 2yr old d5.eu-3-id5-sync.com — Cisco Umbrella Rank: 25486 2yr old d6.eu-3-id5-sync.com — Cisco Umbrella Rank: 25481 2yr old d7.eu-3-id5-sync.com — Cisco Umbrella Rank: 25407 2yr old	1 KB
8	bidswitch.net 8 redirects x.bidswitch.net — Cisco Umbrella Rank: 446 13yr old	2 KB
8	paint.toys 1 redirects paint.toys 6yr old	130 KB
7	adform.net 6 redirects c1.adform.net — Cisco Umbrella Rank: 779 12yr old track.adform.net — Cisco Umbrella Rank: 3960 13yr old dmp.adform.net — Cisco Umbrella Rank: 6829 12yr old	4 KB
6	1rx.io 6 redirects sync.1rx.io — Cisco Umbrella Rank: 594 10yr old	3 KB
6	dotomi.com 6 redirects triplelift-match.dotomi.com — Cisco Umbrella Rank: 5192 6yr old pubmatic-match.dotomi.com — Cisco Umbrella Rank: 3639 9yr old eyeota-match.dotomi.com — Cisco Umbrella Rank: 17676 6yr old	2 KB
6	turn.com d.turn.com Failed — Cisco Umbrella Rank: 1518 13yr old ad.turn.com — Cisco Umbrella Rank: 932 10yr old	3 KB
6	creativecdn.com 5 redirects invstatic101.creativecdn.com — Cisco Umbrella Rank: 1678 4yr old creativecdn.com — Cisco Umbrella Rank: 565 13yr old	5 KB
6	casalemedia.com 3 redirects htlb.casalemedia.com — Cisco Umbrella Rank: 771 7yr old dsum-sec.casalemedia.com — Cisco Umbrella Rank: 694 12yr old ssum-sec.casalemedia.com — Cisco Umbrella Rank: 712 12yr old	13 KB
6	liadm.com idx.liadm.com — Cisco Umbrella Rank: 1566 7yr old rp.liadm.com Failed — Cisco Umbrella Rank: 1283 9yr old i.liadm.com — Cisco Umbrella Rank: 697 9yr old	851 B
5	bidr.io 5 redirects match.prod.bidr.io — Cisco Umbrella Rank: 727 9yr old	2 KB
5	demdex.net 3 redirects dpm.demdex.net — Cisco Umbrella Rank: 317 9yr old	3 KB
5	btloader.com btloader.com — Cisco Umbrella Rank: 1143 6yr old api.btloader.com — Cisco Umbrella Rank: 1405 6yr old	52 KB
4	ad-score.com js.ad-score.com — Cisco Umbrella Rank: 2599 11yr old data.ad-score.com — Cisco Umbrella Rank: 2337 11yr old	341 KB
4	everesttech.net 2 redirects sync-tm.everesttech.net — Cisco Umbrella Rank: 866 9yr old	1 KB
4	ladsp.com 4 redirects cr-p3.ladsp.com — Cisco Umbrella Rank: 18498 4yr old cr-p10.ladsp.com — Cisco Umbrella Rank: 20266 8yr old	2 KB
4	opera.com 4 redirects t.adx.opera.com — Cisco Umbrella Rank: 852 5yr old t.oa.opera.com — Cisco Umbrella Rank: 1041 5mo old	3 KB
4	simpli.fi 3 redirects um.simpli.fi — Cisco Umbrella Rank: 1020 10yr old	2 KB
4	temu.com 3 redirects www.temu.com — Cisco Umbrella Rank: 688 5yr old	2 KB
4	eu-1-id5-sync.com lbs.eu-1-id5-sync.com — Cisco Umbrella Rank: 1120 4yr old lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 915 4yr old	1 KB
3	blismedia.com 2 redirects tr.blismedia.com — Cisco Umbrella Rank: 1379 10yr old	432 B
3	rlcdn.com 3 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 611 10yr old id.rlcdn.com — Cisco Umbrella Rank: 736 9yr old	1 KB
3	media.net 1 redirects cs.media.net — Cisco Umbrella Rank: 703 7yr old hbx.media.net — Cisco Umbrella Rank: 1068 8yr old	13 KB
3	ad-m.asia sync-dsp.ad-m.asia — Cisco Umbrella Rank: 8788 13yr old	729 B
3	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 353 9yr old	972 B
3	connatix.com 1 redirects capi.connatix.com — Cisco Umbrella Rank: 1097 7yr old	887 B
3	mgid.com 2 redirects cm.mgid.com — Cisco Umbrella Rank: 1668 10yr old	1 KB
3	sitescout.com 3 redirects pixel-sync.sitescout.com — Cisco Umbrella Rank: 802 8yr old	1 KB
3	rfihub.com 3 redirects p.rfihub.com — Cisco Umbrella Rank: 958 10yr old	2 KB
3	gumgum.com g2.gumgum.com — Cisco Umbrella Rank: 1841 9yr old usersync.gumgum.com — Cisco Umbrella Rank: 1758 4yr old	4 KB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 75 13yr old
2	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1431 6yr old	849 B
2	deepintent.com match.deepintent.com — Cisco Umbrella Rank: 1008 9yr old	83 B
2	iprom.net core.iprom.net — Cisco Umbrella Rank: 6434 10yr old	579 B
2	ambientdsp.com 2 redirects cm.ambientdsp.com — Cisco Umbrella Rank: 22224 7yr old	1 KB
2	ftstatic.com ajs-assets.ftstatic.com — Cisco Umbrella Rank: 1664 4yr old agen-assets.ftstatic.com — Cisco Umbrella Rank: 1558 4yr old	33 KB
2	adgrx.com 2 redirects cm.adgrx.com — Cisco Umbrella Rank: 1846 13yr old	2 KB
2	tribalfusion.com 2 redirects a.tribalfusion.com — Cisco Umbrella Rank: 1360 10yr old s.tribalfusion.com — Cisco Umbrella Rank: 3506 10yr old	1008 B
2	outbrain.com 2 redirects b1sync.outbrain.com — Cisco Umbrella Rank: 806 2yr old	1 KB
2	quantserve.com 2 redirects cms.quantserve.com — Cisco Umbrella Rank: 900 9yr old	705 B
2	liftdsp.com 2 redirects pool.liftdsp.com — Cisco Umbrella Rank: 3876 9mo old	783 B
2	sportradarserving.com 2 redirects a.sportradarserving.com — Cisco Umbrella Rank: 2835 7yr old	987 B
2	imrworldwide.com secure-gl.imrworldwide.com — Cisco Umbrella Rank: 2682 10yr old	1 KB
2	pro-market.net 1 redirects fei.pro-market.net — Cisco Umbrella Rank: 2277 9yr old	1 KB
2	contextweb.com 2 redirects bh.contextweb.com — Cisco Umbrella Rank: 835 13yr old	2 KB
2	mathtag.com 2 redirects sync.mathtag.com — Cisco Umbrella Rank: 1308 10yr old	2 KB
2	cootlogix.com exchange.cootlogix.com — Cisco Umbrella Rank: 5841 4yr old sync.cootlogix.com — Cisco Umbrella Rank: 1714 4yr old	697 B
2	sharethrough.com btlr.sharethrough.com — Cisco Umbrella Rank: 1715 10yr old match.sharethrough.com — Cisco Umbrella Rank: 719 9yr old	345 B
2	33across.com lexicon.33across.com — Cisco Umbrella Rank: 1681 5yr old	3 KB
2	agkn.com fid.agkn.com — Cisco Umbrella Rank: 2894 5yr old	727 B
2	dns-finder.com ab.dns-finder.com — Cisco Umbrella Rank: 1519 8mo old	233 B
2	playwire.com impression-inferences-edge-prod.playwire.com — Cisco Umbrella Rank: 11553 3yr old config.playwire.com — Cisco Umbrella Rank: 11357 9yr old	58 KB
2	faucetfoot.com faucetfoot.com — Cisco Umbrella Rank: 610664 3yr old	35 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 57 9yr old imasdk.googleapis.com — Cisco Umbrella Rank: 590 10yr old	147 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 50 13yr old	293 KB
2	integrityss.com.au 1 redirects qerty2.integrityss.com.au 4mo old	2 KB
1	taboola.com trc.taboola.com — Cisco Umbrella Rank: 738 10yr old	412 B
1	kargo.com crb.kargo.com — Cisco Umbrella Rank: 1574 9yr old	369 B
1	pippio.com pippio.com — Cisco Umbrella Rank: 1077 12yr old	571 B
1	appier.net 1 redirects gocm.c.appier.net — Cisco Umbrella Rank: 3351 9yr old	590 B
1	advolve.io 1 redirects cm-mx.advolve.io — Cisco Umbrella Rank: 1765 1yr old	464 B
1	ctnsnet.com ipac.ctnsnet.com — Cisco Umbrella Rank: 4886 9yr old	374 B
1	adkernel.com sync.adkernel.com Failed — Cisco Umbrella Rank: 1448 9yr old dsp.adkernel.com — Cisco Umbrella Rank: 2673 9yr old	364 B
1	seedtag.com 1 redirects s.seedtag.com — Cisco Umbrella Rank: 1100 8yr old	671 B
1	inmobi.com 1 redirects mweb.ck.inmobi.com — Cisco Umbrella Rank: 4035 5yr old sync.inmobi.com Failed 5yr old	461 B
1	admanmedia.com 1 redirects cs.admanmedia.com — Cisco Umbrella Rank: 892 9yr old	438 B
1	uncn.jp 1 redirects ds.uncn.jp — Cisco Umbrella Rank: 6990 9yr old	471 B
1	bing.com c.bing.com — Cisco Umbrella Rank: 203 13yr old	690 B
1	ipredictive.com 1 redirects sync.ipredictive.com — Cisco Umbrella Rank: 987 9yr old	494 B
1	indexww.com js-sec.indexww.com — Cisco Umbrella Rank: 872 11yr old	2 KB
1	krushmedia.com cs.krushmedia.com — Cisco Umbrella Rank: 2029 6yr old	41 B
1	rtbhouse.com esp.rtbhouse.com — Cisco Umbrella Rank: 1778 4yr old	530 B
1	criteo.net static.criteo.net — Cisco Umbrella Rank: 790 13yr old	15 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 1759 7yr old	8 KB
1	hadronid.net cdn.hadronid.net — Cisco Umbrella Rank: 1995 4yr old	186 B
1	fastclick.net secure.cdn.fastclick.net — Cisco Umbrella Rank: 1529 13yr old	22 KB
1	yellowblue.io hb.yellowblue.io — Cisco Umbrella Rank: 2623 6yr old	180 B
1	adsafeprotected.com static.adsafeprotected.com — Cisco Umbrella Rank: 870 10yr old	483 B
1	githubusercontent.com raw.githubusercontent.com — Cisco Umbrella Rank: 3108 10yr old	586 B
1	gstatic.com fonts.gstatic.com — Cisco Umbrella Rank: 37 10yr old	36 KB
0	loopme.me Failed csync.loopme.me Failed 9yr old
0	cinarra.com Failed dps.jp.cinarra.com Failed 9yr old
0	nex8.net Failed cs.nex8.net Failed 9yr old
0	intentiq.com Failed sync.intentiq.com Failed 10yr old
0	gammaplatform.com Failed cm-supply-web.gammaplatform.com Failed 7yr old
0	lkqd.net Failed cs.lkqd.net Failed 9yr old
443	110

	Domain	Requested by
32	cm.g.doubleclick.net	19 redirects eb2.3lift.com cdn.intergient.com playwire-d.openx.net 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com paint.toys
21	pagead2.googlesyndication.com	securepubads.g.doubleclick.net 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
20	simage2.pubmatic.com	ads.pubmatic.com paint.toys
17	eb2.3lift.com	3 redirects cdn.intergient.com eb2.3lift.com
17	match.adsrvr.org	17 redirects
15	cdn.intergient.com	1 redirects paint.toys cdn.intergient.com qerty2.integrityss.com.au
14	fundingchoicesmessages.google.com	securepubads.g.doubleclick.net
13	image2.pubmatic.com	1 redirects ads.pubmatic.com paint.toys
13	sync.go.sonobi.com	cdn.intergient.com sync.go.sonobi.com
13	ps.eyeota.net	1 redirects paint.toys ps.eyeota.net
13	id5-sync.com	7 redirects cdn.intergient.com cdn.id5-sync.com
11	pixel.rubiconproject.com	7 redirects playwire-d.openx.net paint.toys
11	ib.adnxs.com	8 redirects cdn.intergient.com acdn.adnxs.com paint.toys
11	ad-delivery.net	btloader.com
10	token.rubiconproject.com	5 redirects 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com eus.rubiconproject.com paint.toys
10	pixel.tapad.com	6 redirects paint.toys
9	sync.srv.stackadapt.com	7 redirects eb2.3lift.com
9	pbs.intergient.com	cdn.intergient.com sync.go.sonobi.com eb2.3lift.com paint.toys u.openx.net ads.pubmatic.com
8	eus.rubiconproject.com	cdn.intergient.com eus.rubiconproject.com 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
8	x.bidswitch.net	8 redirects
8	ups.analytics.yahoo.com	8 redirects
8	gum.criteo.com	cdn.intergient.com static.criteo.net gum.criteo.com
8	paint.toys	1 redirects qerty2.integrityss.com.au paint.toys
7	ssp-sync.criteo.com	paint.toys
7	ad.doubleclick.net	btloader.com
6	sync.1rx.io	6 redirects
6	uipglob.semasio.net	5 redirects paint.toys
6	script-api.ccgateway.net	carbon-cdn.ccgateway.net
5	simage4.pubmatic.com	ads.pubmatic.com paint.toys
5	pb-ing-02.ccgateway.net	script-api.ccgateway.net paint.toys
5	c1.adform.net	4 redirects ads.pubmatic.com
5	image6.pubmatic.com	1 redirects ads.pubmatic.com
5	ad.turn.com	5 redirects
5	match.prod.bidr.io	5 redirects
5	tpc.googlesyndication.com	3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com
5	dpm.demdex.net	3 redirects sync.go.sonobi.com paint.toys
5	creativecdn.com	5 redirects
5	sync.crwdcntrl.net	2 redirects paint.toys ads.pubmatic.com
5	securepubads.g.doubleclick.net	cdn.intergient.com securepubads.g.doubleclick.net paint.toys qerty2.integrityss.com.au
4	sg.semasio.net	4 redirects
4	sync-tm.everesttech.net	2 redirects ads.pubmatic.com paint.toys
4	servedby.flashtalking.com	cdn.flashtalking.com paint.toys
4	us-u.openx.net	playwire-d.openx.net u.openx.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	ut.pubmatic.com	ads.pubmatic.com
4	um.simpli.fi	3 redirects ads.pubmatic.com
4	cdn.flashtalking.com	3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com paint.toys
4	s.amazon-adsystem.com	1 redirects sync.go.sonobi.com paint.toys
4	www.temu.com	3 redirects ads.pubmatic.com
3	data.ad-score.com	js.ad-score.com
3	tr.blismedia.com	2 redirects u.openx.net
3	d9.flashtalking.com	ajs-assets.ftstatic.com d9.flashtalking.com paint.toys
3	sync-dsp.ad-m.asia	playwire-d.openx.net ads.pubmatic.com
3	dis.criteo.com	3 redirects
3	ads.pubmatic.com	cdn.intergient.com paint.toys
3	px.ads.linkedin.com	1 redirects eb2.3lift.com paint.toys
3	capi.connatix.com	1 redirects sync.go.sonobi.com paint.toys
3	cm.mgid.com	2 redirects sync.go.sonobi.com
3	pixel-sync.sitescout.com	3 redirects
3	image8.pubmatic.com	3 redirects
3	p.rfihub.com	3 redirects
3	lb.eu-1-id5-sync.com	cdn.id5-sync.com cdn.intergient.com
3	cd836371f1d.cdn.intergient.com	cdn.intergient.com
3	api.btloader.com	btloader.com
3	rtb.openx.net	1 redirects cdn.intergient.com u.openx.net
3	www.google-analytics.com	www.googletagmanager.com
3	c.amazon-adsystem.com	cdn.intergient.com c.amazon-adsystem.com
2	sync.targeting.unrulymedia.com	2 redirects
2	match.deepintent.com	ads.pubmatic.com
2	core.iprom.net	ads.pubmatic.com
2	cm.ambientdsp.com	2 redirects
2	eyeota-match.dotomi.com	2 redirects
2	aax-eu.amazon-adsystem.com	1 redirects paint.toys
2	idsync.rlcdn.com	2 redirects
2	cm.adgrx.com	2 redirects
2	cr-p10.ladsp.com	2 redirects
2	b1sync.outbrain.com	2 redirects
2	pubmatic-match.dotomi.com	2 redirects
2	cms.quantserve.com	2 redirects
2	pool.liftdsp.com	2 redirects
2	cs.media.net	1 redirects hbx.media.net
2	cr-p3.ladsp.com	2 redirects
2	t.oa.opera.com	2 redirects
2	t.adx.opera.com	2 redirects
2	a.sportradarserving.com	2 redirects
2	triplelift-match.dotomi.com	2 redirects
2	googleads.g.doubleclick.net	3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com pagead2.googlesyndication.com
2	secure-gl.imrworldwide.com	paint.toys
2	secure-assets.rubiconproject.com	2 redirects
2	usersync.gumgum.com	cdn.intergient.com paint.toys
2	playwire-d.openx.net	1 redirects cdn.intergient.com
2	i.liadm.com	eb2.3lift.com
2	fei.pro-market.net	1 redirects sync.go.sonobi.com
2	bh.contextweb.com	2 redirects
2	sync.mathtag.com	2 redirects
2	image4.pubmatic.com	1 redirects ads.pubmatic.com
2	3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	rp.liadm.com	cdn.intergient.com paint.toys
2	aax.amazon-adsystem.com	c.amazon-adsystem.com
2	bcp.crwdcntrl.net	tags.crwdcntrl.net
2	idx.liadm.com	cdn.intergient.com
2	lexicon.33across.com	cdn.intergient.com
2	fid.agkn.com	cdn.intergient.com
2	ab.dns-finder.com	btloader.com
2	tags.crwdcntrl.net	cdn.intergient.com qerty2.integrityss.com.au
2	btloader.com	cdn.intergient.com btloader.com
2	faucetfoot.com	cdn.intergient.com faucetfoot.com
2	www.googletagmanager.com	paint.toys www.googletagmanager.com
2	qerty2.integrityss.com.au	1 redirects
1	trc.taboola.com	paint.toys
1	dmp.adform.net	1 redirects
1	u.openx.net	cdn.intergient.com
1	js.ad-score.com	ajs-assets.ftstatic.com
1	crb.kargo.com	paint.toys
1	agen-assets.ftstatic.com	ajs-assets.ftstatic.com
1	prebid.intergient.com	paint.toys
1	id.rlcdn.com	1 redirects
1	hbx.media.net	cdn.intergient.com
1	ajs-assets.ftstatic.com	servedby.flashtalking.com
1	track.adform.net	1 redirects
1	sa.semasio.net	1 redirects
1	pippio.com	paint.toys
1	dsp.adkernel.com	1 redirects
1	gocm.c.appier.net	1 redirects
1	s.tribalfusion.com	1 redirects
1	a.tribalfusion.com	1 redirects
1	cm-mx.advolve.io	1 redirects
1	ipac.ctnsnet.com	ads.pubmatic.com
1	s.seedtag.com	1 redirects
1	ssum-sec.casalemedia.com	1 redirects
1	mweb.ck.inmobi.com	1 redirects
1	jp-u.openx.net	playwire-d.openx.net
1	match.sharethrough.com	paint.toys
1	cs.admanmedia.com	1 redirects
1	ds.uncn.jp	1 redirects
1	secure.adnxs.com	1 redirects
1	c.bing.com	eb2.3lift.com
1	sync.ipredictive.com	1 redirects
1	d7.eu-4-id5-sync.com	cdn.id5-sync.com
1	d6.eu-4-id5-sync.com	cdn.id5-sync.com
1	d5.eu-4-id5-sync.com	cdn.id5-sync.com
1	d4.eu-4-id5-sync.com	cdn.id5-sync.com
1	d3.eu-4-id5-sync.com	cdn.id5-sync.com
1	d2.eu-4-id5-sync.com	cdn.id5-sync.com
1	d1.eu-4-id5-sync.com	cdn.id5-sync.com
1	d0.eu-4-id5-sync.com	cdn.id5-sync.com
1	d7.eu-3-id5-sync.com	cdn.id5-sync.com
1	d6.eu-3-id5-sync.com	cdn.id5-sync.com
1	d5.eu-3-id5-sync.com	cdn.id5-sync.com
1	d4.eu-3-id5-sync.com	cdn.id5-sync.com
1	d3.eu-3-id5-sync.com	cdn.id5-sync.com
1	d2.eu-3-id5-sync.com	cdn.id5-sync.com
1	d1.eu-3-id5-sync.com	cdn.id5-sync.com
1	d0.eu-3-id5-sync.com	cdn.id5-sync.com
1	sync.cootlogix.com	cdn.intergient.com
1	acdn.adnxs.com	cdn.intergient.com
1	js-sec.indexww.com	cdn.intergient.com
1	d.turn.com	sync.go.sonobi.com
1	cs.krushmedia.com	sync.go.sonobi.com
1	esp.rtbhouse.com	invstatic101.creativecdn.com
1	pogo.ccgateway.net	carbon-cdn.ccgateway.net
1	privacy-location-edge.ccgateway.net	carbon-cdn.ccgateway.net
1	lbs.eu-1-id5-sync.com	cdn.id5-sync.com
1	static.criteo.net	securepubads.g.doubleclick.net
1	invstatic101.creativecdn.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	connectid.analytics.yahoo.com	securepubads.g.doubleclick.net
1	api.id5-sync.com	cdn.id5-sync.com
1	grid-bidder.criteo.com	cdn.intergient.com
1	hbopenbid.pubmatic.com	cdn.intergient.com
1	cdn.id5-sync.com	qerty2.integrityss.com.au
1	cdn.hadronid.net	qerty2.integrityss.com.au
1	secure.cdn.fastclick.net	qerty2.integrityss.com.au
1	g2.gumgum.com	cdn.intergient.com
1	tlx.3lift.com	cdn.intergient.com
1	direct.adsrvr.org	cdn.intergient.com
1	fastlane.rubiconproject.com	cdn.intergient.com
1	hb.yellowblue.io	cdn.intergient.com
1	exchange.cootlogix.com	cdn.intergient.com
1	htlb.casalemedia.com	cdn.intergient.com
1	btlr.sharethrough.com	cdn.intergient.com
1	config.aps.amazon-adsystem.com	c.amazon-adsystem.com
1	id.crwdcntrl.net	cdn.intergient.com
1	imasdk.googleapis.com	cdn.intergient.com
1	carbon-cdn.ccgateway.net	qerty2.integrityss.com.au
1	config.playwire.com	cdn.intergient.com
1	static.adsafeprotected.com	paint.toys
1	raw.githubusercontent.com	paint.toys
1	impression-inferences-edge-prod.playwire.com	cdn.intergient.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	paint.toys
0	sync.inmobi.com Failed	paint.toys
0	csync.loopme.me Failed	ads.pubmatic.com
0	dps.jp.cinarra.com Failed	u.openx.net
0	cs.nex8.net Failed	u.openx.net
0	sync.intentiq.com Failed	paint.toys
0	cm-supply-web.gammaplatform.com Failed	ads.pubmatic.com
0	sync.adkernel.com Failed	ads.pubmatic.com
0	cs.lkqd.net Failed	googleads.g.doubleclick.net
0	www.google.com Failed	3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
0	pbs.yahoo.com Failed	eb2.3lift.com paint.toys
443	201

This site contains links to these domains. Also see Links.

Domain
toybox.toms.toys
adssettings.google.com
googleads.g.doubleclick.net
www.flashtalking.com

Subject Issuer	Validity	Valid
agcoallis.com E8	`2025-10-27` - `2026-01-25`	3mo	crt.sh
paint.toys E8	`2026-01-28` - `2026-04-28`	3mo	crt.sh
834af943.sni.cloudflaressl.com WE1	`2026-02-18` - `2026-05-19`	3mo	crt.sh
*.google-analytics.com WR2	`2026-02-23` - `2026-05-18`	3mo	crt.sh
upload.video.google.com WR2	`2026-02-23` - `2026-05-18`	3mo	crt.sh
faucetfoot.com E8	`2026-03-03` - `2026-06-01`	3mo	crt.sh
*.g.doubleclick.net WR2	`2026-02-23` - `2026-05-18`	3mo	crt.sh
*.gstatic.com WR2	`2026-02-23` - `2026-05-18`	3mo	crt.sh
*.playwire.com Amazon RSA 2048 M01	`2025-11-11` - `2026-12-09`	1yr	crt.sh
btloader.com WE1	`2026-01-24` - `2026-04-24`	3mo	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M04	`2025-10-20` - `2026-11-18`	1yr	crt.sh
*.github.io R12	`2026-02-06` - `2026-05-07`	3mo	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M04	`2025-08-09` - `2026-09-07`	1yr	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M04	`2026-02-25` - `2026-09-10`	7mo	crt.sh
ad-delivery.net WE1	`2026-02-25` - `2026-05-27`	3mo	crt.sh
*.doubleclick.net WR2	`2026-02-23` - `2026-05-18`	3mo	crt.sh
ab.dns-finder.com WR3	`2026-02-06` - `2026-05-07`	3mo	crt.sh
*.google.com WR2	`2026-02-23` - `2026-05-18`	3mo	crt.sh
config.playwire.com WE1	`2026-02-19` - `2026-05-20`	3mo	crt.sh
ccgateway.net E7	`2026-03-03` - `2026-06-01`	3mo	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-01-20` - `2026-04-17`	3mo	crt.sh
id5-sync.com E8	`2026-03-01` - `2026-05-30`	3mo	crt.sh
*.agkn.com RapidSSL TLS RSA CA G1	`2025-09-18` - `2026-09-17`	1yr	crt.sh
*.33across.com Sectigo Public Server Authentication CA DV R36	`2025-09-12` - `2026-09-30`	1yr	crt.sh
*.liadm.com Amazon RSA 2048 M03	`2025-07-01` - `2026-07-29`	1yr	crt.sh
alt1-3ps.amazon-adsystem.com Amazon RSA 2048 M04	`2026-03-01` - `2026-09-14`	7mo	crt.sh
config.aps.amazon-adsystem.com Amazon RSA 2048 M04	`2025-11-23` - `2026-12-22`	1yr	crt.sh
pbs.intergient.com WE1	`2026-02-01` - `2026-05-02`	3mo	crt.sh
*.sharethrough.com DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2025-07-17` - `2026-08-17`	1yr	crt.sh
casalemedia.com E7	`2026-01-28` - `2026-04-28`	3mo	crt.sh
*.cootlogix.com Starfield Secure Certificate Authority - G2	`2025-09-14` - `2026-10-13`	1yr	crt.sh
*.yellowblue.io WR3	`2026-02-20` - `2026-05-21`	3mo	crt.sh
*.adnxs.com GeoTrust TLS ECC CA G1	`2025-09-25` - `2026-10-26`	1yr	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2025-03-04` - `2026-04-03`	1yr	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2025-03-19` - `2026-04-02`	1yr	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2025-08-12` - `2026-08-19`	1yr	crt.sh
*.3lift.com Amazon RSA 2048 M01	`2026-01-12` - `2027-02-09`	1yr	crt.sh
*.sp-adex-prd-eks-1.ggops.com Amazon RSA 2048 M01	`2026-02-25` - `2026-09-10`	7mo	crt.sh
secure.cdn.fastclick.net DigiCert Global G3 TLS ECC SHA384 2020 CA1	`2025-06-08` - `2026-06-09`	1yr	crt.sh
hadronid.net WE1	`2026-03-10` - `2026-06-08`	3mo	crt.sh
api.btloader.com WR3	`2026-03-07` - `2026-06-05`	3mo	crt.sh
*.pubmatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-02-18` - `2027-03-19`	1yr	crt.sh
*.cdn.intergient.com Go Daddy Secure Certificate Authority - G2	`2025-03-15` - `2026-04-16`	1yr	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2025-12-07` - `2026-12-07`	1yr	crt.sh
connectid.analytics.yahoo.com GlobalSign ECC OV SSL CA 2018	`2026-01-12` - `2026-07-09`	6mo	crt.sh
oa.openxcdn.net WR3	`2026-02-23` - `2026-05-24`	3mo	crt.sh
invstatic101.creativecdn.com WR3	`2026-01-31` - `2026-05-01`	3mo	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-03-09` - `2026-06-05`	3mo	crt.sh
eu-1-id5-sync.com R12	`2026-03-01` - `2026-05-30`	3mo	crt.sh
esp.rtbhouse.com WR3	`2026-03-14` - `2026-06-12`	3mo	crt.sh
*.krushmedia.com Go Daddy Secure Certificate Authority - G2	`2025-10-20` - `2026-11-21`	1yr	crt.sh
s.amazon-adsystem.com Amazon RSA 2048 M01	`2025-10-30` - `2026-08-04`	9mo	crt.sh
mgid.com WE1	`2026-02-17` - `2026-05-18`	3mo	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-10-14` - `2026-11-14`	1yr	crt.sh
www.linkedin.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-03-19` - `2026-09-19`	6mo	crt.sh
indexww.com WE1	`2026-03-17` - `2026-06-15`	3mo	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2025-04-28` - `2026-05-29`	1yr	crt.sh
*.flashtalking.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-03-09` - `2026-09-23`	7mo	crt.sh
tpc.googlesyndication.com WR2	`2026-03-02` - `2026-05-25`	3mo	crt.sh
eu-3-id5-sync.com E8	`2026-03-01` - `2026-05-30`	3mo	crt.sh
eu-4-id5-sync.com E7	`2026-03-01` - `2026-05-30`	3mo	crt.sh
*.srv.stackadapt.com Amazon RSA 2048 M04	`2025-07-09` - `2026-08-06`	1yr	crt.sh
www.bing.com Microsoft TLS G2 RSA CA OCSP 04	`2026-02-02` - `2026-08-01`	6mo	crt.sh
sync-dsp.ad-m.asia R13	`2026-01-27` - `2026-04-27`	3mo	crt.sh
servedby.flashtalking.com R13	`2026-03-18` - `2026-06-16`	3mo	crt.sh
track.adform.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-09-05` - `2026-10-06`	1yr	crt.sh
*.simpli.fi DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-10-23` - `2026-11-23`	1yr	crt.sh
*.temu.com Go Daddy Secure Certificate Authority - G2	`2025-07-13` - `2026-08-14`	1yr	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2026 Q1	`2026-02-17` - `2027-03-21`	1yr	crt.sh
*.ctnsnet.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-07-15` - `2026-08-15`	1yr	crt.sh
ajs-assets.ftstatic.com R13	`2026-02-03` - `2026-05-04`	3mo	crt.sh
*.media.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-08-24` - `2026-08-25`	1yr	crt.sh
*.ftstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2026-03-10` - `2026-09-24`	7mo	crt.sh
*.ad-score.com Go Daddy Secure Certificate Authority - G2	`2025-09-06` - `2026-10-08`	1yr	crt.sh
tr.blismedia.com WR3	`2026-02-21` - `2026-05-22`	3mo	crt.sh
eyeota.net GoGetSSL RSA DV CA	`2025-04-01` - `2026-05-02`	1yr	crt.sh
*.iprom.net R12	`2026-01-05` - `2026-04-05`	3mo	crt.sh
*.deepintent.com Go Daddy Secure Certificate Authority - G2	`2025-12-07` - `2026-12-07`	1yr	crt.sh
*.taboola.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2025-12-15` - `2027-01-05`	1yr	crt.sh

This page contains 79 frames:

Primary Page: https://paint.toys/oil/
Frame ID: A32D7F09CBBEC6A16B93993EEB572DA5
Requests: 192 HTTP requests in this frame

Frame: https://cdn.intergient.com/pageos/V.20260316.2/iframe/iframe.html
Frame ID: 3E20A8CF72FDD297C2A7F53C2E29E80B
Requests: 2 HTTP requests in this frame

Frame: https://cdn.intergient.com/pageos/V.20260316.2/iframe/iframe.html
Frame ID: 367868409415564CD84D37231714ED34
Requests: 2 HTTP requests in this frame

Frame: https://btloader.com/trustedIframe.html?o=5150306120761344&upapi=true
Frame ID: 51172761EB1441FB82A604AD1FFA7B9D
Requests: 1 HTTP requests in this frame

Frame: https://cdn.intergient.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Frame ID: 6AA09520052A58BD9394C67977336C3D
Requests: 1 HTTP requests in this frame

Frame: https://cdn.intergient.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js
Frame ID: F9A4C00BC8C86957F63EDEAFEB9D35B2
Requests: 2 HTTP requests in this frame

Frame: https://sync.go.sonobi.com/uc.html?gdpr=&gdpr_consent=&us_privacy=&loc=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dsonobi%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BUID%5D
Frame ID: EB1B1C4052343B8F4F15ECD7416BC14E
Requests: 22 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=paint.toys&gdpr=0&gdpr_consent=
Frame ID: 007F2F1A374ED7D2BC4924126FFBD980
Requests: 2 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Frame ID: 4345056C15096020DAC0A789E43B4146
Requests: 12 HTTP requests in this frame

Frame: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: 08EE719D451ECE3A8C8202E862324083
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Frame ID: 3DBE6C985BB9B7E2678906D951BCBCB5
Requests: 9 HTTP requests in this frame

Frame: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Frame ID: 60127A12928855552396D05C8D809606
Requests: 48 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=criteoPrebidAdapter&topUrl=paint.toys&gpp=
Frame ID: 286779F0947155B27FC300270EF56F3B
Requests: 2 HTTP requests in this frame

Frame: https://js-sec.indexww.com/um/ixmatch.html
Frame ID: 67C2DE4001FE14035326324C5B602685
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=YV81NzEwZjI4OC1iMmIyLTRiNzYtYjg5Yy01YmYyZWQ1NzI2OTE=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: C1BD0DBB0CC43EAEFE5308F49A3F95F2
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 50D12290D7C7322A87FDD6A1E83AF306
Requests: 2 HTTP requests in this frame

Frame: https://playwire-d.openx.net/w/1.0/pd?cc=1
Frame ID: 249C8C7C1944327F0AF469B7C6968586
Requests: 7 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=Md2opBbxWYHFLV6aDUpRBpQow7XJXJctOOfXFFLcy8o&pi=gumgum&tc=1
Frame ID: D7B043FD65FD111D706797AEBEDE68CE
Requests: 1 HTTP requests in this frame

Frame: https://eb2.3lift.com/sync
Frame ID: F9E9919F491EFE249C84A95C75DAEBD8
Requests: 11 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 8D2C26634E9A534172ED0FFAB2AFAEC6
Requests: 19 HTTP requests in this frame

Frame: https://sync.cootlogix.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=&coppa=0
Frame ID: 8E81CA2E00B78887DF9E855975DBD077
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 9B80E3CD5703BFBEA5DB3E96AE1D1129
Requests: 4 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326
Frame ID: E3C1C0665368FA34E0DD15F0B74C5F94
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIY6-uXzAIwAQ&v=APEucNVeDa29K9wO4LJYTNTXwwEmo4J_Dbylp2sa0lyYN3mcyv_2dHQRDghUWGs6bhCa-d0fhBLGHMJH8Uc3R9SpHgxBhj3q4A
Frame ID: B0661B55A77746C6A039DB7A3D8D21F7
Requests: 5 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=pbs-Playwire&gdpr=&gdpr_consent=&us_privacy=
Frame ID: AF35404B78C9053BE932C27E72305259
Requests: 4 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?&geo=as&co=au
Frame ID: 5AD1C762C25CF803EAAAF4BE7D967382
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: EF32B59C1F39B243127BEC453311AC05
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 6E0852F6B2B1E91570E023108FB7BDB1
Requests: 3 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gdpr=0&gdpr_consent=
Frame ID: D32809DDD0604131A90CEB95B742F25F
Requests: 1 HTTP requests in this frame

Frame: https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
Frame ID: 8EA97721EEE6F0A26CC618EE245143B9
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b32b69c1-e17c-4c00-823c-e54643bf3f3f&gdpr=0&gdpr_consent=
Frame ID: 3E77FA60B8960482B3A295DFE60A8B11
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNjQmdGw9NDMyMDA=&piggybackCookie=y-stekv19E2oAfU7pHSmhbYqfMyBPyjQqbqmdJeiI-~A&gdpr=0
Frame ID: 1F919F729188BCBBD761564382B3E30A
Requests: 1 HTTP requests in this frame

Frame: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-7MJSYTVE2uX5mV4qJFruptvGrNAOHYg-~A&gdpr=0&us_privacy=
Frame ID: 979E8F62C6AD386E7FEE4B6B1FE2C9D2
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNjQmdGw9NDMyMDA=&piggybackCookie=y-stekv19E2oAfU7pHSmhbYqfMyBPyjQqbqmdJeiI-~A&gdpr=0
Frame ID: D02B5B7457D07242879EDD938A0E221B
Requests: 1 HTTP requests in this frame

Frame: https://www.temu.com/api/adx/cm/pixel-pubmatic?id=DC6DF086-7BB9-400E-B7B9-740D658571B8&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: EE8035517D738B32FA7E6C46D368796D
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9200000678844645331&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: 9E1655D5ADB48312BEB2726EA7325F49
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
Frame ID: 5AF689BF781A523A04A65902E4594012
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=35EQdmtSVxh17Walk1vmlmds5_U&gdpr=0&gdpr_consent=
Frame ID: 7496B6D9FB252D48956E72415F4042D3
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNTQmdGw9NDMyMDA%3D&piggybackCookie=r5un3n8FevsvPj7mwWcAhmCbp4iS_GCRl-f4TJnKHUY&pi=pubmatic&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
Frame ID: 9BF875F0D1ECB32573447F79A06CB47C
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU6abf14ce3cd64bf5b11b8697c52556d1&gpdr=0&gdpr_consent=
Frame ID: 0EDBE95F49214156B73C299201B4B07E
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=0&gdpr_consent=&_test=acHhfQAFu8y20gAn
Frame ID: A2EE52C4FB04C844D9C72ADF4BA16993
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=uaPxzeqrpZiirfeZ7Pi_nu6uqp6i_qrO66NBygrs
Frame ID: A2748D57D04FA8808C3D29F0D14A967E
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3655796931204238726&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
Frame ID: C5123869A894D9DB0C8DC506C7E781DE
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AQANPdEyx4jdawI5SCveAQEBAQEBAQCcHFnQ8gEBAJwcWdDy&expiration=1774400253&nuid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gpp_sid=&gpp=&is_secure=true&us_privacy=&gdpr_consent=&gdpr=0
Frame ID: 6355972A5562770E3A38AEC2FABA3517
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&gpp=&gpp_sid=&piggybackCookie=7017700947177846861
Frame ID: 922E5B76EFD48909309C65950749F1C8
Requests: 1 HTTP requests in this frame

Frame: https://sync.adkernel.com/user-sync?zone=218872&dsp=1061476&t=image&uid=0d031850-e754-4951-a3d7-440fdd615e1f
Frame ID: 12E26377C8E00EAD119E2A36B56852FC
Requests: 1 HTTP requests in this frame

Frame: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]&gdpr=0&gdpr_consent=
Frame ID: 502F684A6CA8694F1311E8FCE00DB8F8
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDMmdGw9MTI5NjAw&piggybackCookie=760b59a1-affb-4c2b-89e9-9faf95132669&gdpr=0
Frame ID: 3DB1AFCDE6851B97FEF9ED5FE2FAEB9C
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNTImdGw9MTI5NjAw&piggybackCookie=69c1e17e2c8198ca1012e2ce
Frame ID: 686C4EACE48D360CFF5EFF52CF3A3188
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw
Frame ID: 118B230CD6005A169EC74CE8E50EFBA1
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=gJ9zQ_AjDi-WfF0WfeHBaQ
Frame ID: 93EC903D905757C0C7C2159D6CE9556F
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwMzEmdGw9MTI5NjAw&piggybackCookie=AVVGU8ckJxJRks8AKUSwzqoLec8AAAGdHVjTLA
Frame ID: F9AE9C0C5DAD57E968003C6D06425331
Requests: 1 HTTP requests in this frame

Frame: https://cm-supply-web.gammaplatform.com/adx/usersyncsupply?pid=7&t=pixel&gdpr=0&gdpr_consent=
Frame ID: 3BE9875EEB36C77D5624C612675F2376
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNTkmdGw9MTI5NjAw&piggybackCookie=A8162138932825430366
Frame ID: F3414BF598C655FBF55E6EBA01ED1697
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=7151965e-271c-11f1-9005-aaf5cfb141f6
Frame ID: 17CA30B3CE61D7CA2CDBE15569B63FF3
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNDImdGw9MTI5NjAw&piggybackCookie=q2nxO0ZsNoVh&gdpr=0&gdpr_consent=
Frame ID: 41F91B6CBA3B959F16A337C3FCE2E170
Requests: 1 HTTP requests in this frame

Frame: https://hbx.media.net/checksync.php?cid=8CUEHS6F9&cs=87&type=mpbc&cv=37&vsSync=1&uspstring=&gdpr=&gdprstring=&gpp=&gpp_sid=&redirect=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dmedianet%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%3Cvsid%3E
Frame ID: 90CA7B056EF0E7005554949B12446572
Requests: 3 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=&gdpr_consent=&gpp=&gpp_sid=&r=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%7BOPENX_ID%7D
Frame ID: 90CE52E3A119F973E607F94C9A05AF47
Requests: 8 HTTP requests in this frame

Frame: data://truncated
Frame ID: 4283CB3F4512BC3DFE9460F5ABC431B6
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=1czvcrb2kl76
Frame ID: E6FCB2C3B70D5558BAA4391875AA7A5D
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
Frame ID: C8833741AF69797CA07739393AE2C9BD
Requests: 1 HTTP requests in this frame

Frame: https://csync.loopme.me/?pubid=11331&redirect=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw%26piggybackCookie%3D{viewer_token}&gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Frame ID: 07A9CA3F488295E51E0FB6505657A6DE
Requests: 4 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
Frame ID: 0308984FC78F33E41D4355C9721A564B
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=1975180318824543919
Frame ID: F92B004F0179EF1FA28412D0C9DE9EF2
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:F47313590C36495CB0FF23193B4147CE&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
Frame ID: 582BACEF8EEA7FFCD5CD8D336987966C
Requests: 1 HTTP requests in this frame

Frame: https://sync-dsp.ad-m.asia/dsp/api/sync/send?s=pubmatic&rd=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyNTMmdGw9MTI5NjAw%26piggybackCookie%3D
Frame ID: 97F4DF65BED4E56725198AADC23B7516
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM3MjkmdGw9MjAxNjA=&piggybackCookie=69C1E17E31EFAED03ADFD935_&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: AFD68E5431EAD87220E33BA9C643170B
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-cf232ad5-fdc4-4d35-afd7-73e736163877-004
Frame ID: C906DE210A3F7434B04DAB7D363118ED
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=1czvcrcmmtiy
Frame ID: EEA57939B717672C61F1D508FC9FF5D1
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
Frame ID: 01F220C487CBAAF5F9889FB4C29D73C3
Requests: 1 HTTP requests in this frame

Frame: https://csync.loopme.me/?pubid=11331&redirect=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw%26piggybackCookie%3D{viewer_token}&gdpr_consent=&gdpr=0&us_privacy=&gpp=&gpp_sid=
Frame ID: 1C72D79FAC5F94816F16997489C47B5A
Requests: 4 HTTP requests in this frame

Frame: https://match.deepintent.com/usersync/141?gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
Frame ID: B5D13BAF752AE52B793EF8D8CA0CF99C
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=1975180318824543919
Frame ID: BA8ED4B502A62581F3F0B5ACDC1B1DAD
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:F47313590C36495CB0FF23193B4147CE&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
Frame ID: B48806E414250E538BD909C6EAB7B30A
Requests: 1 HTTP requests in this frame

Frame: https://sync-dsp.ad-m.asia/dsp/api/sync/send?s=pubmatic&rd=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyNTMmdGw9MTI5NjAw%26piggybackCookie%3D
Frame ID: 8140BD6D465A51736D63FB14CE67552E
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM3MjkmdGw9MjAxNjA=&piggybackCookie=69C1E17E31EFAED03ADFD935_&gdpr=0&gdpr_consent=&us_privacy=
Frame ID: 82D44E2EEECF872BC21270F8D0D64AF2
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-cf232ad5-fdc4-4d35-afd7-73e736163877-004
Frame ID: 412053F90286FB3F5ABF83F2A9B4C2FF
Requests: 1 HTTP requests in this frame

Frame: https://pbs.intergient.com/setuid?bidder=pubmatic&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=b&uid=DC6DF086-7BB9-400E-B7B9-740D658571B8
Frame ID: A627D0FD8B4AD3CB0B1C773B6D9D4F33
Requests: 1 HTTP requests in this frame

Frame: https://pbs.intergient.com/setuid?bidder=pubmatic&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=b&uid=DC6DF086-7BB9-400E-B7B9-740D658571B8
Frame ID: 5A4007ED14A593D8FA2F32195F2C22CF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Paint with Oils

Page URL History Show full URLs

https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyM... Page URL
https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyM... HTTP 302
https://paint.toys/oil HTTP 301
https://paint.toys/oil/ Page URL

Detected technologies

Snowplow Analytics (Analytics) Expand

Overall confidence: 50%
Detected patterns

sp\.js

AppNexus (Advertising) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Floodlight (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.doubleclick\.net

Google AdSense (Advertising) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Google Tag Manager (Tag managers) Expand

Overall confidence: 100%
Detected patterns

\.googletagmanager\.com/

OpenX (Advertising) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

33Across (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.33across\.com/

Adform (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.adform\.net/

Adobe Audience Manager (Segmentation) Expand

Overall confidence: 100%
Detected patterns

Amazon Advertising (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.amazon-adsystem\.com

Cloudflare Bot Management (Security) Expand

Overall confidence: 100%
Detected patterns

Funding Choices (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

fundingchoicesmessages\.google\.com

Google Publisher Tag (Advertising) Expand

Overall confidence: 100%
Detected patterns

securepubads\.g\.doubleclick.net/tag/js/gpt\.js

ID5 (Advertising) Expand

Overall confidence: 100%
Detected patterns

^https://(?:cdn\.)?id5-sync\.com/

Integral Ad Science (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.adsafeprotected\.com/

LiveIntent (Email) Expand

Overall confidence: 100%
Detected patterns

\.liadm\.com

MGID (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.mgid\.com/

Media.net (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.media\.net/

Sharethrough (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.sharethrough\.com/

Simpli.fi (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.simpli\.fi

StackAdapt (Advertising) Expand

Overall confidence: 100%
Detected patterns

srv\.stackadapt\.com/

Taboola (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.taboola\.com

theTradeDesk (Advertising) Expand

Overall confidence: 100%
Detected patterns

\.adsrvr\.org/

Page Statistics

443
Requests

73 %
HTTPS

0 %
IPv6

110
Domains

201
Subdomains

134
IPs

12
Countries

3219 kB
Transfer

9881 kB
Size

238
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://toybox.toms.toys/?ref=paint.toys
Title: © toms.toys ⍟

Search URL Search Domain Scan URL

URL: https://adssettings.google.com/whythisad?source=display&reasons=AcrBLeUbgDgSqTBdkYxu90QD4BD6fy-rUOsTN35vIUnVo8VTua5Dv8pJxS2OkiRmUI9P_TbsrpR7x7Fa3VpI1J8Ke-gEwAhFlDUKHI8q-igzwnio4tybsRpRjIPC2HsH91Wh__IfU0qLHO_sTq6bhPGapSp9vsH_4oTw1lTsy3N9uyFDOM_hxzxLBJJ164X-Jx9RiVCoVv66g8SITpJZieWJm9MxVUaRv2UqRgkQ-WLtdv-Fj6lFwJxNxB2uax-A9grX19AYSLaA2J3IgGUfFwZojj0VKPwct8vkK6a5_Vl9Odf1EFqLqwhS5-UIJG07H-UYRu6TwBrpfs7cPyYoiR0IrnKTFwMCQDhLCwzWl8JenbeMHrZuWbQvzrFAdrI_gRF2gL6DRYhDG7pr5L5o4tYInnTXZKUjXvdDbLyeu3cWG4BJfQ2UDyyz4i3q_pooxpgS4tQdAgQk7On6bMyA7fSzIX680-gNg7wISjXhs6HDTYKfqECTtYsGPfBv5-2w8aWGPoTMqj0CGSU_mleX2nJurO1XVG1VUbVEgaManevQPTMSG2MS6AwZFywWdiw3EhDaL8NCwEhRXouoaZk-070aR92sGtgFCuDd0jKjZcd1HYGUUoTwQT-SG-CRe8UWbDxmQ21Db0selxOcg_k73jL02BtS25sgtzhDS3H0fD6l8KLX579HpHw6iYK35LhRZnWL3Brwbik6yWlsfNVSY3_WLmqiI5hpeJ8ADula2aPH9lMyK7hMo-EfhQ8OIbfTcvo_I1R_ANlE4AS2JXts65YE9oquvtguX5VlF1ylNqQWGkeKouFjp9P5IDUDqS272gu0q3m6g2f-cw_4G9dvKzx4S3zx_v9vdvxZAol2aJT3RHCQdQN0AwIlYfeLchvRdtWRiUmIBvO8tWSUKz28w_0cF3zCNry9lRELHta8e6R2AuWtbapZxcFaGBkC4rPsH27zEMnnnOZ0CTJDBb9NUd8rx9J4PfPhIe75SYrmyhkEnC_7cedOLbJ0H-CgVNNDA73Nf8eLd9QrNBfkpVQLzGCFXlszfhj5Pobsu5OFKt7oKqGI63G-uWZ9jwAg18swusYIXoO2l_I1X97iuZrfdUdpy1kvPj8OJDiM35lDWS4xYJ1eFAH3irmartOmmr6fdHNP3bGAxHXPY_KgqpkWo3DEiLe_cvAg1fCbA6Wjg0Dla8zf1IDeYMKsssMo6TtV6YmnZtIMQ1DBjzFV32FWrcrnQYFfD1i23uK9CPZLWGKtq6_iR_Caw-B1DZCCBlvrQHBG7DerOzVkfQK-tSkVWy5QybvKsXWe9_HHZvScZUJT3ggK5YjstPo_lIWS922yKj5rmkw8ryLx-pTm_g35ZMnTZOmnHXRm9pzChJ0NMX8odA9Xy5J48tciIFKtWr8NZaA8QDUUrU8EzAC4xC5LMRShDx5JLMNvh5Blq838OKOBlsAqATSVzqrBtoYsASMC-YufqVNbLH8GUteFjY-skK7SlGZ-CAnackMj178sEi2b0imIIpZRo226mNSJy6LQQBdv5YJBRJehkN-B1r6OZGrX8PUjm3pqAERS-hr_bGDNZu1ykLNGzhDmrDq61QDx6KYVo0j0VxCn0_xCJSsVS92DRa4pCrb0lMsMJsWzC5kSqUZcJ73ec0Cm24NY2LCbpcUsCWiKeHmXD8SUtQCf68a3p_7jO46MeRwbxKRbuNgBpMFj8mMO9kDyH7jsKbKmorbgkvonBL3m4WHzRx_hpjMew6DkoJBelExBdsDpV52M7vqNpmgnsTsqdMdt7suxoMbNFg4xvNdlQpXn9vHZbcxa6AEo6dOKh2n1hnXoiUXXOCHLUAbj4hYqLUBjX7FjV8aIjZRpNWLjFE8Z37KKCBaQeJaX0f3FNisVLSP76U7tkW_zXrd7fzLOfwz5l5ANwvFjXiikOId3gBuqzm11fGnba3foGaJv57XXzPUr0uOJ-HRjdgBfXKUCmiJkiRs551llrbdBeyXG0opHARKPvaW0FeD_k-vzX3BJ9brjMcDSzU-aOi8Ur2OeSPF0aJgFdhCZChruuyilM-L21dbcxZjpGpKh5ElcUqJ-eJHsH72WYeF0Cp5DqOSh0-IGZwJqBT7yAPDx5sAIqqCRE5pyW1I377oTSTIEAaZpkTIa4xM_63tuir_pL5x6HshGRXzFSkxyXyjSkoH-nQ_jPgoZTHfOq5OlRXlZ9bwCkRb-c4TjPzY_0Bic4Ml2xw6pxqeh7uexT0s_B2CVQ5icOSprO4corEXLDc4&opi=122715837

Search URL Search Domain Scan URL

URL: https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CAUFie-HBaam2E-3PjuMPmsnbgQGQ79LhgQGG3cGYmBX43JSYQxABILq-8BZgpYCAgKgBoAGL4oqgAcgBCagDAcgDmwSqBIQCT9B2s9YjnzL8-rerzSBRHIGqO8Z6vpnkz3B_RLDubL6jX-snkXksQp5aHuqCDFLbV9s82E2ch25ru-uqat3ZFOVuBqHLiPlwFT302tU9yDmIXKJW2iV7cl2QVkG6byVaVwEI5i0Ebyi6ttfCP3hIXcrXXn2H0UzOa_ao2NGUdbeN96yne4JA71enVO5hGuXZTSCt3ogEVDHI0FGAut24zdu8BvVn_NkA_fA-UD5AqnyMmZaUxvgzodladlmSPp9McLwlRkatMs6RlFi_G7myJJrYzsD8e26A4OPj3pfXoaVI665Kwjo0puxVhaw7tNKBr1mb0svPA5Rn0UxRmakAsMsG6T3ABKzT483hBOAEA4gF3diMmE6QBgGgBk2AB92d9d8CqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcA0gguCIBhEAEYXzIIioKAgICAgAg6DYBAgMCAgICAqIACqANIvf3BOlj-w8-WqreTA_IIH2JpZGRlci14YXBpOjE5MTI4ODp2bFdBWWtLX1lCd2uACgSYCwHICwGADAGqDQJBVfANAYgODrAT6fCwIdATANgTDdgUAdAVAcoWAgoA-BYBgBcBshcQGAIqCjg4NTM2OTY3NTFQBrIYCRICnWMYTSIBANAZAQ&ae=1&num=1&cid=CAQS3gEABaugfcvcQEVisj4dXZRnK5WrcZkAku6HXMziAWv2oyd3Y25TXIbxhKtvGICe8JIaAktcmqFSCxzLVeL49DBnXLLtqH3rwfEokCmWwaQNtvvbLABYFviwG_ryNnNZ9xzcqFVyY0OKD351lOs0yAzzFbmsZvcdf9jDI7JxhJpJubUpoQSeXd5r0sd75CtTVOm2edeR-dw4lyhC9nGUG1k1DEhquSjgMTcwr-eQSGJ8zdUnpneKGHgmNGZRu1Lvqo7aFUJnGB-oidQJFz7lIJhwM6rPRYDDR0P3NL0nrU4YAQ&sig=AOD64_1Wde_MfPBTVIe-TghrFvNhiJu3ew&client=ca-pub-6579838053286784&dbm_c=AKAmf-A8ODr_TeWBYYAATE58XixrNzFe9oI0uQrqoL8muTjvb5_fM-z9zUHFaZUbKRSOBvIrgSFuF49NJ1BK48n1qVjXZpuUIIE0tH4eXIjaB5CB-UNPDB_lXUqkjhYjgG_Mmz0N69wsEdWp6eXmPheX-CH9qrOdfDmK3oEVuZwpGV7JAjeSNrWnK09Z_BqBHP89viLX0JkWLTBHVGnfxPmqOo8Z1iTSV4WyA7xCxZzgef6p9sGmVGFM_qQHY4kTmTerlh3LDQ87TZl38iyc95-KjjvtpGGIxiSanZMnr196tWOo9ESIvK0&cry=1&dbm_d=AKAmf-Ctqm_1f3LpvufQUKS4m9QD84OgWnArytCoFmf99U-4KaZoWMhXaXNLVd7SfaQm1xp9UZiV9vBPk-8GdFE8bzWgAu1afFv8c3cEyGR-o5eO3LEGGW_NPDlUMlRNeZUYyM4730YiL0WrzM371MBKYiSvfKvtlRFEalaF_2F15Bu1UN1fPnIas4sMyvHf_cNRtzPeVa80rD8l03UUnFIpfgqZ9nAZsidWHBWg8Xc41Okb76LXMfRMg7RS0F3zWYWJzynASMohXxWDcLv1A-ZcX-xNChNnNlicH1tN7w-8RR_ZD4XyRfQa7I3udNGRD8p4OXUQoGw8QsBxLr582F-mBUpuwTPIFFStjoyFO21HiKKq4Z7V37leO6JPpj9myXfS0msU-BizyYuEs-grr-EkaxIgl3xnZsjfJxUGsOBX8VTz6kmEcvr6X8vDfVKQQdDiAN5hWMzW5dIN7mNjM98jYevywECDa1ejSbexBOjfYno1lbwksyhNFvqACMpwS9RD9_rRrJ5HC2k3AhL-Pb550GIuGw_jhXoN3edVIdfVAYZkJjapdjHz_mFEscP1kZtB6xjTY1gMT94guz-KSA6cLBrVB0od7iRbYwL5FcDEj0U0O77yOMshOf1gDrP__4YSKFNMbb1A4ZZ5q-2zRZi4j4J5XLSNxRGenTr3hV5mB7DYCEBfh9IvyPxoxRbAgyt1OTgaqJi-&adurl=https://servedby.flashtalking.com/click/7/296969;10263025;5457195;210;0/?us_privacy=!!US_PRIVACY!&ft_partnerimpid=ABAjH0hNXwEgHnuMPZ-iGVw1rzj4&ft_impID=96BF21C6-0629-1CDD-54B3-C3E42EEAB967&ft_section=20988505181&g=6657A90D99A3EE&random=734120.8050393978&ft_width=160&ft_height=600&url=https://www.adobe.com/au/creativecloud.html?sdid=PC1PQ9XF&mv=display&mv2=display

Search URL Search Domain Scan URL

URL: https://www.flashtalking.com/consumer-privacy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyMC0yNTg5OTkyMi0xMDA4MDI3Yi05Mzg5LUxrMG9FMDR6ZDRMMTFFcU1ndzEw/rmodzwsmk3q/unplezyragjydeaewnjbfghp/4JQANWIX0ZXB/rtbenknwvejnmkkbczwczzwyswkzq/2304004152849396439 Page URL
https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyMC0yNTg5OTkyMi0xMDA4MDI3Yi05Mzg5LUxrMG9FMDR6ZDRMMTFFcU1ndzEw/rmodzwsmk3q/unplezyragjydeaewnjbfghp/4JQANWIX0ZXB/rtbenknwvejnmkkbczwczzwyswkzq/2304004152849396439?in=1 HTTP 302
https://paint.toys/oil HTTP 301
https://paint.toys/oil/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://cdn.intergient.com/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://cdn.intergient.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js

Request Chain 53

https://ps.eyeota.net/pixel?pid=m51mh00&t=ajs&uid=user_68df70df-de7d-4dbf-bbb6-f0d9f6cc2765_1774313849369 HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=m51mh00&t=ajs&uid=user_68df70df-de7d-4dbf-bbb6-f0d9f6cc2765_1774313849369

Request Chain 85

https://match.adsrvr.org/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://ps.eyeota.net/match?uid=97f39a7c-5982-42c0-86d2-649773acdd79&bid=1e2n4ou

Request Chain 86

https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MmhvRk1PLU40QWtPb25SYy1OVlk0UWdoTUxGREIzSi1iU19PMjRsYXpaN2c&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=m51mh00 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&google_hm=MmhvRk1PLU40QWtPb25SYy1OVlk0UWdoTUxGREIzSi1iU19PMjRsYXpaN2c&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=m51mh00&google_tc= HTTP 302
https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=m51mh00&google_gid=CAESEG-zumiRRIJzsFSeuMIpSXM&google_cver=1

Request Chain 87

https://ib.adnxs.com/getuid?https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1%26referrer_pid%3Dm51mh00 HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fps.eyeota.net%252Fmatch%253Fuid%253D%2524UID%2526bid%253D2cr76e1%2526referrer_pid%253Dm51mh00 HTTP 302
https://ps.eyeota.net/match?uid=3655796931204238726&bid=2cr76e1&referrer_pid=m51mh00

Request Chain 88

https://sync.srv.stackadapt.com/sync?nid=eyeota HTTP 302
https://ps.eyeota.net/match?bid=tpm4omv&uid=35EQdmtSVxh17Walk1vmlmds5_U&gdpr=&gdpr_consent=

Request Chain 89

https://ups.analytics.yahoo.com/ups/58773/cms?partner_id=Eyeot&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58773/cms?partner_id=Eyeot&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://ps.eyeota.net/match?bid=bhc9gd0&yahoo_ver=2&yahoo_id=y-SOqvBjxE2pXaQumyc3TAaYA390Z00xXKge8-~A&gdpr=0

Request Chain 122

https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1975180318824543919

Request Chain 123

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=&gdpr=0&gdpr_consent= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=td&nuid=97f39a7c-5982-42c0-86d2-649773acdd79&pubid=

Request Chain 124

https://sync.srv.stackadapt.com/sync?nid=286 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=st&nuid=35EQdmtSVxh17Walk1vmlmds5_U

Request Chain 125

https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=&expires=365 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent=&expires=365 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=af83d098-46e0-4192-95f2-f2da33b7063b&google_hm=YWY4M2QwOTgtNDZlMC00MTkyLTk1ZjItZjJkYTMzYjcwNjNi&gdpr_consent=&gdpr=0 HTTP 302
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEG3Mt4E36feMYQdFQLtMx54&google_cver=1&ssp=sonobi&bsw_param=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr_consent=&gdpr=0 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 126

https://www.temu.com/api/adx/cm/pixel-sonobi?id=bf92221e-d80d-439e-be8b-0155cdbea91b&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dtu%26nuid%3Dbf92221e-d80d-439e-be8b-0155cdbea91b HTTP 302
https://sync.go.sonobi.com/us.gif?nw=tu&nuid=bf92221e-d80d-439e-be8b-0155cdbea91b

Request Chain 127

https://image8.pubmatic.com/AdServer/ImgSync?p=166397&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D166397%26mpc%3D4%26fp%3D1%26pmc%3DPM_PMC%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%24%26pr%3Dhttps%253A%252F%252Fsync.go.sonobi.com%252Fus.gif%253Fnw%253Dpm%2526nuid%253D%2523PMUID HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?p=166397&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D166397%26mpc%3D4%26fp%3D1%26pmc%3DPM_PMC%26gdpr%3D0%26gdpr_consent%3D%26us_privacy%3D%26gpp%3D%26gpp_sid%3D%24%26pr%3Dhttps%253A%252F%252Fsync.go.sonobi.com%252Fus.gif%253Fnw%253Dpm%2526nuid%253D%2523PMUID&rdf=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=REM2REYwODYtN0JCOS00MDBFLUI3QjktNzQwRDY1ODU3MUI4&gdpr=0&gdpr_consent=&google_cm HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENus9K45FbDvO_pIAI57C80&google_cver=1 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?fp=1&gdpr=0&gdpr_consent=&gpp=&gpp_sid=%24&mpc=4&p=166397&pmc=1&pr=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpm%26nuid%3DDC6DF086-7BB9-400E-B7B9-740D658571B8&us_privacy= HTTP 302
https://sync.go.sonobi.com/us.gif?nw=pm&nuid=DC6DF086-7BB9-400E-B7B9-740D658571B8

Request Chain 128

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=140&gdpr=0&gdpr_consent= HTTP 302
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=140&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D1389%26tp%3DSTSC%26tpid%3D8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155%26gdpr%3D0%26gdpr_consent%3D%26d%3Dhttps%253A%252F%252Fsync.go.sonobi.com%252Fus.gif%253Fnw%253Dbs%2526nuid%253D8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155%2526gdpr%253D0%2526gdpr_consent%253D HTTP 302
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D1389%26tp%3DSTSC%26tpid%3D8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155%26gdpr%3D0%26gdpr_consent%3D%26d%3Dhttps%253A%252F%252Fsync.go.sonobi.com%252Fus.gif%253Fnw%253Dbs%2526nuid%253D8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155%2526gdpr%253D0%2526gdpr_consent%253D HTTP 302
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dbs%26nuid%3D8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://sync.go.sonobi.com/us.gif?nw=bs&nuid=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&gdpr=0&gdpr_consent=

Request Chain 129

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dif%26nuid%3D[MM_UUID]%26uid%3Dbf92221e-d80d-439e-be8b-0155cdbea91b HTTP 302
https://sync.go.sonobi.com/us.gif?nw=if&nuid=b32b69c1-e17c-4c00-823c-e54643bf3f3f&uid=bf92221e-d80d-439e-be8b-0155cdbea91b

Request Chain 130

https://creativecdn.com/cm-notify?pi=sonobi HTTP 302
https://creativecdn.com/cm-notify?pi=sonobi&tc=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=rh&nuid=r5un3n8FevsvPj7mwWcAhmCbp4iS_GCRl-f4TJnKHUY&pi=sonobi&tc=1

Request Chain 131

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=bf92221e-d80d-439e-be8b-0155cdbea91b&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=cmcySHRWSHRTWUR1TVhOa19TN2M1UQ&gdpr=&gdpr_consent= HTTP 302
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEIJ7Kqs895k-ld94kJe6aUU&google_cver=1 HTTP 302
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=uLFDBHCCL3Rf

Request Chain 132

https://ib.adnxs.com/getuid?https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=$UID HTTP 302
https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=3655796931204238726

Request Chain 134

https://fei.pro-market.net/engine?du=46&site=161318&size=1x1&mimetype=img&csync=bf92221e-d80d-439e-be8b-0155cdbea91b HTTP 302
https://fei.pro-market.net/engine?du=46&site=161318&size=1x1&mimetype=img&csync=bf92221e-d80d-439e-be8b-0155cdbea91b&sr

Request Chain 138

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YmY5MjIyMWUtZDgwZC00MzllLWJlOGItMDE1NWNkYmVhOTFi HTTP 302
https://sync.go.sonobi.com/usg.gif?google_gid=CAESED50zQ1ftrl-eEGJaO4K1QA&google_cver=1

Request Chain 139

https://s.amazon-adsystem.com/x/7318ffc0e8fa1d771446 HTTP 302
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=snb&dcc=t

Request Chain 140

https://capi.connatix.com/us/pixel?puid=bf92221e-d80d-439e-be8b-0155cdbea91b&pId=43&gdpr_consent=&callback=&us_privacy= HTTP 302
https://capi.connatix.com/us/pixel?puid=bf92221e-d80d-439e-be8b-0155cdbea91b&pId=43&gdpr_consent=&callback=&us_privacy=&final=true

Request Chain 151

https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=&gpp=&gpp_sid= HTTP 302
https://eb2.3lift.com/xuid?mid=3658&xuid=97f39a7c-5982-42c0-86d2-649773acdd79&dongle=0cfd&gdpr=0&gdpr_consent=

Request Chain 152

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEOPpam2E5YiAb1EpikpZCS4&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1

Request Chain 153

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDMzMTg3Nzc3MTAwMzE0ODU1MzQ2MQ%3D%3D

Request Chain 155

https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDMzMTg3Nzc3MTAwMzE0ODU1MzQ2MQ%3D%3D HTTP 302
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=

Request Chain 159

https://ups.analytics.yahoo.com/ups/58932/cms?gdpr=0&gdpr_consent=&gpp=&gpp_sid= HTTP 302
https://eb2.3lift.com/xuid?mid=2662&xuid=y-Qs.8vBJE2oTzTKe8g5uJZKX8vufgZdphHiVOoGsrPA--~A&dongle=0883&gdpr=0

Request Chain 160

https://sync.srv.stackadapt.com/sync?nid=13&gdpr=0&gdpr_consent=&gpp=&gpp_sid= HTTP 302
https://eb2.3lift.com/xuid?mid=2319&xuid=0-df911076-6b52-5718-75ed-66a5935be696$ip$103.108.231.245&dongle=4430

Request Chain 178

https://playwire-d.openx.net/w/1.0/pd HTTP 302
https://playwire-d.openx.net/w/1.0/pd?cc=1

Request Chain 179

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://usersync.gumgum.com/usersync?b=rth&i=Md2opBbxWYHFLV6aDUpRBpQow7XJXJctOOfXFFLcy8o&pi=gumgum&tc=1

Request Chain 183

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 185

https://match.adsrvr.org/track/usersync?us_privacy=&gdpr=0&gdpr_consent=undefined&ust=image HTTP 302
https://dpm.demdex.net/ibs:dpid=903&dpuuid=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=903&dpuuid=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam HTTP 302
https://secure-gl.imrworldwide.com/cgi-bin/m?ci=tradedesk&cg=97f39a7c-5982-42c0-86d2-649773acdd79

Request Chain 224

https://sync.ipredictive.com/d/sync/cookie/generic?https://eb2.3lift.com/xuid?mid=3702&xuid=${ADELPHIC_CUID}&dongle=d54f&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3702&xuid=a7ac6592-16a6-42e3-969b-972f7145cc43&dongle=d54f&gdpr=0&gdpr_consent=

Request Chain 226

https://um.simpli.fi/triplelift HTTP 302
https://eb2.3lift.com/xuid?mid=7969&xuid=F47313590C36495CB0FF23193B4147CE&dongle=yf3

Request Chain 227

https://triplelift-match.dotomi.com/match/bounce/current?networkId=74572&version=1&gdpr=0&gdpr_consent= HTTP 302
https://triplelift-match.dotomi.com/match/bounce/current?DotomiTest=6e933f83c3671f7e&is_secure=true&networkId=74572&version=1&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=6732&dongle=38F&xuid=AQAKMTtmGoNAMwI8C1kqAQEBAQEBAQCcHFnRtQEBAJwcWdG1&expiration=1774400253&is_secure=true&gdpr_consent=&gdpr=0

Request Chain 228

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=83&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/xuid?mid=3646&xuid=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&dongle=1fa5&gdpr=0&gdpr_consent=

Request Chain 229

https://match.prod.bidr.io/cookie-sync/trl?gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/trl?gdpr=0&gdpr_consent=&_bee_ppp=1 HTTP 303
https://eb2.3lift.com/xuid?mid=7255&xuid=AAF9UE7Tg8MAAABheBax3A&dongle=bzwx&gdpr=0

Request Chain 230

https://x.bidswitch.net/sync?ssp=triplelift&user_id=4331877771003148553461&gdpr=0&gdpr_consent= HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=triplelift&gdpr=0&gdpr_consent= HTTP 302
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=triplelift&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=7c98041d-8906-4110-b61f-c4ae992851f7&ssp=triplelift HTTP 302
https://eb2.3lift.com/xuid?mid=2409&xuid=af83d098-46e0-4192-95f2-f2da33b7063b&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 231

https://dis.criteo.com/dis/usersync.aspx?r=44&p=75&cp=triplelift&cu=1&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&url=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2711%26xuid%3D%40%40CRITEO_USERID%40%40%26dongle%3D013b HTTP 302
https://eb2.3lift.com/xuid?mid=2711&xuid=748bd1fd-0e9f-49a6-9cf7-b5d362349460&dongle=013b&gdpr=0&gdpr_consent=&us_privacy=&gpp=

Request Chain 237

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-Playwire&gdpr=&gdpr_consent=&us_privacy= HTTP 301
https://eus.rubiconproject.com/usync.html?p=pbs-Playwire&gdpr=&gdpr_consent=&us_privacy=

Request Chain 239

https://x.bidswitch.net/sync?ssp=criteo&custom_data=-Ex2D192JTJCY1ZCZllpSTVLeHhEalJod2IlMkZLaXYyck9QVDVrclVNTldWSWFwY0h4YyUzRA&gpp=&gpp_sid=&gdpr=0&gdpr_consent=&us_privacy=&cr_user_id=k-XhAczkLZMVoImS4BFFelATBROC0DcS0uslkPLg HTTP 302
https://ssp-sync.criteo.com/user-sync/match?p=-Ex2D192JTJCY1ZCZllpSTVLeHhEalJod2IlMkZLaXYyck9QVDVrclVNTldWSWFwY0h4YyUzRA&u=af83d098-46e0-4192-95f2-f2da33b7063b

Request Chain 240

https://secure.adnxs.com/getuid?https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fmatch%3fp%3dTvGegV9GREFlU1FyeG04TTNpWm9iSXNoWFdMNUJXdGpiemolMkJKd25wdnYlMkZCdkdsQSUzRA%26u%3d%24UID&gdpr=0&gdpr_consent= HTTP 302
https://ssp-sync.criteo.com/user-sync/match?p=TvGegV9GREFlU1FyeG04TTNpWm9iSXNoWFdMNUJXdGpiemolMkJKd25wdnYlMkZCdkdsQSUzRA&u=3655796931204238726&gdpr=0&gdpr_consent=

Request Chain 241

https://cm.g.doubleclick.net/pixel?google_nid=commerce_grid_dbm&google_hm=k-XhAczkLZMVoImS4BFFelATBROC0DcS0uslkPLg&google_cm&google_redir=https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fmatch%3fp%3dWycD_V9MNHdXJTJCUHVLaWVFeW1rOEF4cVlWV0Y4dGREdDcxbndiWU9KU1RhQ1JmVFUlM0Q%26u%3d%25%25GOOGLE_GID%25%25&gdpr=0&gdpr_consent= HTTP 302
https://ssp-sync.criteo.com/user-sync/match?p=WycD_V9MNHdXJTJCUHVLaWVFeW1rOEF4cVlWV0Y4dGREdDcxbndiWU9KU1RhQ1JmVFUlM0Q&u=CAESEIEWEfY9bvF-wAX8N9Aa4Gs&gdpr=0&gdpr_consent=&google_cver=1

Request Chain 242

https://ad.turn.com/r/cs?pid=75&us_privacy=&gdpr=0&gdpr_consent= HTTP 302
https://ssp-sync.criteo.com/user-sync/bidder-initiated?gdpr_consent=&gdpr=0&us_privacy=&dsp=11&buyer_id=9200000678844645331

Request Chain 243

https://ds.uncn.jp/mg/0/sync_push HTTP 302
https://ssp-sync.criteo.com/user-sync/bidder-initiated?dsp=479&buyer_id=v_8c52eabc-66a2-4689-8976-bc1464557ed1

Request Chain 244

https://cs.admanmedia.com/e805be652c9053b8f771665f0ac3c361.gif?puid=k-XhAczkLZMVoImS4BFFelATBROC0DcS0uslkPLg&redir=https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fmatch%3fp%3d6y5FTF93aDlJU1JtcXQ5RUFKNXB5OHlzQzdoanVuRHlnWlNIdmtLRzhlSWxxcnBjJTNE%26u%3d%5bUID%5d&gdpr=0&gdpr_consent=&ccpa= HTTP 302
https://ssp-sync.criteo.com/user-sync/match?p=6y5FTF93aDlJU1JtcXQ5RUFKNXB5OHlzQzdoanVuRHlnWlNIdmtLRzhlSWxxcnBjJTNE&u=1c5e3660-4ba7-41fb-86ab-157616b6339c

Request Chain 245

https://t.adx.opera.com/pub/sync?pubid=pub13186530141056&gdpr=0&consent=&us_privacy=&gpp=&gpp_sid=&custom_data=eUTedl8zcURNOFBkSkt1TGNmTVptWVFZWHlnWkNNaWRJd0dhdTBWejJqRXQ5UXlFJTNE HTTP 302
https://www.temu.com/api/adx/cm/pixel-opera?adx_uid=c8fb46b639a16f79&gdpr=0&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Ft.oa.opera.com%2Fsync%3Fvendor%3D60369%26pubid%3Dpub13186530141056%26gdpr%3D0%26consent%3D%26us_privacy%3D%26custom_data%3DeUTedl8zcURNOFBkSkt1TGNmTVptWVFZWHlnWkNNaWRJd0dhdTBWejJqRXQ5UXlFJTNE HTTP 302
https://t.oa.opera.com/sync?vendor=60369&pubid=pub13186530141056&gdpr=0&consent=&us_privacy=&custom_data=eUTedl8zcURNOFBkSkt1TGNmTVptWVFZWHlnWkNNaWRJd0dhdTBWejJqRXQ5UXlFJTNE HTTP 302
https://ssp-sync.criteo.com/user-sync/match?p=eUTedl8zcURNOFBkSkt1TGNmTVptWVFZWHlnWkNNaWRJd0dhdTBWejJqRXQ5UXlFJTNE&u=OPU2a0648129ab14ff488fc7a655aebbf80

Request Chain 248

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm HTTP 302
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEChPhHzrMhEJkA6EudHvHbc&google_cver=1

Request Chain 250

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP328_SoCAJ65CD7DVBdNP8&google_cver=1

Request Chain 251

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=acHhfIsFVogAOMpRAK-AqgAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP328_SoCAJ65CD7DVBdNP8&google_cver=1

Request Chain 265

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEErwF0n-bBqP_lB9aFAvA7k&google_cver=1

Request Chain 267

https://cr-p3.ladsp.com/cookiesender/3 HTTP 302
https://cr-p3.ladsp.com/cookiesender/3?cr=true HTTP 302
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=ARe7Eb7OA3p2ks8AKUSwzqoLec8AAAGdHVjR0w

Request Chain 268

https://match.adsrvr.org/track/cmf/openx?oxid=54e3dd57-f279-7e87-c25a-0285bfe2cb2b&gdpr=0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=OTdmMzlhN2MtNTk4Mi00MmMwLTg2ZDItNjQ5NzczYWNkZDc5&gdpr=0&gdpr_consent=&ttd_tdid=97f39a7c-5982-42c0-86d2-649773acdd79 HTTP 302
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=97f39a7c-5982-42c0-86d2-649773acdd79&google_gid=CAESEDtUeSBgIgOm7yHzBCBrGec&google_cver=1 HTTP 302
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=97f39a7c-5982-42c0-86d2-649773acdd79 HTTP 302
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=3655796931204238726&ttd_tdid=97f39a7c-5982-42c0-86d2-649773acdd79 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=&expires=30

Request Chain 269

https://ad.turn.com/r/cs?pid=9&gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073061&val=4063995112698938896&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 285

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEMsmIz4m1d53G9QrTpNTcf8&google_cver=1&google_push=AXcoOmR0zgqhvGjaLSMRl4U-p4zQ5Qk4I6DuR85ztN-IcTAjgdjkBRZInU8LfHbUiE-vM75qv1FRJ8RbANpUn_EdxUTNsOP09usl HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmR0zgqhvGjaLSMRl4U-p4zQ5Qk4I6DuR85ztN-IcTAjgdjkBRZInU8LfHbUiE-vM75qv1FRJ8RbANpUn_EdxUTNsOP09usl

Request Chain 286

https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEMscr7V4mJ6Db1nAGtdpmGE&google_cver=1&google_push=AXcoOmTBo_qydi6uDxkjCSggYZ0ttlabcm-EbvC_URse3RVxBCaQ_4RAVmrS8SMGQL1hkYYd0aeGuDLbY3gIOoA-OQq83F_QSfV5Bg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=MzlkODU4MjQtYjI5MC00YWVmLWJmZDEtZWVkZjc1Zjc0ZmFl&google_gid=CAESEMscr7V4mJ6Db1nAGtdpmGE&google_cver=1&google_push=AXcoOmTBo_qydi6uDxkjCSggYZ0ttlabcm-EbvC_URse3RVxBCaQ_4RAVmrS8SMGQL1hkYYd0aeGuDLbY3gIOoA-OQq83F_QSfV5Bg

Request Chain 287

https://match.prod.bidr.io/cookie-sync/adx?google_gid=CAESEN_w1x1E-yNUr8gagkEEXTM&google_cver=1&google_push=AXcoOmQ0nof2JpvaXnAmb1YhTrsX2bly_cGpBeoQ5lWSt2wHME1tilaXMJ8G-NXzcuWdeEodm5NOz2NeA4g4lHU6kNRwlUdOuyjfZQ HTTP 303
https://match.prod.bidr.io/cookie-sync/adx?google_gid=CAESEN_w1x1E-yNUr8gagkEEXTM&google_cver=1&google_push=AXcoOmQ0nof2JpvaXnAmb1YhTrsX2bly_cGpBeoQ5lWSt2wHME1tilaXMJ8G-NXzcuWdeEodm5NOz2NeA4g4lHU6kNRwlUdOuyjfZQ&_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGOVVFN1RnOE1BQUFCaGVCYXgzQQ&google_push=AXcoOmQ0nof2JpvaXnAmb1YhTrsX2bly_cGpBeoQ5lWSt2wHME1tilaXMJ8G-NXzcuWdeEodm5NOz2NeA4g4lHU6kNRwlUdOuyjfZQ&bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1

Request Chain 288

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESELfPBhV3QbehqhIhA6K4Pls&google_cver=1&google_push=AXcoOmT1J0hdpqivgAGF5ARaI_sgfllLbyMx9yIoee92VWL-_tHR0tQkCcwfvHbAMyWtYhZQQLeWd3SZc-40yD3ORW6YixyLqE3W HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=35EQdmtSVxh17Walk1vmlmds5_U&google_push=AXcoOmT1J0hdpqivgAGF5ARaI_sgfllLbyMx9yIoee92VWL-_tHR0tQkCcwfvHbAMyWtYhZQQLeWd3SZc-40yD3ORW6YixyLqE3W

Request Chain 289

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFOIV21NHhojPBH7Sz2qb3U&google_cver=1&google_push=AXcoOmRe_UVCV7seG1TOnINCgGnsjS32tUX58gkkPN5HQut1J7_3h4EAVg4cCiwwGIKM7BYhfvsyqNfrTq-mOvRw8czv_kku3hnS HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFOIV21NHhojPBH7Sz2qb3U&google_hm=acHhfIsFVogAOMpRAK_AqgAAFM4AAAAB&google_nid=index&google_push=AXcoOmRe_UVCV7seG1TOnINCgGnsjS32tUX58gkkPN5HQut1J7_3h4EAVg4cCiwwGIKM7BYhfvsyqNfrTq-mOvRw8czv_kku3hnS

Request Chain 290

https://cs.media.net/cksync?type=g&google_gid=CAESEN6uCCPcAMftYm4Ye0Z6QHY&google_cver=1&google_push=AXcoOmT-xnakHWUhtLtNkrwWvfAdtVOR16tQV9d7JV1COa7ZPOimLDpKmXIrXubPbCkpsy7mxFF5IT6VJvfDL_tljSlQf9dgUfzOrQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_hm=NDE3MzE1NDUzNTI3NTg4MDAwMFYxMA%3D%3D&google_nid=media&google_push=AXcoOmT-xnakHWUhtLtNkrwWvfAdtVOR16tQV9d7JV1COa7ZPOimLDpKmXIrXubPbCkpsy7mxFF5IT6VJvfDL_tljSlQf9dgUfzOrQ&google_sc=1&mn_hm=NDE3MzE1NDUzNTI3NTg4MDAwMFYxMA%3D%3D&gdpr=&gdpr_consent=

Request Chain 291

https://s.seedtag.com/cs/cookiesync/google?google_gid=CAESEKiWewAQ6L85Z9BCEuX2nU4&google_cver=1&google_push=AXcoOmSCv_U-flt2s_l5wsf9Aa-WuIThYCGXyg7jy4yx1mZSsUXXoYe8bIBN7aBZQ-uhjl0TluZFjN8vNeXOnPoLvMXIREnc4VuPxw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=seedtag_beachfront&google_hm=019d1d58-d10e-77d4-9c99-e2737774aab6&google_push=AXcoOmSCv_U-flt2s_l5wsf9Aa-WuIThYCGXyg7jy4yx1mZSsUXXoYe8bIBN7aBZQ-uhjl0TluZFjN8vNeXOnPoLvMXIREnc4VuPxw

Request Chain 299

https://c1.adform.net/serving/cookie/match?party=14&cid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gdpr=0&gdpr_consent=

Request Chain 301

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D&us_privacy=&gpp=&gpp_sid= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b32b69c1-e17c-4c00-823c-e54643bf3f3f&gdpr=0&gdpr_consent=

Request Chain 302

https://ups.analytics.yahoo.com/ups/58917/cms?uid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gpp=&gpp_sid=&us_privacy=&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNjQmdGw9NDMyMDA=&piggybackCookie=y-stekv19E2oAfU7pHSmhbYqfMyBPyjQqbqmdJeiI-~A&gdpr=0

Request Chain 303

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=DC6DF086-7BB9-400E-B7B9-740D658571B8&redir=true&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-7MJSYTVE2uX5mV4qJFruptvGrNAOHYg-~A&gdpr=0&us_privacy=

Request Chain 304

https://ups.analytics.yahoo.com/ups/58917/cms?uid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gpp=&gpp_sid=&us_privacy=&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNjQmdGw9NDMyMDA=&piggybackCookie=y-stekv19E2oAfU7pHSmhbYqfMyBPyjQqbqmdJeiI-~A&gdpr=0

Request Chain 306

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9200000678844645331&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 307

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://pool.liftdsp.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent= HTTP 302
https://pool.liftdsp.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent= HTTP 302
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=2135eb1c-c98b-48b2-80a5-b4c47c6d3c22&user_group=1&ssp=pubmatic&bsw_param=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=

Request Chain 308

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=35EQdmtSVxh17Walk1vmlmds5_U&gdpr=0&gdpr_consent=

Request Chain 309

https://creativecdn.com/cm-notify?pi=pubmatic&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNTQmdGw9NDMyMDA%3D&piggybackCookie=r5un3n8FevsvPj7mwWcAhmCbp4iS_GCRl-f4TJnKHUY&pi=pubmatic&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=

Request Chain 310

https://t.adx.opera.com/pub/sync?pubid=pub8730968190912&gdpr=0&gdpr_consent= HTTP 302
https://www.temu.com/api/adx/cm/pixel-opera?adx_uid=70749415dd06aadc&gdpr=0&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Ft.oa.opera.com%2Fsync%3Fvendor%3D60369%26pubid%3Dpub8730968190912%26gdpr%3D0%26consent%3D%26us_privacy%3D%26custom_data%3D HTTP 302
https://t.oa.opera.com/sync?vendor=60369&pubid=pub8730968190912&gdpr=0&consent=&us_privacy=&custom_data= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU6abf14ce3cd64bf5b11b8697c52556d1&gpdr=0&gdpr_consent=

Request Chain 311

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=0&gdpr_consent=&_test=acHhfQAFu8y20gAn

Request Chain 312

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&__qcmcs=1 HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=uaPxzeqrpZiirfeZ7Pi_nu6uqp6i_qrO66NBygrs

Request Chain 313

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3655796931204238726&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=

Request Chain 314

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=53c05d70562321dc&is_secure=true&networkId=17100&version=1&nuid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AQANPdEyx4jdawI5SCveAQEBAQEBAQCcHFnQ8gEBAJwcWdDy&expiration=1774400253&nuid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gpp_sid=&gpp=&is_secure=true&us_privacy=&gdpr_consent=&gdpr=0

Request Chain 315

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&gpp=&gpp_sid=&piggybackCookie=7017700947177846861

Request Chain 316

https://sync.adkernel.com/user-sync?zone=218872&t=image&r=https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MjgmdGw9MjE2MDA=&piggybackCookie={UID}&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://sync.colossusssp.com/pbs.gif?gdpr=0&gdpr_consent=null&&redir=https%3A%2F%2Fsync.adkernel.com%2Fuser-sync%3Fzone%3D218872%26dsp%3D1061476%26t%3Dimage%26uid%3D%5BUID%5D HTTP 302
https://sync.adkernel.com/user-sync?zone=218872&dsp=1061476&t=image&uid=0d031850-e754-4951-a3d7-440fdd615e1f

Request Chain 318

https://b1sync.outbrain.com/usersync/pubmatic/?cb=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDMmdGw9MTI5NjAw%26piggybackCookie%3D__UID__&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://b1sync.outbrain.com/usersync/pubmatic/?cb=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDMmdGw9MTI5NjAw%26piggybackCookie%3D__UID__&gdpr=0&gdpr_consent=&s=3&us_privacy= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDMmdGw9MTI5NjAw&piggybackCookie=760b59a1-affb-4c2b-89e9-9faf95132669&gdpr=0

Request Chain 319

https://cm-mx.advolve.io/pixel?adx_id=462&vcode=bz0yJnR5cGU9MSZjb2RlPTQwNTImdGw9MTI5NjAw&adx_uid=$UID&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNTImdGw9MTI5NjAw&piggybackCookie=69c1e17e2c8198ca1012e2ce

Request Chain 320

https://a.tribalfusion.com/i.match?p=b11&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw&piggybackCookie=$TF_USER_ID_ENC$&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&u=${PUBMATIC_UID} HTTP 302
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw&piggybackCookie=$TF_USER_ID_ENC$&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&u=${PUBMATIC_UID} HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw

Request Chain 321

https://gocm.c.appier.net/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=gJ9zQ_AjDi-WfF0WfeHBaQ

Request Chain 322

https://cr-p10.ladsp.com/cookiesender/10?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwMzEmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://cr-p10.ladsp.com/cookiesender/10?cr=true&https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwMzEmdGw9MTI5NjAw&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwMzEmdGw9MTI5NjAw&piggybackCookie=AVVGU8ckJxJRks8AKUSwzqoLec8AAAGdHVjTLA

Request Chain 324

https://dsp.adkernel.com/sync?exchange=4&r=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTQwNTkmdGw9MTI5NjAw%26piggybackCookie%3D%7BUID%7D&gdpr=&gdpr_consent=&gpp_sid=&gpp=&us_privacy= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNTkmdGw9MTI5NjAw&piggybackCookie=A8162138932825430366

Request Chain 325

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=&gpp=&gpp_sid=&us_privacy= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=7151965e-271c-11f1-9005-aaf5cfb141f6

Request Chain 326

https://cm.mgid.com/m?cdsp=834174&mode=inverse&gdpr=0&gdpr_consent=&us_privacy=&adu=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTQwNDImdGw9MTI5NjAw%26piggybackCookie%3D%7Bmuidn%7D%26gdpr%3D%7BGDPR%7D%26gdpr_consent%3D%7BGDPR_CONSENT%7D HTTP 307
https://cm.mgid.com/m?adu=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTQwNDImdGw9MTI5NjAw%26piggybackCookie%3D%7Bmuidn%7D%26gdpr%3D%7BGDPR%7D%26gdpr_consent%3D%7BGDPR_CONSENT%7D&cdsp=834174&gdpr=0&gdpr_consent=&mode=inverse&us_privacy=&sct=1 HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNDImdGw9MTI5NjAw&piggybackCookie=q2nxO0ZsNoVh&gdpr=0&gdpr_consent=

Request Chain 327

https://dpm.demdex.net/ibs:dpid=19566&dpuuid=DC6DF086-7BB9-400E-B7B9-740D658571B8 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=19566&dpuuid=DC6DF086-7BB9-400E-B7B9-740D658571B8

Request Chain 328

https://idsync.rlcdn.com/420486.gif?partner_uid=DC6DF086-7BB9-400E-B7B9-740D658571B8 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJERDNkRGMDg2LTdCQjktNDAwRS1CN0I5LTc0MEQ2NTg1NzFCOBAAGg0I_cKHzgYSBQjoBxAAQgBKAA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=d2240467ad8a34cb1babbea3f5f99448e27978a3e72f305a0e8274cc82a4d257791426b5417dce21&_=2

Request Chain 329

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=DC6DF086-7BB9-400E-B7B9-740D658571B8&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=DC6DF086-7BB9-400E-B7B9-740D658571B8&sInitiator=external&gdpr=0&gdpr_consent= HTTP 302
https://sg.semasio.net/sync/1/15927723?&gdpr=0&gdpr_consent=&sInitiator=external&sExtCookieId=DC6DF086-7BB9-400E-B7B9-740D658571B8 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=semasio&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/tradedesk/1/info?sType=sync&gdpr=0&gdpr_consent=&sInitiator=internal&sExtCookieId=97f39a7c-5982-42c0-86d2-649773acdd79 HTTP 302
https://sg.semasio.net/sync/1/32675800?&gdpr=0&gdpr_consent=&sInitiator=internal&sExtCookieId=97f39a7c-5982-42c0-86d2-649773acdd79 HTTP 302
https://ib.adnxs.com/getuid?https%3A%2F%2Fsa.semasio.net%2Fsync%2F1%2F4354957%3FsExtCookieId%3D%24UID%26sInitiator%3Dinternal&gdpr=0&gdpr_consent= HTTP 302
https://sa.semasio.net/sync/1/4354957?sExtCookieId=3655796931204238726&sInitiator=internal&gdpr=0&gdpr_consent= HTTP 302
https://track.adform.net/serving/cookie/match/?party=1008&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/adform/1/info?sType=sync&sExtCookieId=7017700947177846861&sInitiator=internal&gdpr=0&gdpr_consent= HTTP 302
https://sg.semasio.net/sync/1/16266044?sExtCookieId=7017700947177846861&gdpr=0&gdpr_consent=&sInitiator=internal HTTP 302
https://sync.srv.stackadapt.com/sync?nid=semasio HTTP 302
https://sg.semasio.net/sync/1/30805874?$sType=sync&sInitiator=internal&sExtCookieId=35EQdmtSVxh17Walk1vmlmds5_U&gdpr=&gdpr_consent= HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=semasio_ddp&google_cm&google_hm=MTFFRkEyRDBDNTU2RTNBRg&_sdv&gdpr=0&gdpr_consent= HTTP 302
https://uipglob.semasio.net/dbm/1/info?sType=sync&sExtCookieId=CAESEJ4DoEP9vErLGOHdb2v0rtA&sInitiator=internal&google_cver=1&_sdv=&gdpr=0&gdpr_consent=&google_cver=1

Request Chain 330

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3G3whnu5QA63uXQNZYVxuA%3D%3D&gdpr=0&gdpr_consent=&google_cm HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=&google_gid=CAESEDRfVD0JiDyM-lmEX-JurKQ&google_cver=1

Request Chain 331

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENus9K45FbDvO_pIAI57C80&google_cver=1

Request Chain 332

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=

Request Chain 338

https://sync.crwdcntrl.net/qmap?c=18513&tp=MGNI&tpid=55f93eb7-929f-4425-9190-25b425ce4aa7&d=https%3A%2F%2Fpb-ing-02.ccgateway.net%2Fv1.0%2Fparent%2F5bb3e20859%2Fengagement%2Ftrigger%2Fuser_sync%3Fsrc%3Dlotame%26puid%3D$%7Bprofile_id%7D%26id%3Dpaint.toys%26parentId%3D5bb3e20859%26ccsid%3De61582bc-cfea-4f52-95a1-e6e9c0a49c3d%26ccuid%3D55f93eb7-929f-4425-9190-25b425ce4aa7%26ccpt%3D0%26pvid%3D9eed6ee9-c49c-4c8c-b09e-e6eeabee4223%26engid%3D794d7793-891d-4196-9509-aebc96ce5fc9%26engcount%3D0%26engttl%3D60 HTTP 302
https://pb-ing-02.ccgateway.net/v1.0/parent/5bb3e20859/engagement/trigger/user_sync?src=lotame&puid=7b515599190e17b3636a5175a97bafc9&id=paint.toys&parentId=5bb3e20859&ccsid=e61582bc-cfea-4f52-95a1-e6e9c0a49c3d&ccuid=55f93eb7-929f-4425-9190-25b425ce4aa7&ccpt=0&pvid=9eed6ee9-c49c-4c8c-b09e-e6eeabee4223&engid=794d7793-891d-4196-9509-aebc96ce5fc9&engcount=0&engttl=60

Request Chain 343

https://pixel.rubiconproject.com/exchange/sync.php?p=a9us HTTP 302
https://s.amazon-adsystem.com/ecm3?id=MN3WNKTO-1X-3ORV&ex=d-rubiconproject.com&status=ok

Request Chain 344

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t

Request Chain 345

https://token.rubiconproject.com/token?pid=25470 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TU4zV05LVE8tMVgtM09SVg== HTTP 302
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKw39PnY2RF2--f-2LbZNV0&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TU4zV05LVE8tMVgtM09SVg==&google_push=

Request Chain 346

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t

Request Chain 347

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
https://ups.analytics.yahoo.com/ups/58912/cms?uid=bfhVP0nxPAWhYpEyTTRQosn5EUdSAgOZEtemQ7w0kco&csrc= HTTP 302
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-ysHF5qFE2oKK1VBgzlKxXu3RtFBaZ1hSVA_MLw--~A

Request Chain 348

https://match.adsrvr.org/track/cmf/rubicon HTTP 302
https://secure-gl.imrworldwide.com/cgi-bin/m?ci=tradedesk&cg=97f39a7c-5982-42c0-86d2-649773acdd79

Request Chain 349

https://token.rubiconproject.com/token?pid=36584 HTTP 302
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=MN3WNKTO-1X-3ORV

Request Chain 350

https://id.rlcdn.com/709414.gif HTTP 307
https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e

Request Chain 351

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&process_consent=T HTTP 302
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA86WDSCjuOBbVDcMWBfSZU&google_cver=1

Request Chain 352

https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ODZjYTRjZTI3ZWQyMzU4MzJiYTZiMGYyZTBlNjg1Y2Y2MGM5M2VmNQ

Request Chain 353

https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp HTTP 303
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAF9UE7Tg8MAAABheBax3A&expires=30

Request Chain 354

https://token.rubiconproject.com/token?pid=37556&a=1 HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=MN3WNKTO-1X-3ORV

Request Chain 355

https://pixel.rubiconproject.com/exchange/sync.php?p=19564 HTTP 302
https://capi.connatix.com/us/pixel?puid=MN3WNKTO-1X-3ORV&pId=11&gdpr=&gdpr_consent=&us_privacy=

Request Chain 356

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-apn HTTP 302
https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=MN3WNKTO-1X-3ORV

Request Chain 357

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-yahoo-exchange HTTP 302
https://pbs.yahoo.com/setuid?bidder=rubicon&uid=MN3WNKTO-1X-3ORV

Request Chain 358

https://pixel.rubiconproject.com/exchange/sync.php?p=primis HTTP 302
https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=MN3WNKTO-1X-3ORV HTTP 301
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=MN3WNKTO-1X-3ORV

Request Chain 359

https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=MN3WNKTO-1X-3ORV HTTP 302
https://usersync.gumgum.com/usersync?b=mag&i=MN3WNKTO-1X-3ORV

Request Chain 361

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-Playwire&gdpr=&gdpr_consent=&us_privacy=&khaos=MN3WNKTO-1X-3ORV HTTP 302
https://prebid.intergient.com/setuid?bidder=rubicon&uid=MN3WNKTO-1X-3ORV

Request Chain 365

https://ib.adnxs.com/getuid?https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dappnexus%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP 302
https://pbs.intergient.com/setuid?bidder=appnexus&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=3655796931204238726

Request Chain 371

https://id5-sync.com/i/483/8.gif?o=api&id5id=ID5*sPQt0X2CAD0r0vu8yI6Vwj1L6AoLT0Z_w9YXnTS1LFL__2nB4X1aAAEBCmnB4XoAlq7q3FYx0yatNn8qroSIFA&gdpr_consent=undefined&gdpr=false HTTP 302
https://uipglob.semasio.net/id5/1/get?gdpr=0&gdpr_consent=&_url=https%3A%2F%2Fid5-sync.com%2Fc%2F483%2F112%2F7%2F2.gif%3Fpuid%3D%24%7BUIPID%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://id5-sync.com/c/483/112/7/2.gif?puid=11EFA2D0C556E3AF&gdpr=0&gdpr_consent= HTTP 302
https://eb2.3lift.com/getuid?redir=https%3A%2F%2Fid5-sync.com%2Fc%2F483%2F170%2F6%2F3.gif%3Fpuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&cmp_cs= HTTP 302
https://id5-sync.com/c/483/170/6/3.gif?puid=4331877771003148553461&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?party=1135&callback=https%3A%2F%2Fid5-sync.com%2Fc%2F483%2F10%2F5%2F4.gif%3Fpuid%3D%5Badformuid%5D%26gdpr%3D0%26gdpr_consent%3D&gdpr_consent=&gdpr=0 HTTP 302
https://id5-sync.com/c/483/10/5/4.gif?puid=7017700947177846861&gdpr=0&gdpr_consent= HTTP 302
https://ib.adnxs.com/getuid?https://id5-sync.com/c/483/2/4/5.gif?puid=$UID&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/483/2/4/5.gif?puid=3655796931204238726&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=8h9u11h&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/k/264.gif?puid=97f39a7c-5982-42c0-86d2-649773acdd79&ttl=%%TTL%% HTTP 302
https://pixel.tapad.com/idsync/ex/push?partner_id=2922&partner_url=https%3A%2F%2Fid5-sync.com%2Fc%2F483%2F108%2F2%2F7.gif%3Fpuid%3D%24%7BTA_DEVICE_ID%7D%26gdpr%3D0%26gdpr_consent%3D&gdpr=0&gdpr_consent= HTTP 302
https://id5-sync.com/c/483/108/2/7.gif?puid=d699cec7-16c0-4e64-9977-28fca5677038&gdpr=0&gdpr_consent= HTTP 302
https://crb.kargo.com/api/v1/dsync/ID5?gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&r=https%3A%2F%2Fid5-sync.com%2Fc%2F483%2F1785%2F1%2F8.gif%3Fpuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D

Request Chain 381

https://rtb.openx.net/sync/dds HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_hm=i7VXa1v_x6kkLk4ybPvxkQ==&ox_sc=1&ox_init=1 HTTP 302
https://rtb.openx.net/sync/dds?ox_sc=1&ox_init=1

Request Chain 383

https://ups.analytics.yahoo.com/ups/58934/cms?gdpr=0 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537073025&val=y-I0Imv9RE2p_D3kIb2GZTyTg44EHUhmJE87U-~A&gdpr=0

Request Chain 384

https://sync.srv.stackadapt.com/sync?nid=268 HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537082476&val=35EQdmtSVxh17Walk1vmlmds5_U&gdpr=&gdpr_consent=

Request Chain 400

https://sync-tm.everesttech.net/upi/pid/lons7jax?redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24%7BTM_USER_ID%7D%26bid%3D0rijhbu%26referrer_pid%3Dm51mh00 HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/lons7jax?redir=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24%7BTM_USER_ID%7D%26bid%3D0rijhbu%26referrer_pid%3Dm51mh00&_test=acHhfwAFp9nXogAy

Request Chain 401

https://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=$!{TURN_UUID}&newuser=1&referrer_pid=m51mh00 HTTP 302
https://ps.eyeota.net/match?bid=1mpjpn0&turn_id=7280505375402362455&newuser=1&referrer_pid=m51mh00

Request Chain 402

https://eyeota-match.dotomi.com/match/bounce/current?networkId=41703&version=1&nuid=2b-eVIvLfh8anWoHzmiEBDoCFDyda-Npd5zx9iQTf_mM&gdpr=0&gdpr_consent= HTTP 302
https://eyeota-match.dotomi.com/match/bounce/current?DotomiTest=77756902b3d220bc&is_secure=true&networkId=41703&version=1&nuid=2b-eVIvLfh8anWoHzmiEBDoCFDyda-Npd5zx9iQTf_mM&gdpr=0&gdpr_consent= HTTP 302
https://ps.eyeota.net/match?bid=r8d1b20&uid=AQAKoDVUlrv6SAI4OdwzAQEBAQEBAQCcHFncmAEBAJwcWdyY&expiration=1774400256&nuid=2b-eVIvLfh8anWoHzmiEBDoCFDyda-Npd5zx9iQTf_mM&is_secure=true&gdpr_consent=&gdpr=0

Request Chain 403

https://pixel.tapad.com/idsync/ex/receive?partner_id=3081&partner_device_id=23tzKRAA_VsaojM-z52VYvNZLajM6jLksYoSppL4aWE4 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=d699cec7-16c0-4e64-9977-28fca5677038%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=97f39a7c-5982-42c0-86d2-649773acdd79&ttd_puid=d699cec7-16c0-4e64-9977-28fca5677038%2C%2C

Request Chain 408

https://cm.ambientdsp.com/cm/send?vc=pmj&gdpr=0&gdpr_consent= HTTP 301
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=1czvcrb2kl76

Request Chain 412

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=1975180318824543919

Request Chain 413

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:F47313590C36495CB0FF23193B4147CE&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=

Request Chain 415

https://tr.blismedia.com/v1/api/sync/pubmatic?&gdpr=0&gdpr_consent=&us_pricacy= HTTP 307
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM3MjkmdGw9MjAxNjA=&piggybackCookie=69C1E17E31EFAED03ADFD935_&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 416

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1774313856502 HTTP 302
https://ad.turn.com/r/cs?pid=45&id=RX-ed8e4f37-b268-40dc-91cd-f4770fc8e3f7-004&rndcb=3299431798 HTTP 302
https://sync.1rx.io/usersync/turn/7280505375402362455?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-cf232ad5-fdc4-4d35-afd7-73e736163877-004?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-cf232ad5-fdc4-4d35-afd7-73e736163877-004 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-cf232ad5-fdc4-4d35-afd7-73e736163877-004

Request Chain 418

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=DC6DF086-7BB9-400E-B7B9-740D658571B8 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=d699cec7-16c0-4e64-9977-28fca5677038%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=97f39a7c-5982-42c0-86d2-649773acdd79&ttd_puid=d699cec7-16c0-4e64-9977-28fca5677038%2C%2C

Request Chain 419

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&url=https://simage4.pubmatic.com/AdServer/SPug?partnerID=167352&partnerUID=uid:@@CRITEO_USERID@@ HTTP 302
https://simage4.pubmatic.com/AdServer/SPug?partnerID=167352&gdpr=0&gdpr_consent=&us_privacy=&gpp=

Request Chain 422

https://pixel.tapad.com/idsync/ex/receive?partner_id=3371&partner_device_id=DC6DF086-7BB9-400E-B7B9-740D658571B8 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=d699cec7-16c0-4e64-9977-28fca5677038%252C%252C&gdpr=0&gdpr_consent= HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=97f39a7c-5982-42c0-86d2-649773acdd79&ttd_puid=d699cec7-16c0-4e64-9977-28fca5677038%2C%2C

Request Chain 423

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&url=https://simage4.pubmatic.com/AdServer/SPug?partnerID=167352&partnerUID=uid:@@CRITEO_USERID@@ HTTP 302
https://simage4.pubmatic.com/AdServer/SPug?partnerID=167352&gdpr=0&gdpr_consent=&us_privacy=&gpp=

Request Chain 424

https://cm.ambientdsp.com/cm/send?vc=pmj&gdpr=0&gdpr_consent= HTTP 301
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MzQ0OSZ0bD00MzIwMA==&piggybackCookie=1czvcrcmmtiy

Request Chain 428

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=1975180318824543919

Request Chain 429

https://um.simpli.fi/pm_match?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjkzNiZ0bD00MzIwMA==&piggybackCookie=uid:F47313590C36495CB0FF23193B4147CE&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=

Request Chain 431

https://tr.blismedia.com/v1/api/sync/pubmatic?&gdpr=0&gdpr_consent=&us_pricacy= HTTP 307
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM3MjkmdGw9MjAxNjA=&piggybackCookie=69C1E17E31EFAED03ADFD935_&gdpr=0&gdpr_consent=&us_privacy=

Request Chain 432

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid= HTTP 302
https://sync.1rx.io/usersync2/pubmatic?zcc=1&cb=1774313856813 HTTP 302
https://ad.turn.com/r/cs?pid=45&id=RX-cf232ad5-fdc4-4d35-afd7-73e736163877-004&rndcb=2290094763 HTTP 302
https://sync.1rx.io/usersync/turn/7280505375402362455?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-cf232ad5-fdc4-4d35-afd7-73e736163877-004?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-cf232ad5-fdc4-4d35-afd7-73e736163877-004 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-cf232ad5-fdc4-4d35-afd7-73e736163877-004

Request Chain 447

https://dmp.adform.net/serving/cookie/match/?party=1009 HTTP 302
https://ps.eyeota.net/match?uid=7017700947177846861&bid=9gdtmu1

Request Chain 449

https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=0&gdpr_consent=&rd=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3D7ri0rgu%26uid%3D%23PM_USER_ID HTTP 302
https://ps.eyeota.net/match?bid=7ri0rgu&uid=DC6DF086-7BB9-400E-B7B9-740D658571B8

443 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK 2304004152849396439
qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyMC0yNTg5OTkyMi0xMDA4MDI3Yi05Mzg5LUxrMG9FMDR6ZDRMMTFFcU1ndzEw/rmodzwsmk3q/unplezyragjydeaewnjbfgh... 845 B
1 KB 2542ms
397ms Document
text/html 103.29.183.22
LWPL-AS-AP LAYER ...

General

Check archive.org

Download Go to

Full URL

https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyMC0yNTg5OTkyMi0xMDA4MDI3Yi05Mzg5LUxrMG9FMDR6ZDRMMTFFcU1ndzEw/rmodzwsmk3q/unplezyragjydeaewnjbfghp/4JQANWIX0ZXB/rtbenknwvejnmkkbczwczzwyswkzq/2304004152849396439

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

103.29.183.22 , Netherlands, ASN150393 (LWPL-AS-AP LAYER WEBHOST PVT. LIMITED, PK),

Reverse DNS

iiboox.com

Software

Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33 / PHP/7.4.33

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 430
Content-Type: text/html; charset=UTF-8
Date: Tue, 24 Mar 2026 00:57:25 GMT
Developed-by: Mohamed Amine El Attabi
Email: mohamed.amine.elattabi@gmail.com
Expires: Sat, 2 Aug 1980 15:15:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.33
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/7.4.33
X-XSS-Protection: 1; mode=block

GET
H2

200

Primary Request / Show response
paint.toys/oil/
Redirect Chain

https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyMC0yNTg5OTkyMi0xMDA4MDI3Yi05Mzg5LUxrMG9FMDR6ZDRMMTFFcU1ndzEw/rmodzwsmk3q/unplezyragjydea...
https://paint.toys/oil
https://paint.toys/oil/

10 KB
3 KB

91ms
90ms

Document
text/html

3.33.186.135
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://paint.toys/oil/

Requested by

Host: qerty2.integrityss.com.au
URL: https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyMC0yNTg5OTkyMi0xMDA4MDI3Yi05Mzg5LUxrMG9FMDR6ZDRMMTFFcU1ndzEw/rmodzwsmk3q/unplezyragjydeaewnjbfghp/4JQANWIX0ZXB/rtbenknwvejnmkkbczwczzwyswkzq/2304004152849396439

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.33.186.135 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

5764e7bbfaef797512a8c208ebbcc104a98e69605f5fa934138bbb831dafbf88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyMC0yNTg5OTkyMi0xMDA4MDI3Yi05Mzg5LUxrMG9FMDR6ZDRMMTFFcU1ndzEw/rmodzwsmk3q/unplezyragjydeaewnjbfghp/4JQANWIX0ZXB/rtbenknwvejnmkkbczwczzwyswkzq/2304004152849396439
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 8707
cache-control: public,max-age=0,must-revalidate
cache-status: "Netlify Edge"; hit
content-encoding: br
content-length: 2564
content-type: text/html; charset=UTF-8
date: Tue, 24 Mar 2026 00:57:27 GMT
etag: "c67a260f5c15298102f0d3906cf59d86-ssl-df"
server: Netlify
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-nf-request-id: 01KMENHEQRQT9HVVXZRSNZ4BSM

Redirect headers

cache-status: "Netlify Edge"; fwd=miss
content-length: 98
content-type: text/html
date: Tue, 24 Mar 2026 00:57:27 GMT
location: /oil/
server: Netlify
strict-transport-security: max-age=31536000
x-nf-request-id: 01KMENHEEK50F3A368X8M5R5AT

GET
H2 200 ramp_config.js Show response
cdn.intergient.com/1024872/74068/ 39 KB
7 KB 409ms
254ms Script
application/javascript 104.18.21.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/1024872/74068/ramp_config.js
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.21.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 23f3d93cc2f87e7ad893c75ca25925ade08edb1d54fe51cdde743ad9bebe5a7e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

hw-country-code: AU
cache-control: max-age=600, public, must-revalidate
content-encoding: br
cf-ray: 9e11b8ccd87dc742-PER
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Mar 2026 00:57:28 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 apps.css
paint.toys/ 6 KB
2 KB 91ms
90ms Stylesheet
text/css 3.33.186.135
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://paint.toys/apps.css

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.33.186.135 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

98db09da3e1109288620e5f78abf4769bb160bb5d505ba03f683edd1227a4a53

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/oil/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "56a5025fbb6b2d9217c0c90816b2fee9-ssl-df"
age: 7567
accept-ranges: bytes
content-length: 1643
x-nf-request-id: 01KMENHEVYRFNRNA2JW8VCW1TP
cache-status: "Netlify Edge"; hit
date: Tue, 24 Mar 2026 00:57:27 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 index.js Show response
paint.toys/oil/ 4 KB
1 KB 91ms
91ms Script
application/javascript 3.33.186.135
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://paint.toys/oil/index.js

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.33.186.135 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

1afce4631b4f1dcc9f08ca5b89182fa0e68307e0df60b096646ce66296354ae1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/oil/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
content-encoding: br
etag: "94ae9b9ed2162106abf0e8e5295e04e0-ssl-df"
age: 8707
accept-ranges: bytes
content-length: 1262
x-nf-request-id: 01KMENHEVYP4RK72JQMVW0JR3S
cache-status: "Netlify Edge"; hit
date: Tue, 24 Mar 2026 00:57:27 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Netlify

GET
H2 200 art-icon.png
paint.toys/assets/ 33 KB
33 KB 157ms
156ms Image
image/png 3.33.186.135
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://paint.toys/assets/art-icon.png

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.33.186.135 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

f4d368e4230539c778afbb020e0ea611b3e1d984179f5b3769b44081d6703f3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/oil/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
etag: "1394f8469f2ca5750397e3d7b6ec70a1-ssl"
age: 12677
accept-ranges: bytes
content-length: 33562
x-nf-request-id: 01KMENHEVYP2NRZFGRSPP36BDA
cache-status: "Netlify Edge"; hit
date: Tue, 24 Mar 2026 00:57:27 GMT
content-type: image/png
server: Netlify

GET
H2 200 icon-hand.png
paint.toys/assets/ 27 KB
27 KB 91ms
91ms Image
image/png 3.33.186.135
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://paint.toys/assets/icon-hand.png

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.33.186.135 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

32aa05a5648678542ab9044647f0bf5549c0b53a070585edb773f0e92b72b97d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/oil/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
etag: "a0822110a4671ffdf710da1467460fba-ssl"
age: 7557
accept-ranges: bytes
content-length: 27394
x-nf-request-id: 01KMENHEVZS1T97C14JH13JH2E
cache-status: "Netlify Edge"; hit
date: Tue, 24 Mar 2026 00:57:27 GMT
content-type: image/png
server: Netlify

GET
H2 200 icon-disk.png
paint.toys/assets/ 13 KB
14 KB 91ms
91ms Image
image/png 3.33.186.135
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://paint.toys/assets/icon-disk.png

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.33.186.135 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

436814c2374a6d92a42a02d39969ef7c56b5f225667abecb218e692c5569943c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/oil/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
etag: "26852fa1548a91e004629b01e4abf1dd-ssl"
age: 7557
accept-ranges: bytes
content-length: 13766
x-nf-request-id: 01KMENHF0W6G389D4QMK950YYZ
cache-status: "Netlify Edge"; hit
date: Tue, 24 Mar 2026 00:57:27 GMT
content-type: image/png
server: Netlify

GET
H2 200 icon-trash.png
paint.toys/assets/ 50 KB
51 KB 91ms
90ms Image
image/png 3.33.186.135
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://paint.toys/assets/icon-trash.png

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.33.186.135 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

afa7f374f51cc8991.awsglobalaccelerator.com

Software

Netlify /

Resource Hash

6ceb226c487cb85243545e768944e0e1ae0944be8fde6c1c43c7314a9287e6d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/oil/

Response headers

strict-transport-security: max-age=31536000
cache-control: public,max-age=0,must-revalidate
etag: "e91ef5e34b5154d392e8560031eaaa4c-ssl"
age: 7557
accept-ranges: bytes
content-length: 51680
x-nf-request-id: 01KMENHF2J3YB8R4E5PWNTW2VH
cache-status: "Netlify Edge"; hit
date: Tue, 24 Mar 2026 00:57:27 GMT
content-type: image/png
server: Netlify

GET
H2 200 ramp_core.js Show response
cdn.intergient.com/ 3 KB
1 KB 65ms
64ms Script
application/javascript 104.18.21.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/ramp_core.js
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.21.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d89a44baea8bffa3bfb05f5ddb066d2120fcb429c1200652c315a048b0db35e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

hw-country-code: AU
cache-control: max-age=600, public, must-revalidate
content-encoding: br
cf-ray: 9e11b8cebd0ac742-PER
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Mar 2026 00:57:28 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 449 KB
153 KB 581ms
251ms Script
application/javascript 142.250.195.136
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-VJBRK9986D

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.195.136 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzsyda-ab-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e7523c89f60a862042cbe62a6f8498d5f0e12c9e51322a76baf7c9099ba9b8d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Tue, 24 Mar 2026 00:57:28 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 156551
date: Tue, 24 Mar 2026 00:57:28 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H2 200 css2
fonts.googleapis.com/ 3 KB
968 B 629ms
248ms Stylesheet
text/css 142.250.195.234
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.googleapis.com/css2?family=DM+Sans:wght@300;400;500&family=DM+Serif+Display&display=swap

Requested by

Host: paint.toys
URL: https://paint.toys/apps.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

142.250.195.234 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnsyda-af-in-f10.1e100.net

Software

ESF /

Resource Hash

0e43e66404ff234d0d874c9422542a2e6442c73246650d680490f46bedd60898

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 00:57:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:28 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 24 Mar 2026 00:57:28 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H2 200 j51ycru44zah.index.js Show response
faucetfoot.com/files/ 100 KB
34 KB 566ms
276ms Script
text/javascript 34.8.176.186
Google LLC

General

Check archive.org

Download Go to

Full URL

https://faucetfoot.com/files/j51ycru44zah.index.js

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/1024872/74068/ramp_config.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.8.176.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),

Reverse DNS

186.176.8.34.bc.googleusercontent.com

Software

hoothoot/2354079246 /

Resource Hash

de8bcefcfeeb5dc6a92da4a43aa9a3cc97cea21d5c3c518ec034ee3300a401e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=15724800; preload
cache-control: private, must-revalidate, max-age=21600
timing-allow-origin: *
content-encoding: zstd
etag: W/"6ff2759d9ac1aedf039a9c0e1dfc6d176e4078a08fd4e26726c7c4b3a9e7a180"
via: fen-hoothoot-asia-east1-test-4hfj.gce-asia-east1, 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:28 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding, Accept-Language
server: hoothoot/2354079246

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 108 KB
34 KB 395ms
201ms Script
text/javascript 142.250.183.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/1024872/74068/ramp_config.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

cafe /

Resource Hash

5b98329536bfd934c3396e46b14bfc7f6454133195a4bfb6fe389997b9d8d2d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
etag: 644 / 20536 / m202603170101 / config-hash: 15117720495342177101
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 00:57:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 24 Mar 2026 00:57:28 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 34674
x-xss-protection: 0
server: cafe

GET
H2 200 prebid.335dd724b9406dcd9e2b.js Show response
cdn.intergient.com/prebid/ 742 KB
223 KB 59ms
59ms Script
text/javascript 104.18.21.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/1024872/74068/ramp_config.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.21.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7008da7a6103f5a898b4e955ebde8dbe336f097c7fe17e71ced8980affd910a5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

hw-country-code: AU
cache-control: public, max-age=31536000, immutable
content-encoding: br
cf-cache-status: HIT
etag: W/"3cc83bd65e8e68eb8c0c6a66de20d662"
age: 473119
cf-ray: 9e11b8d0aa66c742-PER
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Mar 2026 00:57:28 GMT
content-type: text/javascript
last-modified: Wed, 18 Mar 2026 13:23:44 GMT
vary: Accept-Encoding
server: cloudflare

GET
H3 200 rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K4.woff2
fonts.gstatic.com/s/dmsans/v17/ 36 KB
36 KB 289ms
96ms Font
font/woff2 142.250.183.35
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fonts.gstatic.com/s/dmsans/v17/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=DM+Sans:wght@300;400;500&family=DM+Serif+Display&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.183.35 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

pnsyda-aj-in-f3.1e100.net

Software

sffe /

Resource Hash

9fea608a947e67020c33cad9a6fe3d60c54119dfb8cff87768a8117a15ed7543

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Origin: https://paint.toys
Referer: https://fonts.googleapis.com/

Response headers

age: 139877
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Mon, 22 Mar 2027 10:06:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sun, 22 Mar 2026 10:06:11 GMT
last-modified: Wed, 10 Sep 2025 16:31:03 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 36932
x-xss-protection: 0
server: sffe

GET
H2 200 pageos.js Show response
cdn.intergient.com/pageos/V.20260316.2/ 411 B
384 B 158ms
158ms Script
text/javascript 104.18.21.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/V.20260316.2/pageos.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/ramp_core.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.21.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 65ac5fb4e91f15be90a277daf9d438dde796ca2106a9a7c5e302be5a05baee0c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

hw-country-code: AU
cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"bc50a06b8c89822b0ebceaf908496820"
age: 557451
cf-ray: 9e11b8d10b6ac742-PER
expires: Wed, 24 Mar 2027 00:57:28 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Mar 2026 00:57:28 GMT
content-type: text/javascript
last-modified: Tue, 17 Mar 2026 13:12:01 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 runtime.927f0cc17381f058ec10.js Show response
cdn.intergient.com/pageos/V.20260316.2/ 4 KB
2 KB 61ms
60ms Script
text/javascript 104.18.21.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/V.20260316.2/runtime.927f0cc17381f058ec10.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/pageos.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.21.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a210503bf882be346566c4a985a3cd238fb2202568af99539af1d87472af0b1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

hw-country-code: AU
cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"fca6dc39b34f4b723a682ce51bd00fa6"
age: 557451
cf-ray: 9e11b8d21e42c742-PER
expires: Wed, 24 Mar 2027 00:57:28 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Mar 2026 00:57:28 GMT
content-type: text/javascript
last-modified: Tue, 17 Mar 2026 13:12:03 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 main.45eaff7df0a3f8ca9396.js Show response
cdn.intergient.com/pageos/V.20260316.2/ 555 KB
172 KB 72ms
72ms Script
text/javascript 104.18.21.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/V.20260316.2/main.45eaff7df0a3f8ca9396.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/pageos.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.21.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e4bcab523f3d70f03c64c7899f57cbae4cefd31308e859b53653bb01542ff742

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

hw-country-code: AU
cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"8720aa5c91e89d8c662937c335f084a0"
age: 557451
cf-ray: 9e11b8d22e7fc742-PER
expires: Wed, 24 Mar 2027 00:57:28 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Mar 2026 00:57:28 GMT
content-type: text/javascript
last-modified: Tue, 17 Mar 2026 13:12:00 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 videoCard.cea8a6bd8cad3ad73428.js Show response
cdn.intergient.com/pageos/V.20260316.2/ 552 B
442 B 58ms
57ms Script
text/javascript 104.18.21.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/V.20260316.2/videoCard.cea8a6bd8cad3ad73428.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/runtime.927f0cc17381f058ec10.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.21.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0a0a95fd080f68f2d8c0a916f30cdb5cde422c6908dd64bd98043ef5c160f0f1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

hw-country-code: AU
cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"b923f9cae7c940f9f384e93b5120abff"
age: 557451
cf-ray: 9e11b8d3599ac742-PER
expires: Wed, 24 Mar 2027 00:57:28 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Mar 2026 00:57:28 GMT
content-type: text/javascript
last-modified: Tue, 17 Mar 2026 13:12:07 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 iframe.html Show response
cdn.intergient.com/pageos/V.20260316.2/iframe/ Frame 3E20 1 KB
853 B 286ms
94ms Document
text/html 104.18.20.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/V.20260316.2/iframe/iframe.html
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/main.45eaff7df0a3f8ca9396.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.20.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 143fcd0afc7251b00e8ea4e3a069a15bc4dc16e4c3df4b44e74c616b63996456

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

age: 557451
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=31536000
cf-cache-status: HIT
cf-ray: 9e11b8d48cdcc742-PER
content-encoding: br
content-type: text/html
date: Tue, 24 Mar 2026 00:57:29 GMT
expires: Wed, 24 Mar 2027 00:57:29 GMT
hw-country-code: AU
last-modified: Tue, 17 Mar 2026 13:11:58 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 iframe.html Show response
cdn.intergient.com/pageos/V.20260316.2/iframe/ Frame 3678 1 KB
0 283ms
283ms Document
text/html 104.18.20.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/V.20260316.2/iframe/iframe.html
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/main.45eaff7df0a3f8ca9396.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.20.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 143fcd0afc7251b00e8ea4e3a069a15bc4dc16e4c3df4b44e74c616b63996456

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

age: 557451
alt-svc: h3=":443"; ma=86400
cache-control: public, max-age=31536000
cf-cache-status: HIT
cf-ray: 9e11b8d48cdcc742-PER
content-encoding: br
content-type: text/html
date: Tue, 24 Mar 2026 00:57:29 GMT
expires: Wed, 24 Mar 2027 00:57:29 GMT
hw-country-code: AU
last-modified: Tue, 17 Mar 2026 13:11:58 GMT
server: cloudflare
vary: Accept-Encoding

GET
H2 200 TIER_1 Show response
impression-inferences-edge-prod.playwire.com/websites/74068/v1/Mon/20/desktop/Chrome/ 548 B
882 B 437ms
183ms XHR
application/json 3.175.115.110
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://impression-inferences-edge-prod.playwire.com/websites/74068/v1/Mon/20/desktop/Chrome/TIER_1
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/main.45eaff7df0a3f8ca9396.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.175.115.110 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-3-175-115-110.syd3.r.cloudfront.net
Software: CloudFront /
Resource Hash: af219dafcf52d65f3d12db1def55f41621875fb7ca3f4100eb5281ca9685bc4c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: max-age=3600, public, must-revalidate
access-control-expose-headers: *
age: 895
via: 1.1 633f348cf6eec04627a37ceb7127e682.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: Hit from cloudfront
content-length: 548
x-amz-cf-id: vh05NOn5XtMuWnFEflSts4mdNc1TJ0cRsFTMU9lbZI1W1jyztnhxGA==
date: Tue, 24 Mar 2026 00:42:34 GMT
content-type: application/json
x-amz-cf-pop: SYD3-P3
server: CloudFront

GET
H2 200 tag Show response
btloader.com/ 179 KB
49 KB 207ms
61ms Script
application/javascript 172.66.171.133
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/main.45eaff7df0a3f8ca9396.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.171.133 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1b1aa0cf6da39bac994cfaf35748ac78f33aa93237bf7671cf24b2e0a6761363

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-robots-tag: noindex, nofollow
cache-control: public, max-age=300, stale-if-error=3600, stale-while-revalidate=300
content-encoding: br
cf-cache-status: HIT
etag: W/"c61ec1228f4ecea560c64f2638cf4e67"
via: 1.1 google
cf-ray: 9e11b8d45e52afce-PER
access-control-allow-origin: *
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: application/javascript
last-modified: Tue, 24 Mar 2026 00:21:52 GMT
server: cloudflare
vary: Accept-Encoding, X-Acceptable-Ads, DNT

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ 351 KB
90 KB 405ms
154ms Script
application/javascript 108.158.21.92
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/main.45eaff7df0a3f8ca9396.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.158.21.92 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-108-158-21-92.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 24ab4712f6be7bdcdba2a42c04db5cac4dbe319edd0f7a139f7c18ff317dbeb9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

vary: Accept-Encoding
cache-control: max-age=3600
content-encoding: gzip
etag: W/"039e150b526352a61454f319c37eacd3"
age: 974
via: 1.1 33fe46ff3d32130fa3d35a8d855b7102.cloudfront.net (CloudFront), 1.1 3d94c83b729a96791b0c271c930b1b6e.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: Cv3H-tLSnJ2ymHYpV_4z4u-xc7yY8tWUJl64SgorU6rXTk3Vy_Y6Tg==
date: Tue, 24 Mar 2026 00:41:16 GMT
content-type: application/javascript
x-amz-cf-pop: SYD3-P3, SYD62-P3
server: AmazonS3
last-modified: Mon, 23 Mar 2026 17:21:28 GMT
x-amz-server-side-encryption: AES256

GET
H2 200 1x1.gif
raw.githubusercontent.com/easylist/easylist/master/docs/ 43 B
586 B 249ms
104ms Image
image/gif 185.199.110.133
Fastly

General

Check archive.org

Download Go to Show image

Full URL

https://raw.githubusercontent.com/easylist/easylist/master/docs/1x1.gif

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

185.199.110.133 , United States, ASN54113 (FASTLY - Fastly, Inc., US),

Reverse DNS

cdn-185-199-110-133.github.com

Software

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'; sandbox
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-fastly-request-id: 8bbce60f886c3b365b2a4abb461a602391c5eb4d
etag: W/"0c4a5773f7e435c57c40bd270aef756513eba26bd7ba5317b5bd765569a7325d"
x-content-type-options: nosniff
x-github-request-id: B8A4:3CEAC0:35D36:B4B97:69B82AF9
expires: Tue, 24 Mar 2026 01:02:29 GMT
x-cache: HIT
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: image/gif
x-served-by: cache-per-ypph1920034-PER
x-cache-hits: 27
source-age: 206
x-frame-options: deny
strict-transport-security: max-age=31536000
vary: Authorization,Accept-Encoding
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
cache-control: max-age=300
x-timer: S1774313849.016962,VS0,VE0
cross-origin-resource-policy: cross-origin
via: 1.1 varnish
accept-ranges: bytes
access-control-allow-origin: *
content-length: 43
x-xss-protection: 1; mode=block

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/17138/ 44 KB
13 KB 430ms
179ms Script
text/javascript 108.158.20.119
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/17138/sync.min.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/main.45eaff7df0a3f8ca9396.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.158.20.119 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-108-158-20-119.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 968cc0d9ec78ed8bf2eeab381275b4e04194deb7b1367c24a9b933382e9671ba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

vary: Accept-Encoding
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"ae88fc79005fcfbecf3ec3967da1b80f"
age: 40882
via: 1.1 08a9275888c86859e545bc29de28a412.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: u_85h9wZ9Rh_maW6RbMXoBjcTsWo2h_DzPtskdYndKtc61T5q3cKug==
date: Mon, 23 Mar 2026 13:36:07 GMT
content-type: text/javascript
last-modified: Tue, 10 Feb 2026 20:26:15 GMT
server: AmazonS3
x-amz-cf-pop: SYD62-P3
x-amz-server-side-encryption: AES256

GET
H3 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202603170101/ 577 KB
181 KB 96ms
96ms Script
text/javascript 142.250.183.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202603170101/pubads_impl.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

cafe /

Resource Hash

8736a524039140dd3f9e4f14a771b0de65856e6fda9e49df0f5b8169738fc57e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
etag: 16251858746889194152
age: 50311
x-content-type-options: nosniff
expires: Tue, 23 Mar 2027 10:58:57 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 23 Mar 2026 10:58:57 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 185329
x-xss-protection: 0
server: cafe

GET
H3 200 gpt
securepubads.g.doubleclick.net/pagead/managed/dict/m202603190101/ 64 KB
23 KB 191ms
190ms Other
text/plain 142.250.183.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/dict/m202603190101/gpt

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

cafe /

Resource Hash

57b72388189c0685454ef43399e4a9345f4c6d0f5c7331deebc4f1a1c1f2a492

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer

Response headers

content-encoding: br
etag: 16386929522506315440
age: 57491
x-content-type-options: nosniff
expires: Mon, 30 Mar 2026 08:59:18 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Mon, 23 Mar 2026 08:59:18 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
cache-control: public, immutable, max-age=604800, stale-while-revalidate=7200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 23741
x-xss-protection: 0
server: cafe
use-as-dictionary: match="/gampad/ads", id="m202603190101"

GET
H2 200 skeleton.gif
static.adsafeprotected.com/ 43 B
483 B 1146ms
568ms Image
image/gif 3.169.231.69
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?adspot_id=ad_300x250_7764548
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.169.231.69 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-3-169-231-69.lax54.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
age: 25435828
x-cache: Hit from cloudfront
x-amz-cf-id: mDiDZQrfKwMN0rrSTP0M5r__b70CWi4muQVXRV8zuq45wfpHV0isxA==
date: Mon, 02 Jun 2025 15:27:02 GMT
content-type: image/gif
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
x-amz-replication-status: COMPLETED
cache-control: max-age=315360000
via: 1.1 24c653786f1542f9bbe56b311cdc5670.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 43
x-amz-cf-pop: LAX54-P7
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 393 KB
139 KB 210ms
209ms Script
application/javascript 142.250.195.136
Google LLC

General

Check archive.org

Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CEFZJ359V8&cx=c&gtm=4e63k1h1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VJBRK9986D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.195.136 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzsyda-ab-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

9ad451583acf00cb9ddd3458881abdfce92f31808cd62ef52ff320bdeb1bdff4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: zstd
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Tue, 24 Mar 2026 00:57:29 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 142584
date: Tue, 24 Mar 2026 00:57:29 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 573ms
240ms Fetch
text/plain 142.251.42.110
Google LLC

General

Check archive.org

Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-VJBRK9986D&gtm=45je63k1h1v9101576445za200zd9101576445&_p=1774313847635&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1727212986.1774313849&ul=en-au&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~115938465~115938468~116024733~117384406~117484252~118128922&sid=1774313849&sct=1&seg=0&dl=https%3A%2F%2Fpaint.toys%2Foil%2F&dr=https%3A%2F%2Fqerty2.integrityss.com.au%2F&dt=Paint%20with%20Oils&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3028
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VJBRK9986D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.42.110 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: tzsyda-af-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:120:0
report-to: {"group":"ascnsrsggc:120:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:120:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://paint.toys
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:120:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 iframe.js Show response
cdn.intergient.com/pageos/V.20260316.2/iframe/ Frame 3E20 17 KB
7 KB 59ms
59ms Script
text/javascript 104.18.20.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/V.20260316.2/iframe/iframe.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/iframe/iframe.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.20.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1e9592b119e182885673d049ec2ead66dab57473f2f6da59f43d888cea5ac1e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://cdn.intergient.com/pageos/V.20260316.2/iframe/iframe.html

Response headers

hw-country-code: AU
cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"3eecc5d11812ac69fb4f2c63c5dea237"
age: 557451
cf-ray: 9e11b8d55efbc742-PER
expires: Wed, 24 Mar 2027 00:57:29 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: text/javascript
last-modified: Tue, 17 Mar 2026 13:11:59 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 iframe.js Show response
cdn.intergient.com/pageos/V.20260316.2/iframe/ Frame 3678 17 KB
0 55ms
55ms Script
text/javascript 104.18.20.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/V.20260316.2/iframe/iframe.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/iframe/iframe.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.20.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1e9592b119e182885673d049ec2ead66dab57473f2f6da59f43d888cea5ac1e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://cdn.intergient.com/pageos/V.20260316.2/iframe/iframe.html

Response headers

hw-country-code: AU
cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"3eecc5d11812ac69fb4f2c63c5dea237"
age: 557451
cf-ray: 9e11b8d55efbc742-PER
expires: Wed, 24 Mar 2027 00:57:29 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: text/javascript
last-modified: Tue, 17 Mar 2026 13:11:59 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
109 B 276ms
92ms Fetch
image/gif 172.66.148.140
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.8521980839660513
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.148.140 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 887627
x-goog-stored-content-encoding: identity
expires: Fri, 13 Mar 2026 19:10:47 GMT
x-goog-stored-content-length: 43
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: ABgVH8-8d6tsHANUa2r84JrwjQITmm63V7aSPrfwA9n_jkotwDDYByg5ASpAwhKW45wurAfWr-QyLYc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9e11b8d6ba037381-PER
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 386ms
194ms Fetch
image/x-icon 142.250.207.6
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.15476928481056618

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.207.6 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzsyda-ah-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Wed, 25 Mar 2026 00:57:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
549 B 274ms
91ms Fetch
image/gif 172.66.148.140
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.9192651071944798
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.148.140 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 887627
x-goog-stored-content-encoding: identity
expires: Fri, 13 Mar 2026 19:10:47 GMT
x-goog-stored-content-length: 43
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: ABgVH8-8d6tsHANUa2r84JrwjQITmm63V7aSPrfwA9n_jkotwDDYByg5ASpAwhKW45wurAfWr-QyLYc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9e11b8d6ba017381-PER
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H2 200 dns Show response
ab.dns-finder.com/meta/ 2 B
233 B 503ms
321ms Fetch
text/plain 34.36.200.111
Google LLC

General

Check archive.org

Download Go to

Full URL: https://ab.dns-finder.com/meta/dns
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.36.200.111 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 111.200.36.34.bc.googleusercontent.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: private, max-age=180, stale-if-error=180, stale-while-revalidate=180
access-control-expose-headers: X-Resolver
x-resolver: default
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: text/plain; charset=utf-8
vary: Origin

GET
H2 200 trustedIframe.html Show response
btloader.com/ Frame 5117 6 KB
2 KB 218ms
77ms Document
text/html 104.20.20.189
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://btloader.com/trustedIframe.html?o=5150306120761344&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.20.20.189 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7699df53e5893e0a67e04e9143a9712d557c79a537b07d20fb9e6911f1f6636a

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: public, max-age=3600, stale-while-revalidate=3600
cf-ray: 9e11b8d78ca2864f-PER
content-encoding: br
content-type: text/html
date: Tue, 24 Mar 2026 00:57:29 GMT
server: cloudflare

GET
H2 200 154013155 Show response
fundingchoicesmessages.google.com/i/ 217 KB
70 KB 634ms
294ms Script
application/javascript 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/i/154013155?ers=3

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202603170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

3753ab1977a7ef0af3f93ba28ecac18a443fdafc604564b1b76bafe3cb446a17

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-Zure6k2acqV46zFFk7eTcA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjamDU4pJi8NeQYlAM28nUevMc63QgLll0nrUNiLuAeA4QGypcYnUG4g_1l1l_AHGRxBXWFiD-VHWDVaT6Bms4lw9bPBB_K_Zl4yjxZXsyxY_tGxCzvPVnUzsawGYBxAunBbKtBOIX6wLZPgDxnZggtidALMTD8fNQ-zk2gQP_-tqZlTSS8gvjk_PzSooyk0pL8ovSktNSi1OLylKL4o0MjMwMjI2M9AzM4wsMAD0bRrA"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-Zure6k2acqV46zFFk7eTcA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET main.js
cdn.intergient.com/cdn-cgi/challenge-platform/scripts/jsd/ Frame 6AA0 0
0

GET
H2

200

main.js Show response
cdn.intergient.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/ Frame F9A4
Redirect Chain

https://cdn.intergient.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://cdn.intergient.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js?

26 KB
12 KB

56ms
56ms

Script
application/javascript

104.18.20.56
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://cdn.intergient.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js?

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

104.18.20.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8ba51a48200cffea79d8ad28d685ec9b17ed6fae98f41d654be7159c59f0480

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer

Response headers

hw-country-code: AU
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
content-encoding: br
x-content-type-options: nosniff
cf-ray: 9e11b8d7bd1fc742-PER
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: cloudflare

Redirect headers

hw-country-code: AU
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/ea2d291c0fdc/main.js?
cf-ray: 9e11b8d72b81c742-PER
access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 24 Mar 2026 00:57:29 GMT
vary: Accept-Encoding
server: cloudflare

GET 7f68a900-41e3-4cc2-ac36-1076184d0944
https://paint.toys/ 0
0

GET
H3 200 config.json Show response
config.playwire.com/audience_segments/ 332 KB
57 KB 134ms
76ms XHR
application/json 104.18.10.207
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://config.playwire.com/audience_segments/config.json

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/main.45eaff7df0a3f8ca9396.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.10.207 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b9e0d49beac36d0c7e1c7b228cdea11ea73fd2abd3588d92ae44250e872fefe3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-max-age: 7200
access-control-expose-headers: hw-country-code
content-encoding: gzip
cf-cache-status: HIT
age: 13750
access-control-allow-methods: GET
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: application/json
vary: Origin, Accept-Encoding
last-modified: Mon, 23 Mar 2026 21:08:18 GMT
priority: u=1,i
strict-transport-security: max-age=31536000; includeSubDomains
hw-country-code: AU
cache-control: public, max-age=86400
cf-ray: 9e11b8d7795c709e-PER
access-control-allow-origin: *
server: cloudflare

GET
H2 200 474.54ec3c969d5dcf548468.js Show response
cdn.intergient.com/pageos/V.20260316.2/ 3 KB
1 KB 58ms
57ms Script
text/javascript 104.18.21.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/pageos/V.20260316.2/474.54ec3c969d5dcf548468.js
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/runtime.927f0cc17381f058ec10.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.21.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70fdcbbe7129a79cab3b0839348a16e359bda7056b157c52ec8d2cb89d40fa3e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

hw-country-code: AU
cache-control: public, max-age=31536000
content-encoding: br
cf-cache-status: HIT
etag: W/"a4ba8a8e24e7796c977c7ad0213bf24d"
age: 557451
cf-ray: 9e11b8d70b43c742-PER
expires: Wed, 24 Mar 2027 00:57:29 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: text/javascript
last-modified: Tue, 17 Mar 2026 13:11:51 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 script Show response
carbon-cdn.ccgateway.net/ 39 KB
10 KB 1189ms
560ms Script
text/javascript 52.91.215.149
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://carbon-cdn.ccgateway.net/script?id=paint.toys&parentId=5bb3e20859
Requested by: Host: qerty2.integrityss.com.au
URL: https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyMC0yNTg5OTkyMi0xMDA4MDI3Yi05Mzg5LUxrMG9FMDR6ZDRMMTFFcU1ndzEw/rmodzwsmk3q/unplezyragjydeaewnjbfghp/4JQANWIX0ZXB/rtbenknwvejnmkkbczwczzwyswkzq/2304004152849396439
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.91.215.149 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-91-215-149.compute-1.amazonaws.com
Software: /
Resource Hash: 84c25d9b718fc251428c5d0630c0c386caa81dbeb72eda0f377cacee475ace5b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: private,max-age=900
content-encoding: gzip
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ 463 KB
146 KB 617ms
279ms Script
text/javascript 172.217.25.202
Google LLC

General

Check archive.org

Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/main.45eaff7df0a3f8ca9396.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

172.217.25.202 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

nrt12s13-in-f10.1e100.net

Software

cafe /

Resource Hash

bde86b4e17ba3684a80989eddbfbf1ce467913fb2307b78d2d77a3941f2a4adc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
etag: 5035912445782167723
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 00:57:29 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 148647
x-xss-protection: 0
server: cafe

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 676ms
319ms Preflight
application/json 182.161.73.131
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fpaint.toys%2F&domain=paint.toys&cw=1&lsw=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.131 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://paint.toys
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://paint.toys
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 24 Mar 2026 00:57:29 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 201961
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

POST
H2 200 prebid Show response
id5-sync.com/api/config/ 194 B
639 B 1610ms
775ms Fetch
application/json 162.19.138.117
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

1526f7f540b829baf0e6d1b491aa7b26b5e49fa160abca67c11695ccfa2cee82

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
access-control-allow-credentials: true
access-control-allow-origin: https://paint.toys
p3p: CP="CAO PSA OUR"
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding

GET
H2 200 id Show response
id.crwdcntrl.net/ 75 B
820 B 706ms
288ms Fetch
application/json 54.254.93.97
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://id.crwdcntrl.net/id?c=17262

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.254.93.97 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-254-93-97.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

2b106a1a8af5164c88baee5fb5530151c030d4743fe87e886e26cdfed4ce497b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: no-cache
pragma: no-cache
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://paint.toys
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 75
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: application/json;charset=utf-8

GET
H2 200 f Show response
fid.agkn.com/ 0
364 B 1349ms
647ms Fetch 100.55.136.84
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://fid.agkn.com/f?apiKey=2104320612&r=https%3A%2F%2Fpaint.toys%2Foil%2F
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.55.136.84 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-100-55-136-84.compute-1.amazonaws.com
Software: AAWebServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
expires: 0
access-control-allow-origin: https://paint.toys
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
date: Tue, 24 Mar 2026 00:57:30 GMT
vary: Origin
server: AAWebServer
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ 1 KB
2 KB 1414ms
701ms Fetch
application/json 79.127.255.4
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0014000001YrMoYAAV&gdpr=0&src=pbjs&ver=10.23.0&coppa=0
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 79.127.255.4 San Jose, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: unn-79-127-255-4.datapacket.com
Software: /
Resource Hash: b0c5fb4a7a8ac931d1a128e0e2d04e0fd1365baa5856a0bd2666d4a4491f3aed

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

access-control-allow-origin: https://paint.toys
content-length: 1528
content-type: application/json
vary: origin
access-control-allow-credentials: true

GET
H2 204 any Show response
idx.liadm.com/idex/did-0046/ 0
367 B 1311ms
652ms Fetch 18.213.222.188
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://idx.liadm.com/idex/did-0046/any?duid=8e413bd09c43--01kmenhgk1ttpxpw0nqpwk4e7c&did=did-0046&cd=.paint.toys&pu=https%3A%2F%2Fpaint.toys&resolve=nonId&resolve=uid2&resolve=index&resolve=bidswitch&resolve=pubmatic&resolve=magnite&resolve=openx&resolve=sorvrn&resolve=thetradedesk&resolve=medianet&resolve=vidazoo&resolve=sonobi&resolve=sharethrough&resolve=triplelift

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.213.222.188 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-18-213-222-188.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: max-age=3599, private
trace-id: c07cc83df6ae69bf
request-time: 1
access-control-allow-credentials: true
expires: Tue, 24 Mar 2026 01:57:30 GMT
access-control-allow-origin: https://paint.toys
date: Tue, 24 Mar 2026 00:57:30 GMT
vary: Origin

GET
H2 200 json Show response
gum.criteo.com/sid/ 365 B
1 KB 598ms
320ms Fetch
application/json 182.161.73.131
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fpaint.toys%2F&domain=paint.toys&cw=1&lsw=1

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.131 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

3d861cce1829c6eac41c0c34ddc0e385d684a1ff7da588a15c6776c7bf89c9f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: application/json
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 423556
expires: 0
access-control-allow-origin: https://paint.toys
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H/1.1

200
OK

/ Show response
ps.eyeota.net/pixel/bounce/
Redirect Chain

https://ps.eyeota.net/pixel?pid=m51mh00&t=ajs&uid=user_68df70df-de7d-4dbf-bbb6-f0d9f6cc2765_1774313849369
https://ps.eyeota.net/pixel/bounce/?pid=m51mh00&t=ajs&uid=user_68df70df-de7d-4dbf-bbb6-f0d9f6cc2765_1774313849369

1 KB
1 KB

95ms
95ms

Script
application/javascript

13.237.11.119
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://ps.eyeota.net/pixel/bounce/?pid=m51mh00&t=ajs&uid=user_68df70df-de7d-4dbf-bbb6-f0d9f6cc2765_1774313849369
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: HTTP/1.1
Server: 13.237.11.119 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-13-237-11-119.ap-southeast-2.compute.amazonaws.com
Software: /
Resource Hash: 405e32a17fc4d0d695bd929b7fa177eed2b27d268ab92ae07d66c4f1485bf830

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

Content-Length: 1130
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Tue, 24 Mar 2026 00:57:29 GMT
Content-Type: application/javascript

Redirect headers

Location: /pixel/bounce/?pid=m51mh00&t=ajs&uid=user_68df70df-de7d-4dbf-bbb6-f0d9f6cc2765_1774313849369
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Tue, 24 Mar 2026 00:57:29 GMT

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 115 B
571 B 664ms
261ms XHR
application/json 18.139.188.200
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://bcp.crwdcntrl.net/6/map?xcid=17138

Requested by

Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/17138/sync.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.139.188.200 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-18-139-188-200.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

c5ca63dc7cb7ab075fec8dc3c113107fd319949532501589bd80741c856c7b32

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: no-cache
pragma: no-cache
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://paint.toys
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 115
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: application/json;charset=utf-8

OPTIONS
H2 200 bid
aax.amazon-adsystem.com/e/dtb/ Frame 0
0 479ms
240ms Preflight 108.158.27.219
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.158.27.219 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-108-158-27-219.syd3.r.cloudfront.net
Software: Server /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paint.toys
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: origin,x-requested-with,access-control-request-headers,content-type,access-control-request-method,accept
access-control-allow-methods: POST
access-control-allow-origin: https://paint.toys
access-control-max-age: 1800
content-encoding: gzip
content-length: 0
date: Tue, 24 Mar 2026 00:57:28 GMT
server: Server
via: 1.1 a082000327c728caebeae45146987f26.cloudfront.net (CloudFront)
x-amz-cf-id: POKOJw82Ct9UHFuoO4UhkKDB52nI8giuCCJGD2ywMjUFEv7SteZsEQ==
x-amz-cf-pop: SYD3-P2
x-cache: Miss from cloudfront

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ 6 KB
3 KB 414ms
181ms XHR
application/javascript 108.158.21.92
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.158.21.92 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-108-158-21-92.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-max-age: 3000
content-encoding: gzip
x-amz-version-id: r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE
etag: W/"a4d296427fc806b21335359e398c025c"
age: 19261
access-control-allow-methods: GET
x-cache: Hit from cloudfront
x-amz-cf-id: 2MLcn5rTekXSxhm54zW2NVWpweJKaBR8pFjtftoUslFec_s5zgtOag==
date: Mon, 23 Mar 2026 19:36:29 GMT
content-type: application/javascript
vary: Origin,Accept-Encoding
last-modified: Thu, 29 Feb 2024 02:13:08 GMT
cache-control: public, max-age=86400
via: 1.1 aeb2692086ca3fc7d14822f811ae17a0.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-amz-cf-pop: SYD62-P3
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 bd056b42-51db-43ce-9a8e-3b11319b5d1f Show response
config.aps.amazon-adsystem.com/configs/ 639 B
905 B 433ms
182ms Script
application/javascript 3.175.115.79
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://config.aps.amazon-adsystem.com/configs/bd056b42-51db-43ce-9a8e-3b11319b5d1f
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.175.115.79 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-3-175-115-79.syd3.r.cloudfront.net
Software: CloudFront /
Resource Hash: 3d22fad4842e13423bfdf53436bed10297f2168abc62c509076c9cb3597467eb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: max-age=3600
age: 572
via: 1.1 a858d3e93dd1bce43c3919c89e11ec2c.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
content-length: 639
x-amz-cf-id: Z-_AGr4MT2CvTd76ab93Nl7kqW8XyrJqGXm7FiWKjE3YeSmPAbTUFg==
date: Tue, 24 Mar 2026 00:47:57 GMT
content-type: application/javascript
x-amz-cf-pop: SYD3-P3
server: CloudFront

GET
H2 200 config Show response
c.amazon-adsystem.com/cdn/prod/ 3 KB
3 KB 146ms
145ms XHR
application/json 108.158.21.92
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fpaint.toys&pubid=bd056b42-51db-43ce-9a8e-3b11319b5d1f
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.158.21.92 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-108-158-21-92.syd62.r.cloudfront.net
Software: Server /
Resource Hash: 20bd4e8b4884ff3a757b962866b9aa95f9f4e54c7cd8ae30a67171c208b202ba

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: max-age=21550, s-maxage=21600
age: 19261
access-control-allow-credentials: true
via: 1.1 3d94c83b729a96791b0c271c930b1b6e.cloudfront.net (CloudFront)
access-control-allow-origin: https://paint.toys
x-cache: Hit from cloudfront
content-length: 3077
x-amz-cf-id: l-iEpjbBwa2Mtme1P53O9tFJJ_fC29OxlAp2AAWvgZFZ5OyaONB9GA==
date: Mon, 23 Mar 2026 19:36:27 GMT
content-type: application/json;charset=UTF-8
x-amz-cf-pop: SYD62-P3
server: Server

POST
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ 25 B
385 B 470ms
237ms Fetch
application/json 108.158.27.219
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://aax.amazon-adsystem.com/e/dtb/bid
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.158.27.219 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-108-158-27-219.syd3.r.cloudfront.net
Software: Server /
Resource Hash: 7dc78c5c119373b361b76d7e9c1b2759725163789661df908ee4cd8faf842676

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://paint.toys/

Response headers

content-encoding: gzip
access-control-allow-credentials: true
via: 1.1 1756a318e802526c12a1158627f4728e.cloudfront.net (CloudFront)
access-control-allow-origin: https://paint.toys
x-cache: Miss from cloudfront
content-length: 45
x-amz-cf-id: kfdhCcKCEEWpT7SJnO7rkDu1t03BFMK1JVye3MHmT9oj94WgatMVlA==
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: application/json;charset=UTF-8
vary: Origin
server: Server
x-amz-cf-pop: SYD3-P2

POST
H3 200 cookie_sync Show response
pbs.intergient.com/ 2 KB
919 B 371ms
310ms Fetch
application/json 104.18.21.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://pbs.intergient.com/cookie_sync
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.21.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a0176e2e01c6f4d93f5031dccd97f13bc91644ce4419981ea535a6376ee477d6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

content-encoding: br
access-control-allow-credentials: true
x-proxy-host: prebid.intergient.com
cf-ray: 9e11b8d88e3887b6-PER
access-control-allow-origin: https://paint.toys
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

POST
H3 200 auction Show response
pbs.intergient.com/openrtb2/ 49 KB
21 KB 1162ms
1106ms Fetch
application/json 104.18.21.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://pbs.intergient.com/openrtb2/auction
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.21.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 80984d9ce931741e87fee65ba466e8c79e155508b6fb7f2feed5b56240b20c8c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

content-encoding: br
access-control-allow-credentials: true
x-proxy-host: prebid.intergient.com
cf-ray: 9e11b8d88e3987b6-PER
access-control-allow-origin: https://paint.toys
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
priority: u=1,i

POST
H2 204 v1 Show response
btlr.sharethrough.com/universal/ 0
117 B 719ms
311ms Fetch 54.169.114.26
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://btlr.sharethrough.com/universal/v1?supply_id=WYu2BXv1

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.169.114.26 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-169-114-26.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=16000000; includeSubDomains; preload;
access-control-allow-origin: https://paint.toys
access-control-allow-credentials: true

POST
H3 200 pbjs Show response
htlb.casalemedia.com/openrtb/ 18 KB
9 KB 335ms
279ms Fetch
application/json 104.18.26.193
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://htlb.casalemedia.com/openrtb/pbjs?s=1031634
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.26.193 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 204602cac692d16d7a4ad2ba8df8322fe2f3ade81258475c3000fcab16cb6a7a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=chtV93qgO9x6YFxefn1qqbaXOEZ3YteClQY5N7kd8%2BwxquWfe7psyDWwEnP8pJVxtAd8Y6sGFM%2BR5FdzyDmsuNI7wPOTiuHA5Ekzuh0QH6Ps"}]}
expires: 0
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: application/json
vary: Accept-Encoding
priority: u=1,i
cache-control: no-cache
nel: {"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
pragma: no-cache
access-control-allow-credentials: true
cf-ray: 9e11b8d89bcbb624-PER
access-control-allow-origin: https://paint.toys
content-length: 8526
server: cloudflare

POST
H2 204 665db4754b2ec067196b8f78 Show response
exchange.cootlogix.com/prebid/multi/ 0
275 B 1152ms
545ms Fetch 146.190.187.27
DigitalOcean

General

Check archive.org

Download Go to

Full URL: https://exchange.cootlogix.com/prebid/multi/665db4754b2ec067196b8f78
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.190.187.27 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Content-Range, Cache-Control
access-control-allow-origin: https://paint.toys
cache-control: max-age=0, no-cache, must-revalidate, proxy-revalidate
date: Tue, 24 Mar 2026 00:57:30 GMT
vary: Accept-Encoding
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE

POST
H2 204 hb-multi Show response
hb.yellowblue.io/ 0
180 B 1007ms
452ms Fetch 35.219.182.198
Google LLC

General

Check archive.org

Download Go to

Full URL: https://hb.yellowblue.io/hb-multi
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.219.182.198 Las Vegas, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 198.182.219.35.bc.googleusercontent.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

via: 1.1 google
access-control-allow-origin: https://paint.toys
date: Tue, 24 Mar 2026 00:57:30 GMT
x-envoy-upstream-service-time: 0
server: istio-envoy
access-control-allow-credentials: true
x-envoy-decorator-operation: filtration-canary.default.svc.cluster.local:80/*

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 165 B
1 KB 411ms
212ms Fetch
application/json 103.43.90.53
Xandr Inc.

General

Check archive.org

Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

103.43.90.53 Singapore, Singapore, ASN29990 (ASN-APPNEXUS - Xandr Inc., US),

Reverse DNS

594.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.25.5 /

Resource Hash

a66a89e635883a2d999ec08b246fea54af87a1ee954b140abf0bbc56862a0e51

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 103.108.231.245; 103.108.231.245; 594.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; *.adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: https://paint.toys
server-timing: total;dur=38
content-length: 165
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 24 Mar 2026 00:57:29 GMT
x-xss-protection: 0
content-type: application/json; charset=utf-8
an-x-request-uuid: a83fa219-b847-4a4b-9916-928490706ff6
server: nginx/1.25.5

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 18 KB
9 KB 689ms
348ms Fetch
application/json 69.173.158.65
Magnite

General

Check archive.org

Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=12556&site_id=110932&zone_id=523774&size_id=9&alt_size_ids=8&p_pos=atf&rp_schain=1.0,1!playwire.com,1024872,1,,,&eid_pubcid.org=2934f930-ab08-4688-8668-69a06c92d14f%5E1%5E%5E%5E%5E%5E&eid_linkedin.com=13ffeb09-e96d-4a39-bb4f-0a15bef3319a%5E1%5E%5E%5E%5E%5E&rf=https%3A%2F%2Fpaint.toys%2Foil%2F&tg_i.domain=paint.toys&tg_i.page=https%3A%2F%2Fpaint.toys%2Foil%2F&tg_i.ref=https%3A%2F%2Fqerty2.integrityss.com.au%2F&tg_i.documentLang=en&tg_i.cat=IAB9-5%2C693&tg_i.sectioncat=IAB9-5%2C693&tg_i.pagecat=IAB9-5%2C693&tg_i.mobile=0&tg_i.pos=atf&tg_i.sitecont_cat=games_casual&tg_i.adunit=pw-160x600_atf&tg_i.dfp_ad_unit_code=%2F154013155%2C21762409181%2F1024872%2F74068%2Fpublisher%3A1024872-website%3A74068-160x600%2Fpublisher%3A1024872-website%3A74068-160x600-CP%2Fpublisher%3A1024872-website%3A74068-160x600-CP-160x600&tk_flint=pbjs_lite_v10.23.0&x_source.tid=u67e54aa2-c865-407b-bd8d-627c96bfc9e6&l_pb_bid_id=7cc9cd17-ac17-4270-b64d-079b78f98fef&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=u6cfff128-6972-4e13-a5af-a750d7811836&p_site.mobile=0&p_gpid=%2F154013155%2C21762409181%2F1024872%2F74068%2Fpublisher%3A1024872-website%3A74068-160x600%2Fpublisher%3A1024872-website%3A74068-160x600-CP%2Fpublisher%3A1024872-website%3A74068-160x600-CP-160x600&m_ch_mobile=%3F0&slots=1&rand=0.003269755705586408
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 69.173.158.65 Ashburn, United States, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software: nginx/1.27.2 /
Resource Hash: ec335eb706a824bd997c0c3dad498b9c286df9b33bd24a3fdf9e739a98411752

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
expires: Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin: https://paint.toys
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: application/json
vary: Accept-Encoding
server: nginx/1.27.2

POST
H2 200 playwire Show response
direct.adsrvr.org/bid/bidder/ 0
243 B 723ms
312ms Fetch
application/json 15.197.196.10
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://direct.adsrvr.org/bid/bidder/playwire
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 15.197.196.10 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ae69789f15ba8a942.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

x-openrtb-version: 2.3
cache-control: private
access-control-allow-credentials: true
access-control-allow-origin: https://paint.toys
content-length: 0
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: application/json
server: Kestrel
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept, x-integration-type

POST
H2 200 prebidjs Show response
rtb.openx.net/openrtbb/ 15 KB
6 KB 654ms
475ms Fetch
text/plain 35.186.253.211
Google LLC

General

Check archive.org

Download Go to

Full URL: https://rtb.openx.net/openrtbb/prebidjs
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.253.211 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 211.253.186.35.bc.googleusercontent.com
Software: /
Resource Hash: 2834e98ea4ea5009395e12f2ce17ee5d477d44191d7ef18090623e9d59091d8c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

content-encoding: br
x-forwarded-for: 103.108.231.245
access-control-allow-credentials: true
via: 1.1 google
access-control-allow-origin: https://paint.toys
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6314
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: text/plain
vary: Origin,Accept-Encoding

POST
H2 200 auction Show response
tlx.3lift.com/header/ 18 KB
9 KB 875ms
459ms Fetch
application/json 54.151.166.244
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://tlx.3lift.com/header/auction?lib=prebid&v=10.23.0&referrer=https%3A%2F%2Fpaint.toys%2Foil%2F&tmax=2500&fledge=true

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.151.166.244 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-151-166-244.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

20e20e5695d8fae7909da2feb815bc79eb38530edb873db9e616cb941653e048

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-encoding: zstd
pragma: no-cache
accept-ch: sec-ch-viewport-width,sec-ch-downlink,sec-ch-ua-full-version-list,sec-ch-prefers-color-scheme,sec-ch-ua-platform,sec-ch-dpr,user-agent,sec-ch-width,sec-ch-viewport-height,sec-ch-save-data,sec-ch-ect,sec-ch-ua-model,sec-ch-ua-platform-version,sec-ch-device-memory,sec-ch-ua-bitness,sec-ch-ua,sec-ch-ua-full-version,sec-ch-ua-arch,sec-ch-rtt,sec-ch-ua-mobile
access-control-allow-credentials: true
expires: Thu, 15 Oct 1992 20:10:00 GMT
access-control-allow-origin: https://paint.toys
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
content-length: 8521
x-xss-protection: 0
content-type: application/json; charset=utf-8

GET
H2 200 imp Show response
g2.gumgum.com/hbid/ 8 KB
3 KB 833ms
431ms Fetch
application/json 18.139.66.122
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://g2.gumgum.com/hbid/imp?displaymanager=Prebid.js%20-%20gumgum&displaymanagerver=10.23.0&lt=1774313849626&to=-600&aun=pw-160x600_atf&gpid=%2F154013155%2C21762409181%2F1024872%2F74068%2Fpublisher%3A1024872-website%3A74068-160x600%2Fpublisher%3A1024872-website%3A74068-160x600-CP%2Fpublisher%3A1024872-website%3A74068-160x600-CP-160x600&t=8ylgv2wd&pi=3&maxw=160&maxh=600&si=1111716&bf=160x600%2C120x600&ae=true&schain=1.0%2C1!playwire.com%2C1024872%2C1%2C%2C%2C&tId=u071255ed-000e-4891-ab0c-b05a0090c98e&vw=1600&vh=1200&sw=1600&sh=1200&pu=https%3A%2F%2Fpaint.toys%2Foil%2F&tpl=https%3A%2F%2Fpaint.toys%2Foil%2F&ce=true&dpr=1&jcsi=%7B%22t%22%3A0%2C%22rq%22%3A8%2C%22pbv%22%3A%2210.23.0%22%7D&ogu=https%3A%2F%2Fpaint.toys%2Foil%2F&ns=10240&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F146.0.0.0%20Safari%2F537.36&sua=%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D&dnt=0&lang=en
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.139.66.122 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-139-66-122.ap-southeast-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 271949c3c4074d0b5bb9db891f072079372d027763ec3fbefe484cad71419c95

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://paint.toys
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: application/json;charset=UTF-8
server: nginx

POST
H2 200 9e11b8d48cdcc742 Show response
cdn.intergient.com/cdn-cgi/challenge-platform/h/g/jsd/oneshot/ea2d291c0fdc/0.7219467153769945:1774312855:I8mqfgoyuUuUNSyYwGCdAgl2MQovCqPfPVzDFN3A_vE/ Frame F9A4 0
861 B 109ms
104ms XHR
text/plain 104.18.20.56
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.intergient.com/cdn-cgi/challenge-platform/h/g/jsd/oneshot/ea2d291c0fdc/0.7219467153769945:1774312855:I8mqfgoyuUuUNSyYwGCdAgl2MQovCqPfPVzDFN3A_vE/9e11b8d48cdcc742
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.20.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer

Response headers

hw-country-code: AU
timing-allow-origin: https://cdn.intergient.com
cf-ray: 9e11b8d8c858c742-PER
alt-svc: h3=":443"; ma=86400
content-length: 0
cf-chl-out-s: tD7vJAaSo04bwsOmhJT7AIx7TB91U03movT/6trvBTOKGNOOtHr2MSj5npspiwauoGuSKCTGHR+vqbnjSe0HJBvjUoJFD4Ianvlq6TfnZ6Wk908B0mZaGvwzcqmjfa6k9V/Vm7LifPD4ZVWYs1AB/ig9c29XiJg+DRJyI1Kn7pTdoJlvdfMdzwT75uGtvMJWEzJPptqLKbdh/GZ3LGCy3Gwzp1kvMp5K3b2oefTUKEDG5kcoPUo5Lkvn/NyxvIGUaGaASoW1yfUBbiHJoYnH7RtQ71Qh8/UXis+cde9u+xhwYRGpVUC58eXI0MNVnaKFVnt5uTAID285DTPCFmEZzfoVKKT4P3Knfy7grnizyq7ZFwcU4aLP3glDGUNn9XO3DxviwIfK5t0jKFKEwbHNuH+TW8abH1nCeI0rIjNaZSJ+ODL0RlGCoFXb+xbL0aN3ZVMKdJM3fx2Mf2BOmXbcpAq8O4wpmZ0lGDy1FrFVwdY=$BG+/4q4VetIY+TyOULxZTg==
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: text/plain; charset=UTF-8
server: cloudflare

GET
H2 200 pubcid.min.js Show response
secure.cdn.fastclick.net/js/pubcid/latest/ 67 KB
22 KB 367ms
131ms Script
application/javascript 104.85.231.104
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://secure.cdn.fastclick.net/js/pubcid/latest/pubcid.min.js
Requested by: Host: qerty2.integrityss.com.au
URL: https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyMC0yNTg5OTkyMi0xMDA4MDI3Yi05Mzg5LUxrMG9FMDR6ZDRMMTFFcU1ndzEw/rmodzwsmk3q/unplezyragjydeaewnjbfghp/4JQANWIX0ZXB/rtbenknwvejnmkkbczwczzwyswkzq/2304004152849396439
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.85.231.104 Melbourne, Australia, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-85-231-104.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 45bc6978e281a938d9485dcbf0859159b24e2f7c9b8b0fafc120b9606e0ea8b1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: max-age=900
content-encoding: gzip
etag: "10ab4-63a0ee37f7c40-gzip"
expires: Tue, 24 Mar 2026 01:12:30 GMT
accept-ranges: bytes
content-length: 21994
date: Tue, 24 Mar 2026 00:57:30 GMT
last-modified: Wed, 16 Jul 2025 17:04:41 GMT
content-type: application/javascript
server: Apache
vary: Accept-Encoding

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16576/ 44 KB
13 KB 141ms
140ms Script
text/javascript 108.158.20.119
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js
Requested by: Host: qerty2.integrityss.com.au
URL: https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyMC0yNTg5OTkyMi0xMDA4MDI3Yi05Mzg5LUxrMG9FMDR6ZDRMMTFFcU1ndzEw/rmodzwsmk3q/unplezyragjydeaewnjbfghp/4JQANWIX0ZXB/rtbenknwvejnmkkbczwczzwyswkzq/2304004152849396439
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.158.20.119 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-108-158-20-119.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 517f9d49f64b0c45a9869756479cbb64844f2228819833a8191d0c474c9179c4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

vary: Accept-Encoding
cache-control: public, max-age=86400
content-encoding: gzip
etag: W/"23aff465a95f15b3a346b4a378b016f0"
age: 24804
via: 1.1 08a9275888c86859e545bc29de28a412.cloudfront.net (CloudFront)
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: I2DUZqLgWFAoZ8-kT16RurxpMqXN5gH9YLmCvYHkIIj49OqnA-LJRQ==
date: Mon, 23 Mar 2026 18:04:06 GMT
content-type: text/javascript
last-modified: Tue, 10 Feb 2026 20:18:38 GMT
server: AmazonS3
x-amz-cf-pop: SYD62-P3
x-amz-server-side-encryption: AES256

GET
H2 200 hadron.js Show response
cdn.hadronid.net/ 11 B
186 B 249ms
96ms Script
text/plain 172.66.166.119
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://cdn.hadronid.net/hadron.js?url=https%3A%2F%2Fpaint.toys%2Foil%2F&ref=https%3A%2F%2Fqerty2.integrityss.com.au%2F&_it=amazon&partner_id=403
Requested by: Host: qerty2.integrityss.com.au
URL: https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyMC0yNTg5OTkyMi0xMDA4MDI3Yi05Mzg5LUxrMG9FMDR6ZDRMMTFFcU1ndzEw/rmodzwsmk3q/unplezyragjydeaewnjbfghp/4JQANWIX0ZXB/rtbenknwvejnmkkbczwczzwyswkzq/2304004152849396439
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.166.119 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a73f5986eb985871284e6e216372de3505634a97229de643216728d0fbfd6227

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: max-age=432000
cf-cache-status: HIT
etag: "6943ef12-b"
age: 1908
cf-ray: 9e11b8d9d959cf9d-PER
accept-ranges: bytes
content-length: 11
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: text/plain
last-modified: Thu, 18 Dec 2025 12:09:54 GMT
server: cloudflare

GET
H2 200 id5-api.js Show response
cdn.id5-sync.com/api/1.0/ 117 KB
34 KB 160ms
58ms Script
text/javascript 172.66.169.55
Cloudflare

General

Check archive.org

Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/id5-api.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.169.55 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

18120a6bee05cd823d5f4ab0c52006863a059a5d6c535c790a31bdd2ee8c45e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-amz-id-2: 79IyyhrENmxTcRX9VYxzdmz/xSMoQ4cNpB7RbwSWY/f+nfdvITjzH6A03m3sJPKKTUngmTRtwLs=
strict-transport-security: max-age=15552000; includeSubDomains; preload
cache-control: public, max-age=3600
content-encoding: br
cf-cache-status: HIT
etag: W/"78d670c3a2facd95b81a836b6857d830"
age: 2979
x-amz-request-id: 8MCYYCMPHC5C6AHQ
cf-ray: 9e11b8d98dbd8647-PER
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: text/javascript;charset=utf-8
last-modified: Wed, 18 Mar 2026 12:22:23 GMT
server: cloudflare
x-amz-server-side-encryption: AES256

POST
H2 204 exd
api.btloader.com/ 0
0 543ms
320ms Fetch 130.211.23.194
Google LLC

General

Check archive.org

Download Go to

Full URL: https://api.btloader.com/exd?tid=D9R8OnZM-zJdsg1Zu84-9d1d58c15f&sid=G9rJiVsL-ZDxhPrpW-9d1d58c15f&cv=2.1.184-3-g2982370&upapi=true
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.23.194 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 194.23.211.130.bc.googleusercontent.com
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

via: 1.1 google
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:30 GMT
vary: Origin

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
110 B 52ms
52ms Fetch
image/gif 172.66.148.140
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.22141330440898999
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.148.140 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 887627
x-goog-stored-content-encoding: identity
expires: Fri, 13 Mar 2026 19:10:47 GMT
x-goog-stored-content-length: 43
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: ABgVH8-8d6tsHANUa2r84JrwjQITmm63V7aSPrfwA9n_jkotwDDYByg5ASpAwhKW45wurAfWr-QyLYc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9e11b8d90c237381-PER
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

POST
H2 200 translator Show response
hbopenbid.pubmatic.com/ 15 KB
7 KB 480ms
234ms Fetch
application/json 207.65.33.78
PubMatic

General

Check archive.org

Download Go to

Full URL

https://hbopenbid.pubmatic.com/translator?source=prebid-client&gzip=1

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

207.65.33.78 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

9293b4a760b88455eb1461f9a1c783eb2452850b5ac67f6f6203e760ed8db3fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

x-openrtb-version: 2.3
strict-transport-security: max-age=16070400; includeSubDomains
cache-control: no-cache, no-store, must-revalidate, no-store, no-cache, private
content-encoding: gzip
access-control-allow-credentials: true
observe-browsing-topics: ?1
pmfcgi-resp: TRUE
access-control-allow-origin: https://paint.toys
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: application/json
server: nginx

POST
H2 204 request Show response
grid-bidder.criteo.com/openrtb_2_5/pbjs/auction/ 0
576 B 725ms
395ms Fetch 182.161.73.172
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://grid-bidder.criteo.com/openrtb_2_5/pbjs/auction/request?profileId=207&av=37&wv=10.23.0&cb=44790275555&lsavail=1&networkId=6163&gzip=1

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.172 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; preload;
x-criteo-endpoint-version: none
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
x-criteo-endpoint-action: OpenRtb25Endpoint
x-criteo-endpoint-controller: Bidding
access-control-allow-origin: https://paint.toys
date: Tue, 24 Mar 2026 00:57:29 GMT
vary: Origin
server: Kestrel

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 233ms
232ms Fetch
text/plain 142.251.42.110
Google LLC

General

Check archive.org

Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-CEFZJ359V8&gtm=45je63k1h1v9102396898za200zb9101576445zd9101576445&_p=1774313847635&gcd=13l3l3l3l1l1&npa=0&dma=0&cid=1727212986.1774313849&ul=en-au&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&tag_exp=103116026~103200004~115938465~115938469~116024733~116133313~117484252~118104772~118131590&sid=1774313849&sct=1&seg=0&dl=https%3A%2F%2Fpaint.toys%2Foil%2F&dr=https%3A%2F%2Fqerty2.integrityss.com.au%2F&dt=Paint%20with%20Oils&en=ramp_js&_fv=1&_ss=1&_ee=1&ep.pageview_id=1774313847635&tfd=3655
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CEFZJ359V8&cx=c&gtm=4e63k1h1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.42.110 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: tzsyda-af-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:120:0
report-to: {"group":"ascnsrsggc:120:0","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:120:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://paint.toys
cross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:120:0
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: text/plain
server: Golfe2

POST
H2 200 fb87a4ea41 Show response
cd836371f1d.cdn.intergient.com/ 0
96 B 946ms
424ms XHR
application/octet-stream 35.162.56.239
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cd836371f1d.cdn.intergient.com/fb87a4ea41
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/main.45eaff7df0a3f8ca9396.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.162.56.239 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-162-56-239.us-west-2.compute.amazonaws.com
Software: nginx/1.24.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://paint.toys/

Response headers

access-control-allow-origin: *
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: application/octet-stream
server: nginx/1.24.0

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 156 B
531 B 311ms
309ms XHR
application/json 18.139.188.200
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://bcp.crwdcntrl.net/6/map?xcid=16576

Requested by

Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16576/sync.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

18.139.188.200 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-18-139-188-200.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

41a5f8b0acc103e6b791c6c58bc2c76ec6a9d61e41162512ccd1fda404aa8051

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000 ; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: no-cache
pragma: no-cache
access-control-allow-credentials: true
expires: 0
access-control-allow-origin: https://paint.toys
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 156
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: application/json;charset=utf-8

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
110 B 55ms
53ms Fetch
image/gif 172.66.148.140
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.3472120110172283
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.148.140 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 887627
x-goog-stored-content-encoding: identity
expires: Fri, 13 Mar 2026 19:10:47 GMT
x-goog-stored-content-length: 43
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: ABgVH8-8d6tsHANUa2r84JrwjQITmm63V7aSPrfwA9n_jkotwDDYByg5ASpAwhKW45wurAfWr-QyLYc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9e11b8da3cf87381-PER
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1&gdpr=0&gdpr_consent=
https://ps.eyeota.net/match?uid=97f39a7c-5982-42c0-86d2-649773acdd79&bid=1e2n4ou

70 B
450 B

95ms
94ms

Image
image/gif

13.237.11.119
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://ps.eyeota.net/match?uid=97f39a7c-5982-42c0-86d2-649773acdd79&bid=1e2n4ou
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: HTTP/1.1
Server: 13.237.11.119 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-13-237-11-119.ap-southeast-2.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Tue, 24 Mar 2026 00:57:30 GMT
Content-Type: image/gif

Redirect headers

location: https://ps.eyeota.net/match?uid=97f39a7c-5982-42c0-86d2-649773acdd79&bid=1e2n4ou
content-length: 191
date: Tue, 24 Mar 2026 00:57:30 GMT
server: Kestrel

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&google_hm=MmhvRk1PLU40QWtPb25SYy1OVlk0UWdoTUxGREIzSi1iU19PMjRsYXpaN2c&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer...
https://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&google_hm=MmhvRk1PLU40QWtPb25SYy1OVlk0UWdoTUxGREIzSi1iU19PMjRsYXpaN2c&gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referr...
https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=m51mh00&google_gid=CAESEG-zumiRRIJzsFSeuMIpSXM&google_cver=1

70 B
450 B

129ms
94ms

Image
image/gif

13.237.11.119
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=m51mh00&google_gid=CAESEG-zumiRRIJzsFSeuMIpSXM&google_cver=1
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: HTTP/1.1
Server: 13.237.11.119 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-13-237-11-119.ap-southeast-2.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Tue, 24 Mar 2026 00:57:30 GMT
Content-Type: image/gif

Redirect headers

cache-control: no-cache, must-revalidate
location: https://ps.eyeota.net/match?gdpr=0&gdpr_consent=&uid=1&bid=gdo9o51&newuser=1&referrer_pid=m51mh00&google_gid=CAESEG-zumiRRIJzsFSeuMIpSXM&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 375
date: Tue, 24 Mar 2026 00:57:30 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1%26referrer_pid%3Dm51mh00
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%253A%252F%252Fps.eyeota.net%252Fmatch%253Fuid%253D%2524UID%2526bid%253D2cr76e1%2526referrer_pid%253Dm51mh00
https://ps.eyeota.net/match?uid=3655796931204238726&bid=2cr76e1&referrer_pid=m51mh00

70 B
450 B

94ms
94ms

Image
image/gif

13.237.11.119
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://ps.eyeota.net/match?uid=3655796931204238726&bid=2cr76e1&referrer_pid=m51mh00
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: HTTP/1.1
Server: 13.237.11.119 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-13-237-11-119.ap-southeast-2.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Tue, 24 Mar 2026 00:57:30 GMT
Content-Type: image/gif

Redirect headers

cache-control: no-store, no-cache, private
location: https://ps.eyeota.net/match?uid=3655796931204238726&bid=2cr76e1&referrer_pid=m51mh00
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 103.108.231.245; 103.108.231.245; 594.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; *.adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: bfdeb135-ed97-4c18-bd73-c93bd1936e00
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 24 Mar 2026 00:57:30 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.25.5

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=eyeota
https://ps.eyeota.net/match?bid=tpm4omv&uid=35EQdmtSVxh17Walk1vmlmds5_U&gdpr=&gdpr_consent=

70 B
450 B

95ms
94ms

Image
image/gif

13.237.11.119
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=tpm4omv&uid=35EQdmtSVxh17Walk1vmlmds5_U&gdpr=&gdpr_consent=
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: HTTP/1.1
Server: 13.237.11.119 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-13-237-11-119.ap-southeast-2.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Tue, 24 Mar 2026 00:57:31 GMT
Content-Type: image/gif

Redirect headers

Location: https://ps.eyeota.net/match?bid=tpm4omv&uid=35EQdmtSVxh17Walk1vmlmds5_U&gdpr=&gdpr_consent=
Content-Length: 126
Date: Tue, 24 Mar 2026 00:57:31 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://ups.analytics.yahoo.com/ups/58773/cms?partner_id=Eyeot&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58773/cms?partner_id=Eyeot&gdpr=0&gdpr_consent=&verify=true
https://ps.eyeota.net/match?bid=bhc9gd0&yahoo_ver=2&yahoo_id=y-SOqvBjxE2pXaQumyc3TAaYA390Z00xXKge8-~A&gdpr=0

70 B
450 B

96ms
95ms

Image
image/gif

13.237.11.119
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=bhc9gd0&yahoo_ver=2&yahoo_id=y-SOqvBjxE2pXaQumyc3TAaYA390Z00xXKge8-~A&gdpr=0
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: HTTP/1.1
Server: 13.237.11.119 Sydney, Australia, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-13-237-11-119.ap-southeast-2.compute.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Tue, 24 Mar 2026 00:57:30 GMT
Content-Type: image/gif

Redirect headers

strict-transport-security: max-age=31536000
location: https://ps.eyeota.net/match?bid=bhc9gd0&yahoo_ver=2&yahoo_id=y-SOqvBjxE2pXaQumyc3TAaYA390Z00xXKge8-~A&gdpr=0
age: 0
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: text/html
server: ATS

GET j
rp.liadm.com/ 0
0

GET
H2 200 id5-api-js Show response
api.id5-sync.com/analytics/483/ 1 KB
682 B 1563ms
777ms Fetch
application/json 141.95.33.120
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://api.id5-sync.com/analytics/483/id5-api-js

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

141.95.33.120 , Germany, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns3203256.ip-141-95-33.eu

Software

Resource Hash

64731b0c4bddd9b69b5d748b611bcb8cc52a9dd00a6d9f4c9664dfac0a8d6e1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: max-age=300
access-control-expose-headers: Access-Control-Allow-Origin
content-encoding: gzip
access-control-allow-origin: *
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: application/json
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding

GET
H2 200 uc.html Show response
sync.go.sonobi.com/ Frame EB1B 3 KB
3 KB 1237ms
569ms Document
text/html 72.34.249.225
XFERNET

General

Check archive.org

Download Go to

Full URL

https://sync.go.sonobi.com/uc.html?gdpr=&gdpr_consent=&us_privacy=&loc=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dsonobi%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BUID%5D

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

72.34.249.225 , United States, ASN27630 (AS-XFERNET - XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

cf843c8bfe7bc53e9c4988ade8aeee9852030dd630187f7fbae35943e5f2669e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, private
content-encoding: gzip
content-length: 1198
content-type: text/html
date: Tue, 24 Mar 2026 00:57:31 GMT
expires: Sat, 26 Jul 1997 05:00:00 GMT
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
pragma: no-cache
server: sonobi-go
tcn: Choice
vary: negotiate,Accept-Encoding
x-go-server: go-lax-1-5-36
x-xss-protection: 0

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 192ms
192ms Fetch
image/x-icon 142.250.207.6
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.8022324709380408

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.207.6 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzsyda-ah-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Wed, 25 Mar 2026 00:57:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

POST
H3 204 AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 402ms
209ms XHR
text/html 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ==

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.-lEl6dCKlBQ.es5.O/d=1/rs=AJlcJMzg5uW6mqIg6XEqAXrMXA97biCqHw/m=kernel_loader,loader_js_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-tep7VAI-JNKiOt-qW00tSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjstDikmII1JBiOHHrNtMFIP5Qf5n1BxCHc_mwxQPxwmmBbCuB-MW6QLYPQHwnJojtCRAL8XD8OtR-jk3gxcFZdxmVXJLyC-OT8_NKUvNKdBNTinVB7KLMpNKS_CIUdmoZSEVOfnp6Zl56vJGBkZmBsZGRnoF5fIEBAG52Neg"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-tep7VAI-JNKiOt-qW00tSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://paint.toys
content-length: 0
x-xss-protection: 0
server: ESF

POST
H3 204 AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 398ms
208ms XHR
text/html 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-gEty19S8od_7XwKEVgSJgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjMtDikmLw1JBi-FB_mfUHEIdz-bDFA_HCaYFsK4H4xbpAtg9AfCcmiO0JEAvxcPw61H6OTeDAkRt3GJVckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRmYGxkZGegXl8gQEA270w6g"
content-security-policy: script-src 'report-sample' 'nonce-gEty19S8od_7XwKEVgSJgA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://paint.toys
content-length: 0
x-xss-protection: 0
server: ESF

POST
H3 204 AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 389ms
206ms XHR
text/html 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-rUT5rJpLBv4jwbeHJVe5cw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjstDikmLw0ZBiOHnrNtNFIP5Qf5n1BxCHc_mwxQPxwmmBbCuB-MW6QLYPQHwnJojtCRAL8XD8OtR-jk3gx6J3txmVXJLyC-OT8_NKUvNKdBNTinVB7KLMpNKS_CIUdmoZSEVOfnp6Zl56vJGBkZmBsZGRnoF5fIEBAH_wNig"
content-security-policy: script-src 'report-sample' 'nonce-rUT5rJpLBv4jwbeHJVe5cw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://paint.toys
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 AGSKWxVLYkhszh0pj_N4-2NwhIMPkazCxiHHUTFzF2oVvISBXEBUJHlHKDaY8_ByYV4Hq6c85CBnJEStkEayfa3gha8PrSNPOXhPYzog29dX_QVJp69RmdzWyEhmEQOONQC_xFEA7lDVBA== Show response
fundingchoicesmessages.google.com/f/ 2 KB
2 KB 224ms
223ms Script
application/javascript 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxVLYkhszh0pj_N4-2NwhIMPkazCxiHHUTFzF2oVvISBXEBUJHlHKDaY8_ByYV4Hq6c85CBnJEStkEayfa3gha8PrSNPOXhPYzog29dX_QVJp69RmdzWyEhmEQOONQC_xFEA7lDVBA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzc0MzEzODUwLDE4MzAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly9wYWludC50b3lzL29pbC8iLG51bGwsW1s4LCItbEVsNmRDS2xCUSJdLFs5LCJlbi1HQiJdLFsxOCwiW1tbbnVsbCwzMTk2XV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXSxbMjQsInFlcnR5Mi5pbnRlZ3JpdHlzcy5jb20uYXUiXSxbMjksImZhbHNlIl1dXQ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

7211c1e0206d2142ebbb53296ec0f77091cdc26245c90d25369c558bd4d3f954

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-C05gJGwV_jlsDBUQB5kqtQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjqtHikmJw0ZBiaL15jnU6EJcsOs_aBsRdQDwHiA0VLrE6A_GH-susP4C4SOIKawsQf6q6wSpSfYM1nMuHLR6IvxX7snGU-LI9meLH9g2IWd76s6kdDWCzAOKF0wLZVgLxi3WBbB-A-E5MENsTIBbi4fh1qP0cm8CGS_umMippJOUXxifn55UUZSaVluQXpSWnpRanFpWlFsUbGRiZGRgbGekZmMcXGAAAWwlFbw"
content-security-policy: script-src 'report-sample' 'nonce-C05gJGwV_jlsDBUQB5kqtQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 connectId-gpt.js Show response
connectid.analytics.yahoo.com/ 9 KB
9 KB 432ms
183ms Script
application/javascript 3.175.115.10
Amazon.com

General

Check archive.org

Download Go to

Full URL

https://connectid.analytics.yahoo.com/connectId-gpt.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202603170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

3.175.115.10 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

server-3-175-115-10.syd3.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

56351c084d8d56437d41f1e58b7eb184b563871e88bab60f6b15486c39f13996

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

etag: "faa388a163b1b6d0377ee77a861591e5"
age: 2378
x-cache: Hit from cloudfront
x-amz-cf-id: o_D94q9Y8dGexXKe-LCqmkUr0chB64manLn3EoYnq550sEFFAswNGQ==
date: Tue, 24 Mar 2026 00:17:53 GMT
content-type: application/javascript
last-modified: Mon, 22 Apr 2024 18:18:45 GMT
x-amz-expiration: expiry-date="Mon, 23 Apr 2029 00:00:00 GMT", rule-id="webapp-standard-lifecycle"
content-security-policy: default-src 'self'
cache-control: max-age=3600
via: 1.1 f030a50431b0b5e5e9f61b56d387c5cc.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 8729
x-amz-cf-pop: SYD3-P3
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 344ms
125ms Script
application/javascript 34.102.146.192
Google LLC

General

Check archive.org

Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202603170101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
etag: "df5542b88bc0e368c6999754a5b9e2ba"
age: 958534
x-goog-stored-content-encoding: gzip
expires: Fri, 12 Mar 2027 22:41:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 7927
date: Thu, 12 Mar 2026 22:41:56 GMT
last-modified: Thu, 27 May 2021 18:30:51 GMT
content-type: application/javascript
x-guploader-uploadid: AGQBYWw6rV3wMyHkrFVttaG1koRrD3kxMutw6UGif88MRq2FLfsjUh3l7Bb-J0MATm6a5oikO46J3w
cache-control: no-transform
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
x-goog-generation: 1622140251693895
content-length: 7927
server: UploadServer

GET
H2 200 encrypted-tag-g.js Show response
invstatic101.creativecdn.com/encrypted-signals/ 3 KB
3 KB 675ms
455ms Script
text/javascript 34.96.70.87
Google LLC

General

Check archive.org

Download Go to

Full URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202603170101/pubads_impl.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.70.87 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 87.70.96.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 2e5f5cb912c0619933ea6c3ad8ac1466a005f792e3338d96a8432d144c63520f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

etag: 861bdaf24bda5c0db45c6ebe1c94a9eb
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2729
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: text/javascript; charset=utf-8
last-modified: Wed, 05 Feb 2025 14:45:21 GMT
server: Google Frontend
x-cloud-trace-context: 3c8065d21ebb166ce5144c7e2ca1e0bb

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
15 KB 746ms
320ms Script
text/javascript 182.161.73.173
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202603170101/pubads_impl.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.173 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

90d5e4039ac7738e44a51ad19417319f9dbf8becaedd8ebd98137188da9d5605

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: public, max-age=86400
timing-allow-origin: *
content-encoding: br
x-criteo-endpoint-version: none
cross-origin-resource-policy: cross-origin
expires: Wed, 25 Mar 2026 00:57:30 GMT
x-criteo-endpoint-controller: DynamicPublisherTag
access-control-allow-origin: *
x-criteo-endpoint-action: GetPublisherTag
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: text/javascript
vary: x-geo-country, Accept-Encoding
server: Kestrel

POST
H3 200 kawh3qkr68jcr7mnf7jca0hk Show response
faucetfoot.com/ 299 B
323 B 405ms
225ms Fetch
application/json 34.8.176.186
Google LLC

General

Check archive.org

Download Go to

Full URL

https://faucetfoot.com/kawh3qkr68jcr7mnf7jca0hk

Requested by

Host: faucetfoot.com
URL: https://faucetfoot.com/files/j51ycru44zah.index.js

Protocol

Security

QUIC, , AES_128_GCM

Server

34.8.176.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),

Reverse DNS

186.176.8.34.bc.googleusercontent.com

Software

hoothoot/2354079246 /

Resource Hash

dca0a6cd9e627a549888cee1a7452f3bd8d2ccf505eee7253c98698f4a60c01c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=15724800; preload
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST, OPTIONS
via: fen-hoothoot-asia-east1-test-4hfj.gce-asia-east1, 1.1 google
expires: Tue, 24 Mar 2026 00:57:29 GMT
access-control-allow-origin: https://paint.toys
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 299
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding, Origin
server: hoothoot/2354079246
access-control-allow-headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Cookie

GET
H2 200 bounce Show response
id5-sync.com/ 29 B
519 B 601ms
600ms Fetch
text/plain 162.19.138.117
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://id5-sync.com/bounce

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

aca701811d62eb608d12b174231be1ceae3449fe0f4bc847469ff22aab8ca9a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://paint.toys
p3p: CP="CAO PSA OUR"
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: text/plain;charset=utf-8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2 200 v1 Show response
lbs.eu-1-id5-sync.com/lbs/ 54 B
155 B 1599ms
772ms Fetch
application/json 54.36.119.82
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://lbs.eu-1-id5-sync.com/lbs/v1
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.36.119.82 , France, ASN16276 (OVH OVH SAS, FR),
Reverse DNS
Software: /
Resource Hash: 923b3aec574545f04cb5435404c30afbc2b332695961dd7a8fb87d17a1a0ad11

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-origin: https://paint.toys
content-length: 54
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: application/json
vary: Origin

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 56 B
340 B 1507ms
726ms Fetch
application/json 162.19.138.83
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.83 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31532338.ip-162-19-138.eu

Software

Resource Hash

aece7df7daa784b6485a804b1b689d9d7c08ac90f2693456a873cfc89468a04f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://paint.toys
content-encoding: gzip
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding

POST
H3 204 AGSKWxVwaeQ1eoDwAgoFPcdGsX_Pn4PVwoCeoo9WLjArk0dP3CONgONIsgAbpoXa7865AffxEvcBbm5WWjuBX1DAAVCgSatevYIEMaaJrqNLnU3KlOQuB6Jblk9xusQ3XA6LhHaKevLc6A== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 204ms
204ms XHR
text/html 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVwaeQ1eoDwAgoFPcdGsX_Pn4PVwoCeoo9WLjArk0dP3CONgONIsgAbpoXa7865AffxEvcBbm5WWjuBX1DAAVCgSatevYIEMaaJrqNLnU3KlOQuB6Jblk9xusQ3XA6LhHaKevLc6A==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-i4vCpBZLMq7KaYsQHmoMKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjstDikmLw1pBiOHHrNtMFIP5Qf5n1BxCHc_mwxQPxwmmBbCuB-MW6QLYPQHwnJojtCRAL8XD8OtR-jk1gx_HtPUxKLkn5hfHJ-XklqXkluokpxbogdlFmUmlJfhEKO7UMpCInPz09My893sjAyMzA2MhIz8A8vsAAAFC2NYU"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-i4vCpBZLMq7KaYsQHmoMKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://paint.toys
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxWyIeHkrz4tdnLhcHyg9giu9-0ne64VC88XP9LbY1IKZEF45QgXAmqIoD96PcPZbGuJOWt20gd5CU-HuJF-jeE9NJsQbie7RieRZj_dpl4Hxcfmbv4jgskl0A1gDBY-rnxVRLfXpA== Show response
fundingchoicesmessages.google.com/f/ 10 KB
4 KB 222ms
222ms Script
application/javascript 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxWyIeHkrz4tdnLhcHyg9giu9-0ne64VC88XP9LbY1IKZEF45QgXAmqIoD96PcPZbGuJOWt20gd5CU-HuJF-jeE9NJsQbie7RieRZj_dpl4Hxcfmbv4jgskl0A1gDBY-rnxVRLfXpA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzc0MzEzODUwLDQ1OTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOV0sbnVsbCwyLG51bGwsImVuIl0sImh0dHBzOi8vcGFpbnQudG95cy9vaWwvIixudWxsLFtbOCwiLWxFbDZkQ0tsQlEiXSxbOSwiZW4tR0IiXSxbMTgsIltbW251bGwsMzE5Nl1dXSJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzI0LCJxZXJ0eTIuaW50ZWdyaXR5c3MuY29tLmF1Il0sWzI5LCJmYWxzZSJdXV0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

33491a67a6ca07002379bcadd5d53c67847edab8cf60987976ccb3327267262d

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-510wjbfVLYVL_U6MbJGzmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjqtHikmJw15BiaL15jnU6EJcsOs_aBsRdQDwHiA0VLrE6A_GH-susP4C4SOIKawsQf6q6wSpSfYM1nMuHLR6IvxX7snGU-LI9meLH9g2IWd76s6kdDWCzAOKF0wLZVgLxi3WBbB-A-E5MENsTIBbi4fh1qP0cm8CL_ScnMylpJOUXxifn55UUZSaVluQXpSWnpRanFpWlFsUbGRiZGRgbGekZmMcXGAAAZblFoQ"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport, script-src 'report-sample' 'nonce-510wjbfVLYVL_U6MbJGzmw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 location Show response
privacy-location-edge.ccgateway.net/privacy/ 5 B
191 B 1264ms
604ms XHR
text/plain 52.91.215.149
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://privacy-location-edge.ccgateway.net/privacy/location
Requested by: Host: carbon-cdn.ccgateway.net
URL: https://carbon-cdn.ccgateway.net/script?id=paint.toys&parentId=5bb3e20859
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.91.215.149 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-91-215-149.compute-1.amazonaws.com
Software: /
Resource Hash: 1c55d9b826e8dfa994370e306ae8dc2e849f3e003381dc848a0b95f782c0c0e3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-origin: *
content-encoding: gzip
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
access-control-allow-credentials: true

GET
H2 200 classification Show response
pogo.ccgateway.net/v1/p/5bb3e20859/ 216 B
360 B 1269ms
605ms XHR
application/json 3.237.175.195
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://pogo.ccgateway.net/v1/p/5bb3e20859/classification?url=https%3A%2F%2Fpaint.toys%2Foil%2F
Requested by: Host: carbon-cdn.ccgateway.net
URL: https://carbon-cdn.ccgateway.net/script?id=paint.toys&parentId=5bb3e20859
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.237.175.195 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-237-175-195.compute-1.amazonaws.com
Software: /
Resource Hash: 180e9de553e30cebc7ab6f65f789d74b6994a74618fbb6fd48582b7c83617dc2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-origin: https://paint.toys
content-encoding: gzip
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: application/json
vary: Origin, Accept-Encoding
access-control-allow-credentials: true

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
139 B 53ms
53ms Fetch
image/gif 172.66.148.140
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.4291417482113038
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.148.140 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 887628
x-goog-stored-content-encoding: identity
expires: Fri, 13 Mar 2026 19:10:47 GMT
x-goog-stored-content-length: 43
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: ABgVH8-8d6tsHANUa2r84JrwjQITmm63V7aSPrfwA9n_jkotwDDYByg5ASpAwhKW45wurAfWr-QyLYc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9e11b8dfa93b7381-PER
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 209ms
208ms Fetch
image/x-icon 142.250.207.6
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.6363097405396584

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.207.6 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzsyda-ah-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Wed, 25 Mar 2026 00:57:30 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
110 B 98ms
97ms Fetch
image/gif 172.66.148.140
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.9988299343463588
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.148.140 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 887628
x-goog-stored-content-encoding: identity
expires: Fri, 13 Mar 2026 19:10:47 GMT
x-goog-stored-content-length: 43
date: Tue, 24 Mar 2026 00:57:30 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: ABgVH8-8d6tsHANUa2r84JrwjQITmm63V7aSPrfwA9n_jkotwDDYByg5ASpAwhKW45wurAfWr-QyLYc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9e11b8dfa9427381-PER
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H2 200 dns Show response
ab.dns-finder.com/meta/ 2 B
0 0ms
0ms Fetch
text/plain 34.36.200.111
Google LLC

General

Check archive.org

Download Go to

Full URL: https://ab.dns-finder.com/meta/dns
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.36.200.111 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 111.200.36.34.bc.googleusercontent.com
Software: /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: private, max-age=180, stale-if-error=180, stale-while-revalidate=180
access-control-expose-headers: X-Resolver
x-resolver: default
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
date: Tue, 24 Mar 2026 00:57:29 GMT
content-type: text/plain; charset=utf-8
vary: Origin

POST
H2 200 encrypt Show response
esp.rtbhouse.com/ 265 B
530 B 653ms
429ms Fetch
application/json 35.190.39.111
Google LLC

General

Check archive.org

Download Go to

Full URL: https://esp.rtbhouse.com/encrypt
Requested by: Host: invstatic101.creativecdn.com
URL: https://invstatic101.creativecdn.com/encrypted-signals/encrypted-tag-g.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.190.39.111 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 111.39.190.35.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 7bb61704c6de6b0d6d6b5d2b61fa2882115bff0ee47fb2cb0114c4c9c186601f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-allow-credentials: true
access-control-allow-methods: POST
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 265
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: application/json
x-cloud-trace-context: 8039861b5acc711c6a082eda14a56749
server: Google Frontend
access-control-allow-headers: X-Requested-With

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 007F 12 KB
5 KB 642ms
318ms Document
text/html 182.161.73.131
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=paint.toys&gdpr=0&gdpr_consent=

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.131 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

13e6c9d2b7d7fea86094dfc9583458e0abcb7137410dd136f1a1cfc2ab59e55e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 24 Mar 2026 00:57:30 GMT
server: Kestrel
server-processing-duration-in-ticks: 1458226
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET
H2 200 sync Show response
eb2.3lift.com/ Frame 4345 1 KB
2 KB 707ms
308ms Document
text/html 3.0.38.223
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 9f55c842737bd505179639eac63758ca816eb95d21731c29f5a7ed152fbff60a

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1261
content-type: text/html; charset=utf-8
date: Tue, 24 Mar 2026 00:57:31 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 56 B
339 B 1624ms
720ms Fetch
application/json 162.19.138.83
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.83 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31532338.ip-162-19-138.eu

Software

Resource Hash

aece7df7daa784b6485a804b1b689d9d7c08ac90f2693456a873cfc89468a04f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://paint.toys
content-encoding: gzip
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 48 KB
11 KB 875ms
874ms Fetch
text/plain 142.250.183.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4944745468918734&correlator=3582122361591002&eid=31097208%2C95379659&output=ldjh&gdfp_req=1&vrg=202603170101&ptt=17&impl=fifs&gdpr=0&iu_parts=154013155%3A21762409181%2C1024872%2C74068%2Cpublisher%3A1024872-website%3A74068-160x600%2Cpublisher%3A1024872-website%3A74068-160x600-CP%2Cpublisher%3A1024872-website%3A74068-160x600-CP-160x600&enc_prev_ius=%2F0%2F1%2F2%2F3%2F4%2F5&prev_iu_szs=160x600%7C120x600&ifi=1&dids=pw-160x600_atf&adfs=3640230632&sfv=1-0-45&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1774313851094&lmt=1774313851&adxs=20&adys=619&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0&ucis=1&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Fpaint.toys%2Foil%2F&ref=https%3A%2F%2Fqerty2.integrityss.com.au%2F&vis=1&psz=180x1062&msz=160x-1&fws=4&ohw=180&a3p=EjQKCnB1YmNpZC5vcmcSJDI5MzRmOTMwLWFiMDgtNDY4OC04NjY4LTY5YTA2YzkyZDE0ZlgBEqABCgpjcml0ZW8uY29tEo8BUVNKVVlGOXNNMU16Y0ZkQ1ZFbFlhWE53TkZsM2NETnFNRmNsTWtZemNEVlBjeVV5UWpWTUpUSkNWemtsTWtKblRtTllXR0Y0VVdKdFRUUndibVpRYUVoMmR6STBabGxWWnlVeVJrOWlTR05UVDJwdVNqUlRhSE5IWkhkMU9HaFFObXB4T1djbE0wUWxNMFFYARLWAQoOZXNwLmNyaXRlby5jb20SugFPOVdvTWw5V1dYSm5PVlZ5ZFRGd1ZuQnNkRmRVTW5OS2VVWnlTbFJrTm1saVJDVXlSbGhpVG05WmFUVkNORWw1ZFNVeVFraFRWWFk0UjJGTlEwUm5lbTluYjBSaVNFeHBjR0p3VTJSc1R6ZzVWa0poVVROUVNUVkhRVWhZU0haTGNWTnhVaVV5Um01NlNUVnpNbUZWUnpWd1Ixa3dORlpZUVVkV2VuQkNUVmhHU0RWRlYxSTNRWFZzVUEYy5Dj6tEzSAASGAoJeWFob28uY29tGIOO4-rRM0gAUgIIbxIUCgVvcGVueBixjePq0TNIAFICCG8SFwoIcnRiaG91c2UYzIrj6tEzSABSAghk&dlt=1774313847598&idt=1647&prev_scp=pos%3Datf%26slot_id%3Dpw-160x600_atf%26refresh%3Dfalse%26amazonBid%3Dfalse%26custom_path%3D160x600%26lld_id%3D50a7a9413a7e40d59d776c267837857b13849506%26price_floor%3Dna%26amznbid%3D2%26amznp%3D2%26bid_type%3Dserver%26hb_format%3Dbanner%26hb_adid%3D233fea4702a6427%26hb_size%3D160x600%26hb_pb%3D0.21%26hb_cache_path%3D%252Fcache%26hb_cache_host%3Dpbc.intergient.com%26hb_bidder%3Ds2s_rubicon%26hb_cache_host_s2s_ru%3Dpbc.intergient.com%26hb_format_s2s_rubico%3Dbanner%26hb_size_s2s_rubicon%3D160x600%26hb_pb_s2s_rubicon%3D0.21%26hb_adid_s2s_rubicon%3D233fea4702a6427%26hb_bidder_s2s_rubico%3Ds2s_rubicon%26hb_format_rubicon%3Dbanner%26hb_size_rubicon%3D160x600%26hb_pb_rubicon%3D0.20%26hb_adid_rubicon%3D18e19797f73c91b%26hb_bidder_rubicon%3Drubicon%26hb_format_s2s_ix%3Dbanner%26hb_size_s2s_ix%3D160x600%26hb_pb_s2s_ix%3D0.20%26hb_adid_s2s_ix%3D221d16de77be148%26hb_bidder_s2s_ix%3Ds2s_ix%26hb_format_triplelift%3Dbanner%26hb_size_triplelift%3D160x600%26hb_pb_triplelift%3D0.18%26hb_adid_triplelift%3D19b29a4bd101297%26hb_bidder_triplelift%3Dtriplelift%26hb_format_openx%3Dbanner%26hb_size_openx%3D160x600%26hb_pb_openx%3D0.18%26hb_adid_openx%3D17b0f45f575b05%26hb_bidder_openx%3Dopenx%26hb_format_s2s_triple%3Dbanner%26hb_size_s2s_tripleli%3D160x600%26hb_pb_s2s_triplelift%3D0.18%26hb_adid_s2s_tripleli%3D215d7bd8e5c8f978%26hb_bidder_s2s_triple%3Ds2s_triplelift%26hb_format_ix%3Dbanner%26hb_size_ix%3D160x600%26hb_pb_ix%3D0.18%26hb_adid_ix%3D149fec92c0bf474%26hb_bidder_ix%3Dix%26hb_format_pubmatic%3Dbanner%26hb_size_pubmatic%3D160x600%26hb_pb_pubmatic%3D0.12%26hb_adid_pubmatic%3D16dce9ab171003c%26hb_bidder_pubmatic%3Dpubmatic%26hb_ver%3D1.17.2&cust_params=pf_src%3Dml%26li-module-enabled%3Dt1-e0%26salad%3Dkale%26dd%3Draspberry%26di%3Dpineapple%26vd%3Draspberry%26vi%3Dpineapple%26sitecont_cat%3Dgames_casual%26referrer%3Dhttps%253A%252F%252Fqerty2.integrityss.com.au%252F%26tyche_code%3DV.20260316.2%26pageos_code%3DV.20260316.2%26config_id%3D1024872_74068_primary_config%26hour%3D10%26day%3DTuesday%26referrer_domain%3Dqerty2.integrityss.com.au%26OS%3DLinux%2520null%26browser%3DChrome%2520146%26pagecount%3D1%26window_width%3D1600%26window_height%3D1200%26screen_orientation%3Dlandscape%26website_id%3D74068%26pub_id%3D1024872%26refresh_count%3D0%26tyche_version%3DV.20260316.2%26ab_test%3Dna_A%26ad_clicker%3Dfalse%26dmp_ids%3D65%26page_focus%3Dtrue&adks=2652516820&frm=20&eoidce=1&gblpids=%2F154013155%2C21762409181%2F1024872%2F74068%2Fpublisher%3A1024872-website%3A74068-160x600%2Fpublisher%3A1024872-website%3A74068-160x600-CP%2Fpublishe&pb_szs=160x600%7C120x600&pbbce=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202603170101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

cafe /

Resource Hash

909f7d336e4948715a889c8867940aa9487a393e47c2f0ed5a8a499149efe3c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: dcb
google-lineitem-id: -1
observe-browsing-topics: ?1
x-content-type-options: nosniff
google-mediationtag-id: 1303262
google-mediationgroup-id: 740173
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: text/plain; charset=UTF-8
google-creative-id: -1
cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://paint.toys
content-length: 11586
x-xss-protection: 0
server: cafe

GET
H3 200 container.html Show response
3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame 08EE 7 KB
3 KB 410ms
212ms Document
text/html 142.250.195.129
Google LLC

General

Check archive.org

Download Go to

Full URL

https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202603170101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.129 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f1.1e100.net

Software

sffe /

Resource Hash

f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3121
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 24 Mar 2026 00:57:31 GMT
expires: Tue, 24 Mar 2026 00:57:31 GMT
last-modified: Thu, 08 May 2025 23:15:48 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
139 B 53ms
53ms Fetch
image/gif 172.66.148.140
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=1&e=0.6217436060413397
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.148.140 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 887629
x-goog-stored-content-encoding: identity
expires: Fri, 13 Mar 2026 19:10:47 GMT
x-goog-stored-content-length: 43
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: ABgVH8-8d6tsHANUa2r84JrwjQITmm63V7aSPrfwA9n_jkotwDDYByg5ASpAwhKW45wurAfWr-QyLYc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9e11b8e19ae07381-PER
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

POST
H3 204 ping
pagead2.googlesyndication.com/pagead/ 0
0 387ms
192ms Fetch
image/gif 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/ping?e=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202603170101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://paint.toys/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 24 Mar 2026 00:57:31 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2

200

us.gif
sync.go.sonobi.com/ Frame EB1B
Redirect Chain

https://p.rfihub.com/cm?pub=35683&in=1
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1975180318824543919

49 B
750 B

427ms
427ms

Image
image/gif

72.34.249.225
XFERNET

General

Check archive.org

Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1975180318824543919

Requested by

Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?gdpr=&gdpr_consent=&us_privacy=&loc=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dsonobi%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BUID%5D

Protocol

Server

72.34.249.225 , United States, ASN27630 (AS-XFERNET - XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

cache-control: no-cache, no-store, private
pragma: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 49
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date: Tue, 24 Mar 2026 00:57:32 GMT
tcn: Choice
content-type: image/gif
vary: negotiate,Accept-Encoding
server: sonobi-go
x-go-server: go-lax-1-5-36
x-xss-protection: 0

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=zt&nuid=1975180318824543919
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date: Tue, 24 Mar 2026 00:57:32 GMT
Server: Jetty(9.4.51.v20230217)

GET
H2

200

us.gif
sync.go.sonobi.com/ Frame EB1B
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=&gdpr=0&gdpr_consent=
https://sync.go.sonobi.com/us.gif?nw=td&nuid=97f39a7c-5982-42c0-86d2-649773acdd79&pubid=

49 B
768 B

310ms
310ms

Image
image/gif

72.34.249.225
XFERNET

General

Check archive.org

Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=td&nuid=97f39a7c-5982-42c0-86d2-649773acdd79&pubid=

Requested by

Protocol

Server

72.34.249.225 , United States, ASN27630 (AS-XFERNET - XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

cache-control: no-cache, no-store, private
pragma: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 49
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date: Tue, 24 Mar 2026 00:57:31 GMT
tcn: Choice
content-type: image/gif
vary: negotiate,Accept-Encoding
server: sonobi-go
x-go-server: go-lax-1-5-36
x-xss-protection: 0

Redirect headers

location: https://sync.go.sonobi.com/us.gif?nw=td&nuid=97f39a7c-5982-42c0-86d2-649773acdd79&pubid=
content-length: 207
date: Tue, 24 Mar 2026 00:57:31 GMT
server: Kestrel

GET
H2

200

us.gif
sync.go.sonobi.com/ Frame EB1B
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=286
https://sync.go.sonobi.com/us.gif?nw=st&nuid=35EQdmtSVxh17Walk1vmlmds5_U

49 B
759 B

408ms
407ms

Image
image/gif

72.34.249.225
XFERNET

General

Check archive.org

Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=st&nuid=35EQdmtSVxh17Walk1vmlmds5_U

Requested by

Protocol

Server

72.34.249.225 , United States, ASN27630 (AS-XFERNET - XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

cache-control: no-cache, no-store, private
pragma: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 49
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date: Tue, 24 Mar 2026 00:57:32 GMT
tcn: Choice
content-type: image/gif
vary: negotiate,Accept-Encoding
server: sonobi-go
x-go-server: go-lax-1-5-36
x-xss-protection: 0

Redirect headers

Location: https://sync.go.sonobi.com/us.gif?nw=st&nuid=35EQdmtSVxh17Walk1vmlmds5_U
Content-Length: 99
Date: Tue, 24 Mar 2026 00:57:32 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive

GET
H2

200

us.gif
sync.go.sonobi.com/ Frame EB1B
Redirect Chain

https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=&expires=365
https://x.bidswitch.net/ul_cb/sync?ssp=sonobi&gdpr=0&gdpr_consent=&expires=365
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sonobi&bsw_param=af83d098-46e0-4192-95f2-f2da33b7063b&google_hm=YWY4M2QwOTgtNDZlMC00MTkyLTk1ZjItZjJkYTMzYjcwNjNi&...
https://x.bidswitch.net/sync?dsp_id=16&user_id=CAESEG3Mt4E36feMYQdFQLtMx54&google_cver=1&ssp=sonobi&bsw_param=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr_consent=&gdpr=0
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent=&us_privacy=

49 B
768 B

391ms
391ms

Image
image/gif

72.34.249.225
XFERNET

General

Check archive.org

Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent=&us_privacy=

Requested by

Protocol

Server

72.34.249.225 , United States, ASN27630 (AS-XFERNET - XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

cache-control: no-cache, no-store, private
pragma: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 49
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date: Tue, 24 Mar 2026 00:57:32 GMT
tcn: Choice
content-type: image/gif
vary: negotiate,Accept-Encoding
server: sonobi-go
x-go-server: go-lax-1-5-36
x-xss-protection: 0

Redirect headers

via: 1.1 google
cache-control: no-cache, no-store, must-revalidate
location: //sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent=&us_privacy=
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:32 GMT

GET
H2

200

us.gif
sync.go.sonobi.com/ Frame EB1B
Redirect Chain

https://www.temu.com/api/adx/cm/pixel-sonobi?id=bf92221e-d80d-439e-be8b-0155cdbea91b&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dtu%26nuid%3Dbf92221e-d80d-439e-be8b-0155cdbea91b
https://sync.go.sonobi.com/us.gif?nw=tu&nuid=bf92221e-d80d-439e-be8b-0155cdbea91b

49 B
768 B

531ms
531ms

Image
image/gif

72.34.249.225
XFERNET

General

Check archive.org

Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=tu&nuid=bf92221e-d80d-439e-be8b-0155cdbea91b

Requested by

Protocol

Server

72.34.249.225 , United States, ASN27630 (AS-XFERNET - XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

cache-control: no-cache, no-store, private
pragma: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 49
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date: Tue, 24 Mar 2026 00:57:32 GMT
tcn: Choice
content-type: image/gif
vary: negotiate,Accept-Encoding
server: sonobi-go
x-go-server: go-lax-1-5-36
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache: MISS
date: Tue, 24 Mar 2026 00:57:31 GMT
x-served-by: cache-per-ypph1920035-PER
x-cache-hits: 0
strict-transport-security: max-age=31536000
yak-timeinfo: 1774313851506|3
location: https://sync.go.sonobi.com/us.gif?nw=tu&nuid=bf92221e-d80d-439e-be8b-0155cdbea91b
x-timer: S1774313851.386374,VS0,VE244
content-security-policy-report-only: default-src 'none';script-src 'report-sample';report-uri /api/sec-csp/110000007/sec-gif
via: 1.1 varnish
x-gateway-request-id: 1774313851506-09c8ee78c73afd8a5d82a4019d1d58ca72-30
accept-ranges: bytes
cip: 103.108.231.245
content-length: 0
server: nginx

GET
H2

200

us.gif
sync.go.sonobi.com/ Frame EB1B
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?p=166397&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D166397%26mpc%3D4%26fp%3D1%26pmc%3DP...
https://image8.pubmatic.com/AdServer/ImgSync?p=166397&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fp%3D166397%26mpc%3D4%26fp%3D1%26pmc%3DP...
https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=REM2REYwODYtN0JCOS00MDBFLUI3QjktNzQwRDY1ODU3MUI4&gdpr=0&gdpr_consent=&google_cm
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENus9K45FbDvO_pIAI57C80&google_cver=1
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=&us_privacy=
https://image4.pubmatic.com/AdServer/SPug?fp=1&gdpr=0&gdpr_consent=&gpp=&gpp_sid=%24&mpc=4&p=166397&pmc=1&pr=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpm%26nuid%3DDC6DF086-7BB9-400E-B7B9-740...
https://sync.go.sonobi.com/us.gif?nw=pm&nuid=DC6DF086-7BB9-400E-B7B9-740D658571B8

49 B
843 B

571ms
570ms

Image
image/gif

72.34.249.225
XFERNET

General

Check archive.org

Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=pm&nuid=DC6DF086-7BB9-400E-B7B9-740D658571B8

Requested by

Protocol

Server

72.34.249.225 , United States, ASN27630 (AS-XFERNET - XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

cache-control: no-cache, no-store, private
pragma: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 49
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date: Tue, 24 Mar 2026 00:57:33 GMT
tcn: Choice
content-type: image/gif
vary: negotiate,Accept-Encoding
server: sonobi-go
x-go-server: go-lax-1-5-36
x-xss-protection: 0

Redirect headers

strict-transport-security: max-age=16070400; includeSubDomains
cache-control: no-store, no-cache, private
location: https://sync.go.sonobi.com/us.gif?nw=pm&nuid=DC6DF086-7BB9-400E-B7B9-740D658571B8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 24 Mar 2026 00:57:33 GMT
server: nginx

GET
H2

200

us.gif
sync.go.sonobi.com/ Frame EB1B
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=140&gdpr=0&gdpr_consent=
https://pixel-sync.sitescout.com/dmp/pixelSync?cookieQ=1&nid=140&gdpr=0&gdpr_consent=
https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D1389%26tp%3DSTS...
https://pixel.tapad.com/idsync/ex/push/check?partner_id=2499&partner_device_id=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&partner_url=https%3A%2F%2Fsync.crwdcntrl.net%2Fqmap%3Fc%3D1389%26tp...
https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dbs%26nuid%3D8925b5f2-3...
https://sync.go.sonobi.com/us.gif?nw=bs&nuid=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&gdpr=0&gdpr_consent=

49 B
782 B

489ms
489ms

Image
image/gif

72.34.249.225
XFERNET

General

Check archive.org

Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=bs&nuid=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&gdpr=0&gdpr_consent=

Requested by

Protocol

Server

72.34.249.225 , United States, ASN27630 (AS-XFERNET - XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

cache-control: no-cache, no-store, private
pragma: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 49
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date: Tue, 24 Mar 2026 00:57:33 GMT
tcn: Choice
content-type: image/gif
vary: negotiate,Accept-Encoding
server: sonobi-go
x-go-server: go-lax-1-5-36
x-xss-protection: 0

Redirect headers

strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: no-cache
location: https://sync.go.sonobi.com/us.gif?nw=bs&nuid=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&gdpr=0&gdpr_consent=
pragma: no-cache
expires: 0
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT

GET
H2

200

us.gif
sync.go.sonobi.com/ Frame EB1B
Redirect Chain

https://sync.mathtag.com/sync/img?cs_wd_sy=1&dp=43&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dif%26nuid%3D[MM_UUID]%26uid%3Dbf92221e-d80d-439e-be8b-0155cdbea91b
https://sync.go.sonobi.com/us.gif?nw=if&nuid=b32b69c1-e17c-4c00-823c-e54643bf3f3f&uid=bf92221e-d80d-439e-be8b-0155cdbea91b

49 B
768 B

540ms
540ms

Image
image/gif

72.34.249.225
XFERNET

General

Check archive.org

Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=if&nuid=b32b69c1-e17c-4c00-823c-e54643bf3f3f&uid=bf92221e-d80d-439e-be8b-0155cdbea91b

Requested by

Protocol

Server

72.34.249.225 , United States, ASN27630 (AS-XFERNET - XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

cache-control: no-cache, no-store, private
pragma: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 49
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date: Tue, 24 Mar 2026 00:57:32 GMT
tcn: Choice
content-type: image/gif
vary: negotiate,Accept-Encoding
server: sonobi-go
x-go-server: go-lax-1-5-36
x-xss-protection: 0

Redirect headers

X-Permitted-Cross-Domain-Policies: all
X-Content-Type-Options: nosniff
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Tue, 24 Mar 2026 00:57:32 GMT
Content-Type: image/gif
Strict-Transport-Security: 31536000
Cache-Control: no-cache,no-store,must-revalidate
location: https://sync.go.sonobi.com/us.gif?nw=if&nuid=b32b69c1-e17c-4c00-823c-e54643bf3f3f&uid=bf92221e-d80d-439e-be8b-0155cdbea91b
Pragma: no-cache
Connection: keep-alive
Cross-Origin-Resource-Policy: cross-origin
Referrer-Policy: strict-origin
Access-Control-Allow-Origin: *
Content-Length: 0
X-XSS-Protection: 0
Server: MT3 2373 98ac4b7 master ord ord-pixel-x51 config_version:"1131"

GET
H2

200

us.gif
sync.go.sonobi.com/ Frame EB1B
Redirect Chain

https://creativecdn.com/cm-notify?pi=sonobi
https://creativecdn.com/cm-notify?pi=sonobi&tc=1
https://sync.go.sonobi.com/us.gif?nw=rh&nuid=r5un3n8FevsvPj7mwWcAhmCbp4iS_GCRl-f4TJnKHUY&pi=sonobi&tc=1

49 B
850 B

310ms
309ms

Image
image/gif

72.34.249.225
XFERNET

General

Check archive.org

Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=rh&nuid=r5un3n8FevsvPj7mwWcAhmCbp4iS_GCRl-f4TJnKHUY&pi=sonobi&tc=1

Requested by

Protocol

Server

72.34.249.225 , United States, ASN27630 (AS-XFERNET - XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

cache-control: no-cache, no-store, private
pragma: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 49
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date: Tue, 24 Mar 2026 00:57:33 GMT
tcn: Choice
content-type: image/gif
vary: negotiate,Accept-Encoding
server: sonobi-go
x-go-server: go-lax-1-5-36
x-xss-protection: 0

Redirect headers

expires: Thu, 01 Jan 1970 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate, private, max-age=0
location: https://sync.go.sonobi.com/us.gif?nw=rh&nuid=r5un3n8FevsvPj7mwWcAhmCbp4iS_GCRl-f4TJnKHUY&pi=sonobi&tc=1
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
pragma: no-cache
vary: Accept-Encoding

GET
H2

200

us.gif
sync.go.sonobi.com/ Frame EB1B
Redirect Chain

https://bh.contextweb.com/bh/rtset?do=add&pid=560606&ev=bf92221e-d80d-439e-be8b-0155cdbea91b&daaqp=1&rurl=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dpp%26nuid%3D%25%25VGUID%25%25
https://cm.g.doubleclick.net/pixel?google_nid=contextweb&google_cm&google_sc&google_hm=cmcySHRWSHRTWUR1TVhOa19TN2M1UQ&gdpr=&gdpr_consent=
https://bh.contextweb.com/bh/rtset?do=add&pid=547259&gdpr=&gdpr_consent=&ev=CAESEIJ7Kqs895k-ld94kJe6aUU&google_cver=1
https://sync.go.sonobi.com/us.gif?nw=pp&nuid=uLFDBHCCL3Rf

49 B
743 B

378ms
378ms

Image
image/gif

72.34.249.225
XFERNET

General

Check archive.org

Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=pp&nuid=uLFDBHCCL3Rf

Requested by

Protocol

Server

72.34.249.225 , United States, ASN27630 (AS-XFERNET - XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

cache-control: no-cache, no-store, private
pragma: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 49
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date: Tue, 24 Mar 2026 00:57:32 GMT
tcn: Choice
content-type: image/gif
vary: negotiate,Accept-Encoding
server: sonobi-go
x-go-server: go-lax-1-5-36
x-xss-protection: 0

Redirect headers

cache-control: private, max-age=0, no-cache, no-store
location: https://sync.go.sonobi.com/us.gif?nw=pp&nuid=uLFDBHCCL3Rf
timing-allow-origin: *
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cw-server: bh-deployment-54b7cb7d5-6krqh
expires: -1
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language: en-AU
server: Jetty(12.0.22)

GET
H2

200

us.gif
sync.go.sonobi.com/ Frame EB1B
Redirect Chain

https://ib.adnxs.com/getuid?https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=$UID
https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=3655796931204238726

49 B
750 B

309ms
308ms

Image
image/gif

72.34.249.225
XFERNET

General

Check archive.org

Download Go to Show image

Full URL

https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=3655796931204238726

Requested by

Protocol

Server

72.34.249.225 , United States, ASN27630 (AS-XFERNET - XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

cache-control: no-cache, no-store, private
pragma: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 49
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date: Tue, 24 Mar 2026 00:57:32 GMT
tcn: Choice
content-type: image/gif
vary: negotiate,Accept-Encoding
server: sonobi-go
x-go-server: go-lax-1-5-36
x-xss-protection: 0

Redirect headers

cache-control: no-store, no-cache, private
location: https://sync.go.sonobi.com/us.gif?nw=appnex&nuid=3655796931204238726
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 103.108.231.245; 103.108.231.245; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; *.adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: 5cc8ece6-127f-40c4-b155-1c16b80111e8
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.25.5

GET
H2 204 feeeee7941a3729706aafcc88658ed50.gif
cs.krushmedia.com/ Frame EB1B 0
41 B 1294ms
649ms Image
text/plain 80.77.82.130
NatCoWeb Corp.

General

Check archive.org

Download Go to Show image

Full URL: https://cs.krushmedia.com/feeeee7941a3729706aafcc88658ed50.gif?puid=bf92221e-d80d-439e-be8b-0155cdbea91b&redir=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dkr%26nuid%3D[UID]
Requested by: Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?gdpr=&gdpr_consent=&us_privacy=&loc=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dsonobi%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BUID%5D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 80.77.82.130 Clifton, United States, ASN46636 (NATCOWEB - NatCoWeb Corp., US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

date: Tue, 24 Mar 2026 00:57:33 GMT
server: nginx

GET
H2

200

engine
fei.pro-market.net/ Frame EB1B
Redirect Chain

https://fei.pro-market.net/engine?du=46&site=161318&size=1x1&mimetype=img&csync=bf92221e-d80d-439e-be8b-0155cdbea91b
https://fei.pro-market.net/engine?du=46&site=161318&size=1x1&mimetype=img&csync=bf92221e-d80d-439e-be8b-0155cdbea91b&sr

43 B
452 B

301ms
301ms

Image
image/gif

172.67.75.205
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://fei.pro-market.net/engine?du=46&site=161318&size=1x1&mimetype=img&csync=bf92221e-d80d-439e-be8b-0155cdbea91b&sr
Requested by: Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?gdpr=&gdpr_consent=&us_privacy=&loc=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dsonobi%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BUID%5D
Protocol: H2
Server: 172.67.75.205 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3331a0486cb3e8a75c8c2fdf02bf80fd8fe2b811dfe5c7b4aa892d38bfcf604a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=x1LNCWfn56ZQlzMuzgEBSu0c2ZJkUfJDcHghmfwrK4eFawR5TlTxFNcyvn8E5GwEEFwS36AEKHH6a6Yw6cB0t6PeQSZ08EQNsHZA5pE0BQ%3D%3D"}]}
anserver: gapp4
expires: Mon, 1 Jan 1990 0:0:0 GMT
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 9e11b8eddfe98671-PER
access-control-allow-origin: *
content-length: 43
server: cloudflare

Redirect headers

cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=eRTo9J%2BFw2uLyb5%2FNd0v1fM82QYLtpwWCnCGT4QNq7eM%2F%2FLT18eEwuZZsHivpbLNnelNcQ2C7H2usRWmZgoFC4k%2FXDrERrw4s03IpZtVMg%3D%3D"}]}
anserver: gapp7
expires: Mon, 1 Jan 1990 0:0:0 GMT
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
location: https://fei.pro-market.net/engine?du=46&site=161318&size=1x1&mimetype=img&csync=bf92221e-d80d-439e-be8b-0155cdbea91b&sr
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
pragma: no-cache
access-control-allow-credentials: true
via: 1.1 google
cf-ray: 9e11b8ebfe078671-PER
access-control-allow-origin: *
content-length: 0
server: cloudflare

GET ID1=bf92221e-d80d-439e-be8b-0155cdbea91b
d.turn.com/r/dd/id/L21rdC84MTYvY2lkLzE3NDc3OTM0OTIvdC8y/kv/ Frame EB1B 0
0

GET
H/1.1 200 ecm3
s.amazon-adsystem.com/ Frame EB1B 43 B
477 B 1224ms
566ms Image
image/gif 98.82.156.207
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?ex=sonobi.com&id=bf92221e-d80d-439e-be8b-0155cdbea91b

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

98.82.156.207 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-98-82-156-207.compute-1.amazonaws.com

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid: WE2RM9KXZG13CA557WVA
Content-Length: 43
Date: Tue, 24 Mar 2026 00:57:33 GMT
Content-Type: image/gif
Vary: Content-Type,Accept-Encoding,User-Agent
Server: Server

GET
H3 400 m
cm.mgid.com/ Frame EB1B 11 B
256 B 360ms
279ms Image
text/plain 104.17.201.65
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL

https://cm.mgid.com/m?cdsp=834149&c=bf92221e-d80d-439e-be8b-0155cdbea91b

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.17.201.65 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7c41b898c5da0cfa4aa049b65ef50248bce9a72d24bef4c723786431921b75aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

strict-transport-security: max-age=15552000; includeSubDomains; preload
x-robots-tag: noindex
cf-cache-status: DYNAMIC
speculation-rules: "/cdn-cgi/speculation"
cf-ray: 9e11b8eec87cd132-PER
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 11
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: text/plain; charset=utf-8
server: cloudflare
priority: u=3,i

GET
H2

200

usg.gif
sync.go.sonobi.com/ Frame EB1B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=sonobi&google_cm&google_hm=YmY5MjIyMWUtZDgwZC00MzllLWJlOGItMDE1NWNkYmVhOTFi
https://sync.go.sonobi.com/usg.gif?google_gid=CAESED50zQ1ftrl-eEGJaO4K1QA&google_cver=1

49 B
837 B

560ms
560ms

Image
image/gif

72.34.249.225
XFERNET

General

Check archive.org

Download Go to Show image

Full URL

https://sync.go.sonobi.com/usg.gif?google_gid=CAESED50zQ1ftrl-eEGJaO4K1QA&google_cver=1

Requested by

Protocol

Server

72.34.249.225 , United States, ASN27630 (AS-XFERNET - XFERNET, US),

Reverse DNS

Software

sonobi-go /

Resource Hash

8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

cache-control: no-cache, no-store, private
pragma: no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
content-length: 49
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date: Tue, 24 Mar 2026 00:57:33 GMT
tcn: Choice
content-type: image/gif
vary: negotiate,Accept-Encoding
server: sonobi-go
x-go-server: go-lax-1-5-36
x-xss-protection: 0

Redirect headers

cache-control: no-cache, must-revalidate
location: https://sync.go.sonobi.com/usg.gif?google_gid=CAESED50zQ1ftrl-eEGJaO4K1QA&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 288
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET

iu3
s.amazon-adsystem.com/ Frame EB1B
Redirect Chain

https://s.amazon-adsystem.com/x/7318ffc0e8fa1d771446
https://s.amazon-adsystem.com/iu3?cm3ppd=1&d=dtb-pub&dl=snb&dcc=t

0
0

GET
H3

200

pixel
capi.connatix.com/us/ Frame EB1B
Redirect Chain

https://capi.connatix.com/us/pixel?puid=bf92221e-d80d-439e-be8b-0155cdbea91b&pId=43&gdpr_consent=&callback=&us_privacy=
https://capi.connatix.com/us/pixel?puid=bf92221e-d80d-439e-be8b-0155cdbea91b&pId=43&gdpr_consent=&callback=&us_privacy=&final=true

82 B
82 B

266ms
265ms

Image
image/gif

172.64.146.152
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://capi.connatix.com/us/pixel?puid=bf92221e-d80d-439e-be8b-0155cdbea91b&pId=43&gdpr_consent=&callback=&us_privacy=&final=true
Requested by: Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?gdpr=&gdpr_consent=&us_privacy=&loc=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dsonobi%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BUID%5D
Protocol: H3
Server: 172.64.146.152 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

surrogate-control: no-cache, no-store, must-revalidate, max-age=0
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, max-age=0
content-encoding: gzip
cf-cache-status: DYNAMIC
cf-ray: 9e11b8f0da78274a-ADL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 95
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: image/gif
vary: Accept-Encoding
server: cloudflare
priority: u=3,i
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model

Redirect headers

access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, max-age=0
location: https://capi.connatix.com/us/pixel?puid=bf92221e-d80d-439e-be8b-0155cdbea91b&pId=43&gdpr_consent=&callback=&us_privacy=&final=true
cf-cache-status: DYNAMIC
cf-ray: 9e11b8ef39a4274a-ADL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
server: cloudflare
priority: u=3,i
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model

GET
H2 200 ibs:dpid=87880&dpuuid=bf92221e-d80d-439e-be8b-0155cdbea91b
dpm.demdex.net/ Frame EB1B 42 B
717 B 834ms
513ms Image
image/gif 54.71.255.99
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=87880&dpuuid=bf92221e-d80d-439e-be8b-0155cdbea91b

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.71.255.99 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-71-255-99.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-usw2-2-v082-0e5771e7d.edge-usw2.demdex.com 2 ms
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
x-tid: k6nQ5z3hTlQ=
expires: Thu, 01 Jan 1970 00:00:00 UTC
content-length: 59
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Tue, 24 Mar 2026 00:57:34 GMT
content-type: image/gif

GET
H3 200 setuid
pbs.intergient.com/ Frame EB1B 0
474 B 303ms
302ms Image
application/json 104.18.21.56
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://pbs.intergient.com/setuid?bidder=sonobi&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=b&uid=bf92221e-d80d-439e-be8b-0155cdbea91b
Requested by: Host: sync.go.sonobi.com
URL: https://sync.go.sonobi.com/uc.html?gdpr=&gdpr_consent=&us_privacy=&loc=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dsonobi%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%5BUID%5D
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.21.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://sync.go.sonobi.com/

Response headers

content-encoding: br
access-control-allow-credentials: true
x-proxy-host: prebid.intergient.com
cf-ray: 9e11b8efba654e37-PER
access-control-allow-origin: https://pbs.intergient.com
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
priority: u=3,i

GET j
rp.liadm.com/ 0
0

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
110 B 53ms
53ms Fetch
image/gif 172.66.148.140
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.8165253904321704
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.148.140 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 887629
x-goog-stored-content-encoding: identity
expires: Fri, 13 Mar 2026 19:10:47 GMT
x-goog-stored-content-length: 43
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: ABgVH8-8d6tsHANUa2r84JrwjQITmm63V7aSPrfwA9n_jkotwDDYByg5ASpAwhKW45wurAfWr-QyLYc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9e11b8e2cbe77381-PER
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H3 200 bookads2. Show response
fundingchoicesmessages.google.com/f/AGSKWxXTn8R9Guwz_yF1zpq9cYGwlX1V0nhCyZXWVwnjYUrHtwUw60ftaHvBxSruQGUm2wk7NX7xfptZl-M8BzUVi0RmjO8B6JxBvvJRAlQlJBlB9DmXGy_DX57uJ-wRZ7Kt2J_rbGnx9S8duMGG5ExcnarVwW9v3... 54 B
108 B 200ms
199ms Script
application/javascript 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxXTn8R9Guwz_yF1zpq9cYGwlX1V0nhCyZXWVwnjYUrHtwUw60ftaHvBxSruQGUm2wk7NX7xfptZl-M8BzUVi0RmjO8B6JxBvvJRAlQlJBlB9DmXGy_DX57uJ-wRZ7Kt2J_rbGnx9S8duMGG5ExcnarVwW9v3JobkHmCTYVl2Re9asA9lN-1pGwP5Pi_/_/adPositions./ads/250x120__adbar./syads./bookads2.

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.-lEl6dCKlBQ.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMzg5uW6mqIg6XEqAXrMXA97biCqHw/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

5982999d08bad1b9ce3bca1c5fc8d8a0210a933ed0daa7c756ba87d4e8571df4

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-x1rfBXR9WAItNpUTcdCSbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjamHU4pJicNKQYjh56zbTRSBuvXmOdToQlyw6z9oGxF1APAeIDRUusToD8Yf6y6w_gLhI4gprCxB_qrrBKlJ9gzWcy4ctHoi_FfuycZT4sj2Z4sf2DYhZ3vqzqR0NYLMA4oXTAtlWAvGLdYFsH4D4TkwQ2xMgFuLh-H2o_RybQMP8O6cYlTSS8gvjk_PzSooyk0pL8ovSktNSi1OLylKL4o0MjMwMjI2M9AzM4wsMAOLDSm8"
content-security-policy: script-src 'report-sample' 'nonce-x1rfBXR9WAItNpUTcdCSbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H3 200 lidar.js Show response
pagead2.googlesyndication.com/pagead/js/ 265 KB
83 KB 288ms
97ms Script
text/javascript 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/lidar.js?fcd=true

Requested by

Host:
URL: /_/mss/boq-content-ads-contributor/_/js/k=boq-content-ads-contributor.ContributorServingResponseClientJs.en_GB.-lEl6dCKlBQ.es5.O/d=1/exm=kernel_loader,loader_js_executable,web_iab_tcf_v2_signal_executable/ed=1/rs=AJlcJMzg5uW6mqIg6XEqAXrMXA97biCqHw/m=ad_blocking_detection_executable

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

b1237ee8ac5386652ce89142a5a0d2cbe8e5cfc86659e62fa4e079541547c995

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: br
etag: 14287699782100077321
age: 2478
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 01:16:13 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 24 Mar 2026 00:16:13 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 85082
x-xss-protection: 0
server: cafe

POST
H3 204 AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 204ms
203ms XHR
text/html 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-DNV4PSwTlAfl3QsxebzsMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjMtDikmII0pBi-FB_mfUHEIdz-bDFA_HCaYFsK4H4xbpAtg9AfCcmiO0JEAvxcPw-1H6OTWDC0cmnGZVckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRmYGxkZGegXl8gQEAulMwbw"
content-security-policy: script-src 'report-sample' 'nonce-DNV4PSwTlAfl3QsxebzsMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://paint.toys
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 193ms
193ms Fetch
image/x-icon 142.250.207.6
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.5988159750438634

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.207.6 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzsyda-ah-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Wed, 25 Mar 2026 00:57:31 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

POST
H3 204 AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 209ms
208ms XHR
text/html 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-SvfugenAxPh4P2iactt4eQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjMtDikmJw0pBi-FB_mfUHEIdz-bDFA_HCaYFsK4H4xbpAtg9AfCcmiO0JEAvxcPw-1H6OTeDG2c41TEouSfmF8cn5eSWpeSW6iSnFuiB2UWZSaUl-EQo7tQykIic_PT0zLz3eyMDIzMDYyEjPwDy-wAAAvnAwhw"
content-security-policy: script-src 'report-sample' 'nonce-SvfugenAxPh4P2iactt4eQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://paint.toys
content-length: 0
x-xss-protection: 0
server: ESF

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 007F 423 B
919 B 216ms
215ms Fetch
application/json 182.161.73.131
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=publishertagids&domain=paint.toys&sn=ChromeSyncframe&so=3&topUrl=paint.toys&bundle=O9WoMl9WWXJnOVVydTFwVnBsdFdUMnNKeUZySlRkNmliRCUyRlhiTm9ZaTVCNEl5dSUyQkhTVXY4R2FNQ0Rnem9nb0RiSExpcGJwU2RsTzg5VkJhUTNQSTVHQUhYSHZLcVNxUiUyRm56STVzMmFVRzVwR1kwNFZYQUdWenBCTVhGSDVFV1I3QXVsUA

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=paint.toys&gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.131 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

79a9f1d2a8d0261fe1dd113d7cdc5bffb4d0c5d02d30ac3355dbf01ebca31961

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=paint.toys&gdpr=0&gdpr_consent=

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
server-processing-duration-in-ticks: 673025
expires: 0
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H2

200

xuid
eb2.3lift.com/ Frame 4345
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=svx9t50&ttd_tpi=1&gdpr=0&gdpr_consent=&gpp=&gpp_sid=
https://eb2.3lift.com/xuid?mid=3658&xuid=97f39a7c-5982-42c0-86d2-649773acdd79&dongle=0cfd&gdpr=0&gdpr_consent=

37 B
473 B

297ms
296ms

Image
image/gif

3.0.38.223
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3658&xuid=97f39a7c-5982-42c0-86d2-649773acdd79&dongle=0cfd&gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: image/gif

Redirect headers

location: https://eb2.3lift.com/xuid?mid=3658&xuid=97f39a7c-5982-42c0-86d2-649773acdd79&dongle=0cfd&gdpr=0&gdpr_consent=
content-length: 251
date: Tue, 24 Mar 2026 00:57:31 GMT
server: Kestrel

GET
H2

200

xuid
eb2.3lift.com/ Frame 4345
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&google_cm&google_sc&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEOPpam2E5YiAb1EpikpZCS4&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1

37 B
473 B

305ms
304ms

Image
image/gif

3.0.38.223
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEOPpam2E5YiAb1EpikpZCS4&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/gif

Redirect headers

cache-control: no-cache, must-revalidate
location: https://eb2.3lift.com/xuid?mid=5989&xuid=CAESEOPpam2E5YiAb1EpikpZCS4&dongle=c627&gdpr=0&gdpr_consent=&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 332
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 4345
Redirect Chain

https://eb2.3lift.com/sync/google/demand?sync=1&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDMzMTg3Nzc3MTAwMzE0ODU1MzQ2MQ%3D%3D

170 B
232 B

279ms
279ms

Image
image/png

142.250.183.34
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDMzMTg3Nzc3MTAwMzE0ODU1MzQ2MQ%3D%3D

Requested by

Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID

Protocol

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

date: Tue, 24 Mar 2026 00:57:31 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=triplelift&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDMzMTg3Nzc3MTAwMzE0ODU1MzQ2MQ%3D%3D
content-length: 0

GET
H2 200 setuid
px.ads.linkedin.com/ Frame 4345 0
655 B 470ms
277ms Image
text/plain 150.171.22.12
Microsoft Corpora...

General

Check archive.org

Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=tripleliftdbredirect&tlUid=4331877771003148553461&dbredirect=true&gdpr=0&consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 150.171.22.12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 2DD3641D7C444B389E855B8AD286FFF1 Ref B: PER201000404062 Ref C: 2026-03-24T00:57:31Z
x-li-fabric: prod-ltx1
x-li-uuid: AAZNuqLefog99Yz9D6p6qA==
x-li-proto: http/2
alt-svc: h3=":443"; ma=86400
x-cache: CONFIG_NOCACHE
content-length: 0
date: Tue, 24 Mar 2026 00:57:31 GMT

GET
H2

204

ebda
eb2.3lift.com/ Frame 4345
Redirect Chain

https://eb2.3lift.com/ebda?sync=1&gdpr=0&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=tl&gdpr=0&gdpr_consent=&us_privacy=&google_hm=NDMzMTg3Nzc3MTAwMzE0ODU1MzQ2MQ%3D%3D
https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=

0
280 B

305ms
303ms

Image
text/plain

3.0.38.223
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

date: Tue, 24 Mar 2026 00:57:32 GMT

Redirect headers

cache-control: no-cache, must-revalidate
location: https://eb2.3lift.com/ebda?gdpr=0&gdpr_consent=
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 248
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET setuid
pbs.yahoo.com/ Frame 4345 0
0

GET
H/1.1 200
OK 88342
i.liadm.com/s/ Frame 4345 0
208 B 1264ms
305ms Image
text/plain 52.86.211.58
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://i.liadm.com/s/88342?bidder_id=246498&bidder_uuid=4331877771003148553461&gpp_s=&gpp_as=

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.86.211.58 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-86-211-58.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 0
Date: Tue, 24 Mar 2026 00:57:32 GMT
trace-id: 11331c4beae4cb4f
Request-Time: 0
Connection: keep-alive

GET
H/1.1 200
OK 88342
i.liadm.com/s/ Frame 4345 0
208 B 1263ms
305ms Image
text/plain 52.86.211.58
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://i.liadm.com/s/88342?bidder_id=246498&bidder_uuid=4331877771003148553461

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.86.211.58 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-52-86-211-58.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 0
Date: Tue, 24 Mar 2026 00:57:32 GMT
trace-id: 1e7282f6741604d4
Request-Time: 0
Connection: keep-alive

GET
H2

200

xuid
eb2.3lift.com/ Frame 4345
Redirect Chain

https://ups.analytics.yahoo.com/ups/58932/cms?gdpr=0&gdpr_consent=&gpp=&gpp_sid=
https://eb2.3lift.com/xuid?mid=2662&xuid=y-Qs.8vBJE2oTzTKe8g5uJZKX8vufgZdphHiVOoGsrPA--~A&dongle=0883&gdpr=0

37 B
473 B

181ms
177ms

Image
image/gif

3.0.38.223
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2662&xuid=y-Qs.8vBJE2oTzTKe8g5uJZKX8vufgZdphHiVOoGsrPA--~A&dongle=0883&gdpr=0
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/gif

Redirect headers

strict-transport-security: max-age=31536000
location: https://eb2.3lift.com/xuid?mid=2662&xuid=y-Qs.8vBJE2oTzTKe8g5uJZKX8vufgZdphHiVOoGsrPA--~A&dongle=0883&gdpr=0
age: 0
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: text/html
server: ATS

GET
H2

200

xuid
eb2.3lift.com/ Frame 4345
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=13&gdpr=0&gdpr_consent=&gpp=&gpp_sid=
https://eb2.3lift.com/xuid?mid=2319&xuid=0-df911076-6b52-5718-75ed-66a5935be696$ip$103.108.231.245&dongle=4430

37 B
473 B

305ms
304ms

Image
image/gif

3.0.38.223
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2319&xuid=0-df911076-6b52-5718-75ed-66a5935be696$ip$103.108.231.245&dongle=4430
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Protocol: H2
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: image/gif

Redirect headers

Location: https://eb2.3lift.com/xuid?mid=2319&xuid=0-df911076-6b52-5718-75ed-66a5935be696$ip$103.108.231.245&dongle=4430
Content-Length: 141
Date: Tue, 24 Mar 2026 00:57:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive

GET
H3 200 setuid
pbs.intergient.com/ Frame 4345 0
400 B 355ms
305ms Image
application/json 104.18.21.56
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://pbs.intergient.com/setuid?bidder=triplelift&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=b&uid=4331877771003148553461
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?gdpr=&cmp_cs=&us_privacy=&gpp=&gpp_sid=&redir=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dtriplelift%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24UID
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.18.21.56 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

content-encoding: br
access-control-allow-credentials: true
x-proxy-host: prebid.intergient.com
cf-ray: 9e11b8e588874e37-PER
access-control-allow-origin: https://pbs.intergient.com
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare
priority: u=3,i

GET j
rp.liadm.com/ 0
0

POST
H3 204 AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 206ms
206ms XHR
text/html 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-oPrOK8BLLS5-2xGkVEehpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjMtDikmLw15Bi-FB_mfUHEIdz-bDFA_HCaYFsK4H4xbpAtg9AfCcmiO0JEAvxcPw-1H6OTeDHjQermJVckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRmYGxkZGegXl8gQEA6gQxFQ"
content-security-policy: script-src 'report-sample' 'nonce-oPrOK8BLLS5-2xGkVEehpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://paint.toys
content-length: 0
x-xss-protection: 0
server: ESF

POST
H3 204 AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 204ms
203ms XHR
text/html 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxUHdcyCmQ-0e8-EBU8Q4oWKIvRATzmxWH9DeeqdO8Vo-S_I5HRwBHsaxYPOXQOZkNS3wOYBjX8XXGls8h9Z6vejleEipsC8o2Z7iKYBLDOO80DkF-5BGNKjWRLcoYpRCxRMkHz5lQ==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-7R-guz4szmtgvtvYTHbkaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjMtDikmLw15Bi-FB_mfUHEIdz-bDFA_HCaYFsK4H4xbpAtg9AfCcmiO0JEAvxcPw-1H6OTeDAxkmrmJVckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRmYGxkZGegXl8gQEAuBgwaA"
content-security-policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport, script-src 'report-sample' 'nonce-7R-guz4szmtgvtvYTHbkaw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://paint.toys
content-length: 0
x-xss-protection: 0
server: ESF

GET
H3 200 AGSKWxU1lbTffNCRE3EML4_sZ2KMGTkq9Z1sOPVOHXnR48EOEeK81_xF6bPadMB3KYLyYSEVIaP4uafZ1oTfE3vZhT9VCPOot9O5aeO4VEl2iH1-vHS5IVejbHI1tH4ArMuwB6dLTkudeg== Show response
fundingchoicesmessages.google.com/f/ 3 KB
2 KB 227ms
226ms Script
application/javascript 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/f/AGSKWxU1lbTffNCRE3EML4_sZ2KMGTkq9Z1sOPVOHXnR48EOEeK81_xF6bPadMB3KYLyYSEVIaP4uafZ1oTfE3vZhT9VCPOot9O5aeO4VEl2iH1-vHS5IVejbHI1tH4ArMuwB6dLTkudeg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzc0MzEzODUxLDc5MDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsOSw2XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly9wYWludC50b3lzL29pbC8iLG51bGwsW1s4LCItbEVsNmRDS2xCUSJdLFs5LCJlbi1HQiJdLFsxOCwiW1tbbnVsbCwzMTk2XV1dIl0sWzE5LCIyIl0sWzE3LCJbMF0iXSxbMjQsInFlcnR5Mi5pbnRlZ3JpdHlzcy5jb20uYXUiXSxbMjksImZhbHNlIl1dXQ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

5e23c1e60233cb380a87d7d1e0423b791e467e0906270245055db362b5cf1a32

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-53hN84vlF49UuId5cVtxkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: application/javascript; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjqtHikmJw0pBiaL15jnU6EJcsOs_aBsRdQDwHiA0VLrE6A_GH-susP4C4SOIKawsQf6q6wSpSfYM1nMuHLR6IvxX7snGU-LI9meLH9g2IWd76s6kdDWCzAOKF0wLZVgLxi3WBbB-A-E5MENsTIBbi4fh9qP0cm8CC89s2MytpJOUXxifn55UUZSaVluQXpSWnpRanFpWlFsUbGRiZGRgbGekZmMcXGAAAWnpFcw"
content-security-policy: script-src 'report-sample' 'nonce-53hN84vlF49UuId5cVtxkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
timing-allow-origin: *
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
x-xss-protection: 0
server: ESF

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
110 B 55ms
54ms Fetch
image/gif 172.66.148.140
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.16330225382492314
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.148.140 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 887629
x-goog-stored-content-encoding: identity
expires: Fri, 13 Mar 2026 19:10:47 GMT
x-goog-stored-content-length: 43
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: ABgVH8-8d6tsHANUa2r84JrwjQITmm63V7aSPrfwA9n_jkotwDDYByg5ASpAwhKW45wurAfWr-QyLYc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9e11b8e5ee7c7381-PER
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

POST
H2 200 fb87a4ea41 Show response
cd836371f1d.cdn.intergient.com/ 0
95 B 424ms
423ms XHR
application/octet-stream 35.162.56.239
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cd836371f1d.cdn.intergient.com/fb87a4ea41
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/pageos/V.20260316.2/main.45eaff7df0a3f8ca9396.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.162.56.239 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-35-162-56-239.us-west-2.compute.amazonaws.com
Software: nginx/1.24.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://paint.toys/

Response headers

access-control-allow-origin: *
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: application/octet-stream
server: nginx/1.24.0

GET
H2 200 userId Show response
script-api.ccgateway.net/1/ 446 B
704 B 614ms
605ms Script
text/javascript 52.91.215.149
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://script-api.ccgateway.net/1/userId
Requested by: Host: carbon-cdn.ccgateway.net
URL: https://carbon-cdn.ccgateway.net/script?id=paint.toys&parentId=5bb3e20859
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.91.215.149 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-91-215-149.compute-1.amazonaws.com
Software: /
Resource Hash: 6e7ab4aa856c780f2540110f35f7e4176011238523c2093ab9623cc68603d649

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: private,max-age=3156000
content-encoding: gzip
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 200 user.js Show response
script-api.ccgateway.net/script/launcher/2/ 2 KB
677 B 614ms
606ms Script
text/javascript 52.91.215.149
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://script-api.ccgateway.net/script/launcher/2/user.js
Requested by: Host: carbon-cdn.ccgateway.net
URL: https://carbon-cdn.ccgateway.net/script?id=paint.toys&parentId=5bb3e20859
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.91.215.149 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-91-215-149.compute-1.amazonaws.com
Software: /
Resource Hash: a11d3b4b6f2902037c365146ff80b5bf95923f3176f1a827355e45177314d423

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: private,max-age=604800
content-encoding: gzip
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 200 customevents.js Show response
script-api.ccgateway.net/script/launcher/1/ 5 KB
2 KB 567ms
559ms Script
text/javascript 52.91.215.149
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://script-api.ccgateway.net/script/launcher/1/customevents.js
Requested by: Host: carbon-cdn.ccgateway.net
URL: https://carbon-cdn.ccgateway.net/script?id=paint.toys&parentId=5bb3e20859
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.91.215.149 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-91-215-149.compute-1.amazonaws.com
Software: /
Resource Hash: 04c94ecaae50f713607dd45d40c5756d0e6a9e58c6398433ac098bc9bee89f5d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: private,max-age=604800
content-encoding: gzip
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 200 api.js Show response
script-api.ccgateway.net/script/launcher/6/ 4 KB
2 KB 311ms
302ms Script
text/javascript 52.91.215.149
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://script-api.ccgateway.net/script/launcher/6/api.js
Requested by: Host: carbon-cdn.ccgateway.net
URL: https://carbon-cdn.ccgateway.net/script?id=paint.toys&parentId=5bb3e20859
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.91.215.149 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-91-215-149.compute-1.amazonaws.com
Software: /
Resource Hash: 880444af8f79aca9fdb01d819bb615c7d8ce8fb9327df856784f7027819de58b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: private,max-age=604800
content-encoding: gzip
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 3DBE 21 KB
7 KB 353ms
106ms Document
text/html 23.221.132.242
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.221.132.242 Sydney, Australia, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-221-132-242.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5b6ceeffb380eae16e91dcf08a3493068aa5b7bd6f4c3f4ad7b4daa188d5c2cb

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=113867
content-encoding: gzip
content-length: 7259
content-type: text/html
date: Tue, 24 Mar 2026 00:57:32 GMT
expires: Wed, 25 Mar 2026 08:35:19 GMT
last-modified: Mon, 29 Sep 2025 15:12:50 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H3 200 container.html Show response
3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/ Frame 6012 7 KB
0 0ms
0ms Document
text/html 142.250.195.129
Google LLC

General

Check archive.org

Download Go to

Full URL

https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202603170101/pubads_impl.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.129 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f1.1e100.net

Software

sffe /

Resource Hash

f1a68bf826c55985468304f4284a09cb8a68e82503d764166e611a7c58a85a4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: br
content-length: 3121
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 24 Mar 2026 00:57:31 GMT
expires: Tue, 24 Mar 2026 00:57:31 GMT
last-modified: Thu, 08 May 2025 23:15:48 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame 2867 12 KB
5 KB 188ms
188ms Document
text/html 182.161.73.131
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=criteoPrebidAdapter&topUrl=paint.toys&gpp=

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.131 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

13e6c9d2b7d7fea86094dfc9583458e0abcb7137410dd136f1a1cfc2ab59e55e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 24 Mar 2026 00:57:31 GMT
server: Kestrel
server-processing-duration-in-ticks: 1076836
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding
x-robots-tag: noindex

GET
H2 200 ixmatch.html Show response
js-sec.indexww.com/um/ Frame 67C2 3 KB
2 KB 156ms
52ms Document
text/html 104.18.25.18
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://js-sec.indexww.com/um/ixmatch.html
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.25.18 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 82d2dc44aae1eda52abc17afd30c6031b7175c13ee6955410164c66ae755adfb

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

age: 332
cache-control: public, max-age=14400
cf-cache-status: HIT
cf-ray: 9e11b8e7ec1dcffa-PER
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Tue, 24 Mar 2026 00:57:32 GMT
expires: Tue, 24 Mar 2026 04:57:32 GMT
last-modified: Mon, 25 Jul 2022 19:18:19 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
server: cloudflare

GET
H2 200 pixel Show response
cm.g.doubleclick.net/ Frame C1BD 170 B
243 B 334ms
333ms Document
image/png 142.250.183.34
Google LLC

General

Check archive.org

Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=YV81NzEwZjI4OC1iMmIyLTRiNzYtYjg5Yy01YmYyZWQ1NzI2OTE=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 170
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Tue, 24 Mar 2026 00:57:32 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 50D1 52 KB
17 KB 192ms
47ms Document
text/html 151.101.129.108
Fastly

General

Check archive.org

Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY - Fastly, Inc., US),
Reverse DNS
Software: nginx/1.24.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 58523
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 24 Mar 2026 00:57:32 GMT
ETag: W/"623de86a-cf34"
Expires: Wed, 10 Sep 2025 11:06:06 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.24.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 344665, 32478
X-Served-By: cache-lga21982-LGA, cache-per-ypph1920024-PER
X-Timer: S1774313852.190238,VS0,VE0

GET
H2

200

pd Show response
playwire-d.openx.net/w/1.0/ Frame 249C
Redirect Chain

https://playwire-d.openx.net/w/1.0/pd
https://playwire-d.openx.net/w/1.0/pd?cc=1

537 B
619 B

210ms
208ms

Document
text/html

34.98.64.218
Google LLC

General

Check archive.org

Download Go to

Full URL: https://playwire-d.openx.net/w/1.0/pd?cc=1
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: /
Resource Hash: acea35dd9b89112840174f30308e9340a66b7731596b8ef74e3f7c9fadd63c53

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0, no-cache
content-encoding: br
content-length: 388
content-type: text/html
date: Tue, 24 Mar 2026 00:57:32 GMT
p3p: CP="CUR ADM OUR NOR STA NID"
pragma: no-cache
vary: Accept, Accept-Encoding
via: 1.1 google
x-forwarded-for: 103.108.231.245

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0, no-cache
content-length: 0
content-type: text/plain; charset=utf-8
date: Tue, 24 Mar 2026 00:57:31 GMT
location: https://playwire-d.openx.net/w/1.0/pd?cc=1
p3p: CP="CUR ADM OUR NOR STA NID"
pragma: no-cache
vary: Accept, Accept-Encoding
via: 1.1 google
x-forwarded-for: 103.108.231.245

GET
H2

200

usersync Show response
usersync.gumgum.com/ Frame D7B0
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://usersync.gumgum.com/usersync?b=rth&i=Md2opBbxWYHFLV6aDUpRBpQow7XJXJctOOfXFFLcy8o&pi=gumgum&tc=1

35 B
169 B

705ms
306ms

Document
image/gif

47.129.15.147
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=rth&i=Md2opBbxWYHFLV6aDUpRBpQow7XJXJctOOfXFFLcy8o&pi=gumgum&tc=1
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 47.129.15.147 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-47-129-15-147.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: private, no-store, must-revalidate, max-age=0
content-length: 35
content-type: image/gif
date: Tue, 24 Mar 2026 00:57:33 GMT
expires: 0
pragma: no-cache

Redirect headers

cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://usersync.gumgum.com/usersync?b=rth&i=Md2opBbxWYHFLV6aDUpRBpQow7XJXJctOOfXFFLcy8o&pi=gumgum&tc=1
pragma: no-cache
vary: Accept-Encoding

GET
H2 200 sync Show response
eb2.3lift.com/ Frame F9E9 1 KB
2 KB 176ms
176ms Document
text/html 3.0.38.223
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://eb2.3lift.com/sync?
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: 8a3f29155f3a46aba3a59d066251b354af2c57200021935c76cec2c92fbb8168

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 1189
content-type: text/html; charset=utf-8
date: Tue, 24 Mar 2026 00:57:32 GMT
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2 200 usync.html Show response
eus.rubiconproject.com/ Frame 8D2C 269 B
379 B 419ms
180ms Document
text/html 184.31.253.153
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.253.153 Sydney, Australia, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a184-31-253-153.deploy.static.akamaitechnologies.com
Software: Apache/2.4.65 (Debian) /
Resource Hash: e4df52d49c57bc3e7158cb052cc05c60f1258c24de5c5728dac5d43272943ad9

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 224
content-type: text/html
date: Tue, 24 Mar 2026 00:57:32 GMT
etag: "10d-63d602600b800-gzip"
last-modified: Wed, 27 Aug 2025 22:17:04 GMT
server: Apache/2.4.65 (Debian)
vary: Accept-Encoding

GET
H2 200 / Show response
sync.cootlogix.com/api/sync/iframe/ Frame 8E81 109 B
422 B 1234ms
589ms Document
text/html 159.89.52.47
DigitalOcean

General

Check archive.org

Download Go to

Full URL: https://sync.cootlogix.com/api/sync/iframe/?cid=&gdpr=0&gdpr_consent=&us_privacy=&coppa=0
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 159.89.52.47 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN - DigitalOcean, LLC, US),
Reverse DNS
Software: /
Resource Hash: a1aa01f31d4087317f5d4e5ef4ea70a73e38124a45f1553dbe8968ea16068b84

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
access-control-allow-methods: GET, HEAD, OPTIONS, POST
access-control-allow-origin: *
content-length: 109
content-type: text/html
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"

GET
H2

200

usync.html Show response
eus.rubiconproject.com/ Frame 9B80
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

269 B
379 B

99ms
99ms

Document
text/html

184.31.253.153
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.253.153 Sydney, Australia, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a184-31-253-153.deploy.static.akamaitechnologies.com
Software: Apache/2.4.65 (Debian) /
Resource Hash: e4df52d49c57bc3e7158cb052cc05c60f1258c24de5c5728dac5d43272943ad9

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 224
content-type: text/html
date: Tue, 24 Mar 2026 00:57:32 GMT
etag: "10d-63d602600b800-gzip"
last-modified: Wed, 27 Aug 2025 22:17:04 GMT
server: Apache/2.4.65 (Debian)
vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 24 Mar 2026 00:57:32 GMT
location: https://eus.rubiconproject.com/usync.html?p=gumgum
server: AkamaiGHost

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame E3C1 21 KB
7 KB 327ms
138ms Document
text/html 23.221.132.242
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.221.132.242 Sydney, Australia, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-221-132-242.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5b6ceeffb380eae16e91dcf08a3493068aa5b7bd6f4c3f4ad7b4daa188d5c2cb

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=113867
content-encoding: gzip
content-length: 7259
content-type: text/html
date: Tue, 24 Mar 2026 00:57:32 GMT
expires: Wed, 25 Mar 2026 08:35:19 GMT
last-modified: Mon, 29 Sep 2025 15:12:50 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2

200

m
secure-gl.imrworldwide.com/cgi-bin/
Redirect Chain

https://match.adsrvr.org/track/usersync?us_privacy=&gdpr=0&gdpr_consent=undefined&ust=image
https://dpm.demdex.net/ibs:dpid=903&dpuuid=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=903&dpuuid=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam
https://secure-gl.imrworldwide.com/cgi-bin/m?ci=tradedesk&cg=97f39a7c-5982-42c0-86d2-649773acdd79

44 B
703 B

416ms
181ms

Image
image/gif

3.175.115.80
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ci=tradedesk&cg=97f39a7c-5982-42c0-86d2-649773acdd79
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Server: 3.175.115.80 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-3-175-115-80.syd3.r.cloudfront.net
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-methods: POST, OPTIONS
expires: Thu, 01 Dec 1994 16:00:00 GMT
x-cache: Miss from cloudfront
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
x-amz-cf-id: D4FbVsNhD7rBYOgsgvlzKCakR49ZtuwNFHm_n_yj-s90nZeZchHXKw==
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: image/gif
cache-control: no-cache
accept-ch: Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
pragma: no-cache
cross-origin-resource-policy: cross-origin
via: 1.1 e018ce5820980db7aa90402027528924.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 44
x-amz-cf-pop: SYD3-P3
server: nginx

Redirect headers

location: https://secure-gl.imrworldwide.com/cgi-bin/m?ci=tradedesk&cg=97f39a7c-5982-42c0-86d2-649773acdd79
content-length: 225
date: Tue, 24 Mar 2026 00:57:33 GMT
server: Kestrel

POST
H2 200 prebid Show response
id5-sync.com/api/config/ 195 B
460 B 776ms
775ms Fetch
application/json 162.19.138.117
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://id5-sync.com/api/config/prebid

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

7e4d2c9111e1ca31b5e2e4bfd5a66925f07c0c232672f31481c6b66a89b26f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://paint.toys
content-encoding: gzip
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
access-control-allow-credentials: true

GET
H2 200 f Show response
fid.agkn.com/ 0
363 B 306ms
303ms Fetch 100.55.136.84
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://fid.agkn.com/f?apiKey=2104320612&r=https%3A%2F%2Fpaint.toys%2Foil%2F
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 100.55.136.84 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-100-55-136-84.compute-1.amazonaws.com
Software: AAWebServer /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
expires: 0
access-control-allow-origin: https://paint.toys
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
date: Tue, 24 Mar 2026 00:57:32 GMT
vary: Origin
server: AAWebServer
access-control-allow-headers: accept, cache-control, origin, x-requested-with, x-file-name, content-type

GET
H2 200 envelope Show response
lexicon.33across.com/v1/ 1 KB
2 KB 379ms
376ms Fetch
application/json 79.127.255.4
CDN77 Datacamp Li...

General

Check archive.org

Download Go to

Full URL: https://lexicon.33across.com/v1/envelope?pid=0014000001YrMoYAAV&gdpr=0&src=pbjs&ver=10.23.0&coppa=0&tp=MWOEZAsjlE0QILiwmU8LTToNww0TE%2BNO3609JjYfSh0%3D
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 79.127.255.4 San Jose, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: unn-79-127-255-4.datapacket.com
Software: /
Resource Hash: ea45577bcb7a3ae4356a0e71c215b33cac9632cc2040c618b4ca8b36e22d1286

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

access-control-allow-origin: https://paint.toys
content-length: 1528
content-type: application/json
vary: origin
access-control-allow-credentials: true

GET
H2 204 any Show response
idx.liadm.com/idex/did-0046/ 0
0 2ms
1ms Fetch 18.213.222.188
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://idx.liadm.com/idex/did-0046/any?duid=8e413bd09c43--01kmenhgk1ttpxpw0nqpwk4e7c&did=did-0046&cd=.paint.toys&pu=https%3A%2F%2Fpaint.toys&resolve=nonId&resolve=uid2&resolve=index&resolve=bidswitch&resolve=pubmatic&resolve=magnite&resolve=openx&resolve=sorvrn&resolve=thetradedesk&resolve=medianet&resolve=vidazoo&resolve=sonobi&resolve=sharethrough&resolve=triplelift
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.213.222.188 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-18-213-222-188.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: text/plain
Referer: https://paint.toys/

Response headers

cache-control: max-age=3599, private
trace-id: c07cc83df6ae69bf
request-time: 1
access-control-allow-credentials: true
expires: Tue, 24 Mar 2026 01:57:30 GMT
access-control-allow-origin: https://paint.toys
date: Tue, 24 Mar 2026 00:57:30 GMT
vary: Origin

GET
H2 200 json Show response
gum.criteo.com/sid/ 428 B
1 KB 141ms
140ms Fetch
application/json 182.161.73.131
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Fpaint.toys%2F&domain=paint.toys&bundle=lq_Ui19WWXJnOVVydTFwVnBsdFdUMnNKeUZucU40MVVSVWJQUkFpZVBhOEs3TEVhUUdhNXRsM05NeEZEdWFXQlBrZVdhU1pqWWFOZiUyRld1OUtESXQ2czBrZ2hGViUyQnh1WWglMkJOaGxveTBCZVNqMDUwMnM0R3hDMUVtNzZPbTBHN3Q3ZVM0MXNJdmElMkZNRTA4VkhYYko0OGdTVlNudyUzRCUzRA&cw=1&pbt=1&lsw=1

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.131 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

5ac41a22b4960c276e835c0de9a672e88795a8b6a9bed92b6acbb1e827078eaa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
content-type: application/json
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET
server-processing-duration-in-ticks: 722233
expires: 0
access-control-allow-origin: https://paint.toys
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

OPTIONS
H2 200 json
gum.criteo.com/sid/ Frame 0
0 141ms
139ms Preflight
application/json 182.161.73.131
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.131 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://paint.toys
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: content-type
access-control-allow-methods: GET
access-control-allow-origin: https://paint.toys
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
content-type: application/json; charset=utf-8
date: Tue, 24 Mar 2026 00:57:31 GMT
expires: 0
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 201408
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 193ms
192ms Fetch
image/x-icon 142.250.207.6
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.3328355265317017

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.207.6 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzsyda-ah-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Wed, 25 Mar 2026 00:57:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

GET j
rp.liadm.com/ 0
0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 6012 0
0 396ms
203ms Fetch
text/html 142.250.183.34
Google LLC

General

Check archive.org

Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C6u-7e-HBaYCOD6zDrtoP0PqN2Qz-0_evXM7PvdjqAsCNtwEQASD7m9VJYKWAgICoAcgBCeACAKgDAcgDAqoEhgNP0F4ExeyBC34kO1UCIps5ZdTJ48e3r0YIG2dut3m6Uj1Xht9XD4dGZ2FtZF-wOQmUSm71v_Bzb6XdDyvEumKpqEqaSHCPA-XxUjuSqhVtG9CBddmnU68Pu-8ltG34DDow6XYzvrDCpFF6x0klsq2VF3oYl1IHnt5pjUYCCz336bxRc9DyPZkDW6iXiNoYCrWEJWDFGZpSxrZc2h_9K9tJoEHH_4kQTmD7JBOV5--IUyBWZ_kaTW1nGaCtwWza11jYdwg7d81hgd14-FziMOEBTDu0v1HvHpDvH0_Ut_3Ps8YO5A-4I5UWNuqBk0JkuyMbd2jPvaDhVadX2T722CPefmJdQA7x72NSCW41UTkYocq7IC7xNU5ekr34Rqa2TwX7JqESyiI9HDv4dPy-mDdqqIV9P6UE8qQR6UIy5FGPKR1pNi6r2MnLChUDftMx4IbC8HZGGwDKBde_rUX_3JXofuEcFixzvpUE8Z83Nmp6giBMXvfGzTqPf3KrJ37ljj5HT23eYtXgBAGABqmPtYeo45PGF6AGIagHk9ixAqgHlNixAqgHldixAqgHpr4bqAeW2BuoB6qbsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCwIgGEQATIIioKAgICAgAg6DYBAgMCAgICAqIACqANIvf3BOli9ucmWqreTA4AKA_oLAggBgAwBqg0CQVXiDRMIz-jJlqq3kwMVrKFLBR1QfSPL6g0TCNe8ypaqt5MDFayhSwUdUH0jy4gO____________AdAVAYAXAbIXLAoaEhRwdWItNTgxMjM1NzM1MjMzNTA3NRjboiEYCyoKMjE4NDM2NzM0NlABqhgXCdijcP1DPBBBEgoyMTg0MzY3MzQ2GAE&sigh=cqr1BEcvU0Y&uach_m=%5BUACH%5D&sreq=1&cid=CAQS0AEABaugfcVr5_qGB4U9BQWO7MpemzIkz_pxzhy5R7E_3Wp-i5Nob_e3jm1aFpgyk69rBV_jX_73EvE-WdyAQ5VH9nDmE7j1IoZSs1wc0P7bX8C3WLFwfX7ok8pZfYmrBg7bXdilmdMfuo_uSFkTWDZlQ-TGw6CzmUW964n99aWsmEH484XNM6cEeg0RQcm5NN2QCr2caJ_Bd4k0f1zq8YBTDyH2wtI1yd7NvIkzxdHiAc75RE1460-t5-AKa6jjpD3zbdZ8fqbCL2-9mWDQ92Y8GAE&tpd=AGWhJmtj1s02-IBO2QhiVrUhrg3NWlRHqj52V0dH9cUIuzuR4XgrUpQoYhK_IHKADsth0NzWxeKzRgDm6IsQ8A4dsXnui3WOJIuyAFI0LyIPL0aFc4uW6JlRbhnzURD-XyPI4umaq-ei9k7wAx6JzkoToi8Jt3MsxPEmIIc-H9ihemd7JeWg1nd9L5OWvUMGUMJyeeG0Pq_TUXFO3GBuhrF3zlSOA9PFrloGaIL1-ecpsD_NStVlAzCYG02glfzyL2IBIhC8tRrveUbi-lYgYs6B_IHvyk3IfOUbFDHc8SMGqTT0ToZQlkOONs8ZjAEJa7XR8BZGJgRj4-KgFxCY8-7OYPJLrXMPxAHZPGNcKNUUpOZHetmYshFYkcdQxEtROLI1drYqVHmNJ8P8SbRRSHV81KMYuSkIO47SUJyjvnLM67KsSBW_TkxMlbGeHoAGssCAcgfvsmJOZDglUDN8Zlw1SplTgFnXyP5B4OyOnIHWEiAbtg5mYs0D9WttXsAlADHYukcsMSee3aCdxc3k-PbzDvg3UO9a8AOBwtpMVTb8MJQXiWTOyxAtlxRxMBTxzw_GppB1g6HuP4xLVHHQVlETako1lC2XtaNHkt_-SqoMjzzVV55LnOe8AcwJJ7hrGgkPzE6Q7-7aJ9dUlm5IBoCjnw5lAKYyzbMvy4aVCOcpt-RcHyASkHgMHEICgQyWFYhp46Zh2rdO5YIO41pSYr3F7y4eOBDPDCMk1OQnnbgG129WeD_b_ZiROKgzmQ
Requested by: Host: qerty2.integrityss.com.au
URL: https://qerty2.integrityss.com.au/kycpwktcsleioypjvyihghburlfxdwdmokddhwvjktRSjFLbFhid2ZBbEZQN0Q1ZmU4bm0tNTUyMC0yNTg5OTkyMi0xMDA4MDI3Yi05Mzg5LUxrMG9FMDR6ZDRMMTFFcU1ndzEw/rmodzwsmk3q/unplezyragjydeaewnjbfghp/4JQANWIX0ZXB/rtbenknwvejnmkkbczwczzwyswkzq/2304004152849396439
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: bom12s11-in-f2.1e100.net
Software: /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B066 663 B
254 B 395ms
203ms Document
text/html 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIY6-uXzAIwAQ&v=APEucNVeDa29K9wO4LJYTNTXwwEmo4J_Dbylp2sa0lyYN3mcyv_2dHQRDghUWGs6bhCa-d0fhBLGHMJH8Uc3R9SpHgxBhj3q4A

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

962d6dea088b031cd44d33f937adb5ba241a9435aa32a8be667d57482b8bbe1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 234
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 24 Mar 2026 00:57:32 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 6012 104 KB
35 KB 404ms
210ms Script
text/javascript 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

bafafdbc97af2b72fb19e4de999de1352430466783e73bffecda91c963943e30

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

content-encoding: br
etag: 3151687780003130300
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 00:57:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
content-disposition: attachment; filename="f.txt"
cache-control: private, max-age=600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 35961
x-xss-protection: 0
server: cafe

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6012 42 B
63 B 486ms
293ms Image
image/gif 142.250.195.226
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AqagUiRr4utRMSnFIWjExBiWDMcU2p2FFPxsjj3ndUmQwxdXXUwC3cEp0Y21l7u4Gk00mRR9hXv4fgegHpHH3BNMoJ7jcxyX7X2aWSlsoZ3uLXWvE

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H2 200 10263025-ftInsert.js Show response
cdn.flashtalking.com/armada/tags/placement-ft-inserts/ Frame 6012 8 KB
8 KB 425ms
178ms Script
application/x-javascript 108.158.20.75
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://cdn.flashtalking.com/armada/tags/placement-ft-inserts/10263025-ftInsert.js
Requested by: Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.158.20.75 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-108-158-20-75.syd62.r.cloudfront.net
Software: Flashtalking (AKA) /
Resource Hash: 2232510e5d828d0628129868a7b184f238476ffe4573c43234b724a2d43b35cd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

cache-control: max-age=1200
etag: W/"964917b4d146bd7829a9ae3231c1ec7e"
via: 1.1 prod-web-edge2.irl11.ftdns.net (Varnish/trunk), 1.1 3d94c83b729a96791b0c271c930b1b6e.cloudfront.net (CloudFront)
accept-ranges: bytes
x-varnish: 753358080
x-cache: Hit from cloudfront
x-amz-cf-id: CYGRZBxnOtHmzNtxRINjiFOCBVI7KY5RPc-prBiOX2cOPhOBnaHbcQ==
date: Tue, 24 Mar 2026 00:53:18 GMT
content-type: application/x-javascript
last-modified: Tue, 17 Mar 2026 07:27:01 GMT
server: Flashtalking (AKA)
x-amz-cf-pop: SYD62-P3
vary: Origin

GET
H/1.1 204
No Content register
token.rubiconproject.com/ Frame 6012 0
698 B 617ms
142ms Image
text/plain 69.173.158.64
Magnite

General

Check archive.org

Download Go to Show image

Full URL: https://token.rubiconproject.com/register?khaos=MN3WNLPD-O-BUAY
Requested by: Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: f60a7260b0ebb7a40a81234af4a9e826
Pragma: no-cache

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20260323/r20110914/client/ Frame 6012 3 KB
1 KB 446ms
153ms Script
text/javascript 172.217.25.193
Google LLC

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20260323/r20110914/client/window_focus_fy2021.js

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.25.193 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

nrt12s13-in-f193.1e100.net

Software

cafe /

Resource Hash

73ef34ed57b69c5a35720bfc3ac6ebf6da3cf1289824112841d403c0fd169f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

content-encoding: br
etag: 772434001065076922
age: 42641
x-content-type-options: nosniff
expires: Mon, 06 Apr 2026 13:06:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 23 Mar 2026 13:06:51 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 1235
x-xss-protection: 0
server: cafe

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20260323/r20110914/client/ Frame 6012 21 KB
9 KB 437ms
146ms Script
text/javascript 172.217.25.193
Google LLC

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20260323/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.25.193 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

nrt12s13-in-f193.1e100.net

Software

cafe /

Resource Hash

fcc20dd055c3cd09fb80a748a68b1d2a872e33649d44e210c3fc981951d68701

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

content-encoding: br
etag: 969934545259788006
age: 42641
x-content-type-options: nosniff
expires: Mon, 06 Apr 2026 13:06:51 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 23 Mar 2026 13:06:51 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 8696
x-xss-protection: 0
server: cafe

GET l
www.google.com/ads/measurement/ Frame 6012 0
0

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-45/js/ Frame 6012 23 KB
6 KB 539ms
248ms Script
text/javascript 172.217.25.193
Google LLC

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-45/js/ext.js

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.25.193 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

nrt12s13-in-f193.1e100.net

Software

sffe /

Resource Hash

4c95e84767aed248594e7d485707c7ed904fd2fe4ec3ea98687fc2de59ddf231

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

content-encoding: br
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 00:57:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: text/javascript
vary: Accept-Encoding
last-modified: Thu, 08 May 2025 23:15:48 GMT
cache-control: private, max-age=300
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
content-length: 6269
x-xss-protection: 0
server: sffe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 6012 237 KB
73 KB 287ms
96ms Script
text/javascript 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

4d5dc25198f0f493ce8b221a2e559147962e73d4cfc747f05fb41638e4c7800d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

content-encoding: br
etag: 3719088209277678497
age: 926
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 01:42:06 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 24 Mar 2026 00:42:06 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=ISO-8859-1
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 74813
x-xss-protection: 0
server: cafe

GET
H2 200 / Show response
d0.eu-3-id5-sync.com/ 1 B
143 B 1530ms
762ms Fetch
text/plain 51.195.34.222
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d0.eu-3-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.195.34.222 , France, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip222.ip-51-195-34.eu
Software: /
Resource Hash: 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d1.eu-3-id5-sync.com/ 1 B
143 B 1613ms
780ms Fetch
text/plain 51.195.34.220
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d1.eu-3-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.195.34.220 , France, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip220.ip-51-195-34.eu
Software: /
Resource Hash: 559aead08264d5795d3909718cdd05abd49572e84fe55590eef31a88a08fdffd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d2.eu-3-id5-sync.com/ 1 B
143 B 1602ms
775ms Fetch
text/plain 135.125.146.86
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d2.eu-3-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 135.125.146.86 , Germany, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip86.ip-135-125-146.eu
Software: /
Resource Hash: 4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d3.eu-3-id5-sync.com/ 1 B
143 B 1587ms
767ms Fetch
text/plain 135.125.146.86
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d3.eu-3-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 135.125.146.86 , Germany, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip86.ip-135-125-146.eu
Software: /
Resource Hash: 4e07408562bedb8b60ce05c1decfe3ad16b72230967de01f640b7e4729b49fce

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d4.eu-3-id5-sync.com/ 1 B
143 B 1585ms
766ms Fetch
text/plain 51.195.115.36
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d4.eu-3-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.195.115.36 , France, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip36.ip-51-195-115.eu
Software: /
Resource Hash: 4b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb08b5531fcacdabf8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d5.eu-3-id5-sync.com/ 1 B
143 B 1548ms
725ms Fetch
text/plain 135.125.146.80
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d5.eu-3-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 135.125.146.80 , Germany, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip80.ip-135-125-146.eu
Software: /
Resource Hash: df7e70e5021544f4834bbee64a9e3789febc4be81470df629cad6ddb03320a5c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d6.eu-3-id5-sync.com/ 1 B
143 B 1528ms
761ms Fetch
text/plain 51.195.73.74
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d6.eu-3-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.195.73.74 , France, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip74.ip-51-195-73.eu
Software: /
Resource Hash: d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d7.eu-3-id5-sync.com/ 1 B
143 B 1502ms
725ms Fetch
text/plain 51.195.126.30
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d7.eu-3-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.195.126.30 , Germany, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip30.ip-51-195-126.eu
Software: /
Resource Hash: 7902699be42c8a8e46fbbb4501726517e86b22c56a189f7625a6da49081b2451

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d0.eu-4-id5-sync.com/ 1 B
143 B 1614ms
780ms Fetch
text/plain 51.195.127.115
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d0.eu-4-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.195.127.115 , Germany, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip115.ip-51-195-127.eu
Software: /
Resource Hash: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d1.eu-4-id5-sync.com/ 1 B
143 B 1556ms
730ms Fetch
text/plain 51.195.34.220
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d1.eu-4-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.195.34.220 , France, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip220.ip-51-195-34.eu
Software: /
Resource Hash: 559aead08264d5795d3909718cdd05abd49572e84fe55590eef31a88a08fdffd

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d2.eu-4-id5-sync.com/ 1 B
143 B 1548ms
727ms Fetch
text/plain 51.195.127.115
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d2.eu-4-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.195.127.115 , Germany, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip115.ip-51-195-127.eu
Software: /
Resource Hash: 5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d3.eu-4-id5-sync.com/ 1 B
143 B 1586ms
768ms Fetch
text/plain 51.195.115.36
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d3.eu-4-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.195.115.36 , France, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip36.ip-51-195-115.eu
Software: /
Resource Hash: 4b227777d4dd1fc61c6f884f48641d02b4d121d3fd328cb08b5531fcacdabf8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d4.eu-4-id5-sync.com/ 1 B
143 B 1591ms
771ms Fetch
text/plain 51.195.73.71
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d4.eu-4-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.195.73.71 , France, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip71.ip-51-195-73.eu
Software: /
Resource Hash: 19581e27de7ced00ff1ce50b2047e7a567c76b1cbaebabe5ef03f7c3017bb5b7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d5.eu-4-id5-sync.com/ 1 B
143 B 1516ms
733ms Fetch
text/plain 51.195.73.113
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d5.eu-4-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.195.73.113 , France, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip113.ip-51-195-73.eu
Software: /
Resource Hash: a9f51566bd6705f7ea6ad54bb9deb449f795582d6529a0e22207b8981233ec58

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d6.eu-4-id5-sync.com/ 1 B
143 B 1605ms
775ms Fetch
text/plain 51.195.127.100
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d6.eu-4-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.195.127.100 , Germany, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip100.ip-51-195-127.eu
Software: /
Resource Hash: f67ab10ad4e4c53121b6a5fe4da9c10ddee905b978d3788d2723d7bfacbe28a9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

GET
H2 200 / Show response
d7.eu-4-id5-sync.com/ 1 B
143 B 1594ms
774ms Fetch
text/plain 51.195.73.113
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL: https://d7.eu-4-id5-sync.com/
Requested by: Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/id5-api.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.195.73.113 , France, ASN16276 (OVH OVH SAS, FR),
Reverse DNS: ip113.ip-51-195-73.eu
Software: /
Resource Hash: a9f51566bd6705f7ea6ad54bb9deb449f795582d6529a0e22207b8981233ec58

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

access-control-allow-headers: *
access-control-max-age: 3600
access-control-allow-origin: *
content-length: 1
content-type: text/plain
access-control-allow-methods: GET, OPTIONS

POST
H3 204 AGSKWxVJnxSXmo6-yZ6hXhCkA_eJl9x_4R32Wf5j6TbECneJyzPc6Y7qrm9G1MduEOi7nkh0AfKsdOTqq_stlLgqD_7GvncEpggX4BNwPXtng3xjInjFKMFCoTRG747k5NwBfncuDDeOOA== Show response
fundingchoicesmessages.google.com/el/ 0
28 B 209ms
208ms XHR
text/html 142.250.195.142
Google LLC

General

Check archive.org

Download Go to

Full URL

https://fundingchoicesmessages.google.com/el/AGSKWxVJnxSXmo6-yZ6hXhCkA_eJl9x_4R32Wf5j6TbECneJyzPc6Y7qrm9G1MduEOi7nkh0AfKsdOTqq_stlLgqD_7GvncEpggX4BNwPXtng3xjInjFKMFCoTRG747k5NwBfncuDDeOOA==

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.142 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s40-in-f14.1e100.net

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce--QGjEZH6h9oz9jD6ASTqyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://paint.toys/

Response headers

access-control-max-age: 86400
access-control-allow-methods: POST, GET, OPTIONS
x-content-type-options: nosniff
expires: Mon, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: text/html; charset=utf-8
x-frame-options: SAMEORIGIN
reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjstDikmII1JBiOHnrNtNFIP5Qf5n1BxCHc_mwxQPxwmmBbCuB-MW6QLYPQHwnJojtCRALcXP8OdR-jk2g4-m0YCWXpPzC-OT8vJLUvBLdxJRiXRC7KDOptCS_CIWdWgZSkZOfnp6Zlx5vZGBkZmBsZKRnYB5fYAAAGdQ1IA"
content-security-policy: script-src 'report-sample' 'nonce--QGjEZH6h9oz9jD6ASTqyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport
cache-control: no-cache, no-store, max-age=0, must-revalidate
cross-origin-opener-policy: same-origin
pragma: no-cache
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
access-control-allow-origin: https://paint.toys
content-length: 0
x-xss-protection: 0
server: ESF

GET
H/1.1 200
OK sync
sync.srv.stackadapt.com/ Frame F9E9 43 B
168 B 606ms
303ms Image
image/gif 54.80.182.216
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://sync.srv.stackadapt.com/sync?nid=20&gdpr=0&gdpr_consent=&gpp=&gpp_sid=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.80.182.216 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-80-182-216.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

Content-Length: 43
Date: Tue, 24 Mar 2026 00:57:32 GMT
Content-Type: image/gif
Connection: keep-alive

GET
H/1.1 200
OK sync
sync.srv.stackadapt.com/ Frame F9E9 43 B
168 B 732ms
303ms Image
image/gif 54.80.182.216
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://sync.srv.stackadapt.com/sync?nid=114&gdpr=0&gdpr_consent=&gpp=&gpp_sid=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.80.182.216 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-80-182-216.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

Content-Length: 43
Date: Tue, 24 Mar 2026 00:57:32 GMT
Content-Type: image/gif
Connection: keep-alive

GET
H2

200

xuid
eb2.3lift.com/ Frame F9E9
Redirect Chain

https://sync.ipredictive.com/d/sync/cookie/generic?https://eb2.3lift.com/xuid?mid=3702&xuid=${ADELPHIC_CUID}&dongle=d54f&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=3702&xuid=a7ac6592-16a6-42e3-969b-972f7145cc43&dongle=d54f&gdpr=0&gdpr_consent=

37 B
473 B

1179ms
1179ms

Image
image/gif

3.0.38.223
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3702&xuid=a7ac6592-16a6-42e3-969b-972f7145cc43&dongle=d54f&gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Tue, 24 Mar 2026 00:57:34 GMT
content-type: image/gif

Redirect headers

X-CI-RTID: e4129ce1-8b11-44c2-88a0-cfc5c636e42b
Location: https://eb2.3lift.com/xuid?mid=3702&xuid=a7ac6592-16a6-42e3-969b-972f7145cc43&dongle=d54f&gdpr=0&gdpr_consent=
Content-Length: 149
Date: Tue, 24 Mar 2026 00:57:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive

GET
H2 200 c.gif
c.bing.com/ Frame F9E9 42 B
690 B 382ms
188ms Image
image/gif 150.171.27.10
Microsoft Corpora...

General

Check archive.org

Download Go to Show image

Full URL: https://c.bing.com/c.gif?xid=4331877771003148553461&Red3=TLMS_pd
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 150.171.27.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

cache-control: private, no-cache, proxy-revalidate, no-store
pragma: no-cache
etag: "f25a4324eb2dc1:0"
x-msedge-ref: Ref A: D46B5BB541C84967938222A2DCE7796F Ref B: PER201000403025 Ref C: 2026-03-24T00:57:32Z
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
accept-ranges: bytes
x-cache: CONFIG_NOCACHE
content-length: 42
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/gif
last-modified: Thu, 12 Mar 2026 18:29:43 GMT
x-powered-by: ASP.NET

GET
H2

200

xuid
eb2.3lift.com/ Frame F9E9
Redirect Chain

https://um.simpli.fi/triplelift
https://eb2.3lift.com/xuid?mid=7969&xuid=F47313590C36495CB0FF23193B4147CE&dongle=yf3

37 B
473 B

179ms
179ms

Image
image/gif

3.0.38.223
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=7969&xuid=F47313590C36495CB0FF23193B4147CE&dongle=yf3
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/gif

Redirect headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-cache
location: https://eb2.3lift.com/xuid?mid=7969&xuid=F47313590C36495CB0FF23193B4147CE&dongle=yf3
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
expires: Mon, 23 Mar 2026 00:57:32 GMT
access-control-allow-origin: *
content-length: 142
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: text/html
server: openresty
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H2

200

xuid
eb2.3lift.com/ Frame F9E9
Redirect Chain

https://triplelift-match.dotomi.com/match/bounce/current?networkId=74572&version=1&gdpr=0&gdpr_consent=
https://triplelift-match.dotomi.com/match/bounce/current?DotomiTest=6e933f83c3671f7e&is_secure=true&networkId=74572&version=1&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=6732&dongle=38F&xuid=AQAKMTtmGoNAMwI8C1kqAQEBAQEBAQCcHFnRtQEBAJwcWdG1&expiration=1774400253&is_secure=true&gdpr_consent=&gdpr=0

37 B
473 B

179ms
179ms

Image
image/gif

3.0.38.223
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=6732&dongle=38F&xuid=AQAKMTtmGoNAMwI8C1kqAQEBAQEBAQCcHFnRtQEBAJwcWdG1&expiration=1774400253&is_secure=true&gdpr_consent=&gdpr=0
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: image/gif

Redirect headers

expires: 0
cache-control: no-cache, private, max-age=0, no-store
location: https://eb2.3lift.com/xuid?mid=6732&dongle=38F&xuid=AQAKMTtmGoNAMwI8C1kqAQEBAQEBAQCcHFnRtQEBAJwcWdG1&expiration=1774400253&is_secure=true&gdpr_consent=&gdpr=0
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
pragma: no-cache
server: nginx

GET
H2

200

xuid
eb2.3lift.com/ Frame F9E9
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=83&gdpr=0&gdpr_consent=
https://eb2.3lift.com/xuid?mid=3646&xuid=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&dongle=1fa5&gdpr=0&gdpr_consent=

37 B
473 B

204ms
204ms

Image
image/gif

3.0.38.223
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=3646&xuid=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&dongle=1fa5&gdpr=0&gdpr_consent=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/gif

Redirect headers

cache-control: max-age=0,no-cache,no-store
location: https://eb2.3lift.com/xuid?mid=3646&xuid=8925b5f2-37d6-411e-a159-05d5c5735faf-69c1e17b-4155&dongle=1fa5&gdpr=0&gdpr_consent=
pragma: no-cache
via: 1.1 google
expires: Tue, 11 Oct 1977 12:34:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
content-length: 0
date: Tue, 24 Mar 2026 00:57:32 GMT
server: A

GET
H2

200

xuid
eb2.3lift.com/ Frame F9E9
Redirect Chain

https://match.prod.bidr.io/cookie-sync/trl?gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/trl?gdpr=0&gdpr_consent=&_bee_ppp=1
https://eb2.3lift.com/xuid?mid=7255&xuid=AAF9UE7Tg8MAAABheBax3A&dongle=bzwx&gdpr=0

37 B
473 B

299ms
298ms

Image
image/gif

3.0.38.223
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=7255&xuid=AAF9UE7Tg8MAAABheBax3A&dongle=bzwx&gdpr=0
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: image/gif

Redirect headers

strict-transport-security: max-age=2592000; includeSubDomains
location: https://eb2.3lift.com/xuid?mid=7255&xuid=AAF9UE7Tg8MAAABheBax3A&dongle=bzwx&gdpr=0
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
server: gunicorn

GET
H2

200

xuid
eb2.3lift.com/ Frame F9E9
Redirect Chain

https://x.bidswitch.net/sync?ssp=triplelift&user_id=4331877771003148553461&gdpr=0&gdpr_consent=
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=triplelift&gdpr=0&gdpr_consent=
https://a.sportradarserving.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=triplelift&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=409&expires=14&user_group=1&user_id=7c98041d-8906-4110-b61f-c4ae992851f7&ssp=triplelift
https://eb2.3lift.com/xuid?mid=2409&xuid=af83d098-46e0-4192-95f2-f2da33b7063b&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=

37 B
473 B

179ms
179ms

Image
image/gif

3.0.38.223
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2409&xuid=af83d098-46e0-4192-95f2-f2da33b7063b&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: image/gif

Redirect headers

via: 1.1 google
cache-control: no-cache, no-store, must-revalidate
location: //eb2.3lift.com/xuid?mid=2409&xuid=af83d098-46e0-4192-95f2-f2da33b7063b&dongle=d3d3&gdpr=&gdpr_consent=&gdpr_pd=
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:33 GMT

GET
H2

200

xuid
eb2.3lift.com/ Frame F9E9
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=44&p=75&cp=triplelift&cu=1&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&url=https%3A%2F%2Feb2.3lift.com%2Fxuid%3Fmid%3D2711%26xuid%3D%40%40CRITEO_USERID...
https://eb2.3lift.com/xuid?mid=2711&xuid=748bd1fd-0e9f-49a6-9cf7-b5d362349460&dongle=013b&gdpr=0&gdpr_consent=&us_privacy=&gpp=

37 B
473 B

201ms
200ms

Image
image/gif

3.0.38.223
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?mid=2711&xuid=748bd1fd-0e9f-49a6-9cf7-b5d362349460&dongle=013b&gdpr=0&gdpr_consent=&us_privacy=&gpp=
Requested by: Host: eb2.3lift.com
URL: https://eb2.3lift.com/sync?
Protocol: H2
Server: 3.0.38.223 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-3-0-38-223.ap-southeast-1.compute.amazonaws.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eb2.3lift.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/gif

Redirect headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache
location: https://eb2.3lift.com/xuid?mid=2711&xuid=748bd1fd-0e9f-49a6-9cf7-b5d362349460&dongle=013b&gdpr=0&gdpr_consent=&us_privacy=&gpp=
pragma: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 1073989
expires: Tue, 24 Mar 2026 00:00:00 GMT
x-errorlevel: 0
content-length: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
date: Tue, 24 Mar 2026 00:57:32 GMT
server: Kestrel

GET
H2 200 json Show response
gum.criteo.com/sid/ Frame 2867 2 KB
2 KB 142ms
140ms Fetch
application/json 182.161.73.131
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to

Full URL

https://gum.criteo.com/sid/json?origin=criteoPrebidAdapter&domain=paint.toys&sn=ChromeSyncframe&so=0&topUrl=paint.toys

Requested by

Host: gum.criteo.com
URL: https://gum.criteo.com/syncframe?origin=criteoPrebidAdapter&topUrl=paint.toys&gpp=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

182.161.73.131 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

317f7ef96caf4cc021ee682b5a8c68d6e93cf0a4ad72f374f524ec2f2059838e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://gum.criteo.com/syncframe?origin=criteoPrebidAdapter&topUrl=paint.toys&gpp=

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
pragma: no-cache
server-processing-duration-in-ticks: 987550
expires: 0
date: Tue, 24 Mar 2026 00:57:31 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
server: Kestrel

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
139 B 54ms
54ms Fetch
image/gif 172.66.148.140
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.5267407344854437
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.148.140 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 887630
x-goog-stored-content-encoding: identity
expires: Fri, 13 Mar 2026 19:10:47 GMT
x-goog-stored-content-length: 43
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: ABgVH8-8d6tsHANUa2r84JrwjQITmm63V7aSPrfwA9n_jkotwDDYByg5ASpAwhKW45wurAfWr-QyLYc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9e11b8e8c8887381-PER
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame 50D1 0
795 B 104ms
104ms Script
text/html 103.43.89.4
Xandr Inc.

General

Check archive.org

Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

103.43.89.4 Singapore, Singapore, ASN29990 (ASN-APPNEXUS - Xandr Inc., US),

Reverse DNS

839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.25.5 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://acdn.adnxs.com/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 103.108.231.245; 103.108.231.245; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; *.adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: edf95e0a-dc43-42fd-a8bf-31ac8c47941d
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.25.5

GET
H2 204 p
rp.liadm.com/ 0
34 B 304ms
304ms Image
text/plain 54.165.213.217
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://rp.liadm.com/p?dtstmp=1774313852361&did=did-0046&se=e30&duid=8e413bd09c43--01kmenhgk1ttpxpw0nqpwk4e7c&tv=10.23.0&pu=https%3A%2F%2Fpaint.toys%2Foil%2F&wpn=prebid&refr=https%3A%2F%2Fqerty2.integrityss.com.au%2F&cd=.paint.toys
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.165.213.217 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-165-213-217.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

date: Tue, 24 Mar 2026 00:57:32 GMT

GET
H2 204 p
rp.liadm.com/ 0
34 B 561ms
561ms Image
text/plain 54.165.213.217
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://rp.liadm.com/p?dtstmp=1774313852361&did=did-0046&se=e30&duid=8e413bd09c43--01kmenhgk1ttpxpw0nqpwk4e7c&tv=10.23.0&pu=https%3A%2F%2Fpaint.toys%2Foil%2F&ae=eyJtZXNzYWdlIjoiIiwibmFtZSI6IkFqYXhGYWlsZWQiLCJzdGFja1RyYWNlIjoiQWpheEZhaWxlZFxuICAgIGF0IHcgKGh0dHBzOi8vY2RuLmludGVyZ2llbnQuY29tL3ByZWJpZC9wcmViaWQuMzM1ZGQ3MjRiOTQwNmRjZDllMmIuanM6MjoxNzAzNTgpXG4gICAgYXQgeC5lbWl0RXJyb3IgKGh0dHAuLi4iLCJmaWxlTmFtZSI6InVuZGVmaW5lZCJ9&wpn=prebid&refr=https%3A%2F%2Fqerty2.integrityss.com.au%2F&cd=.paint.toys
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.165.213.217 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-54-165-213-217.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

date: Tue, 24 Mar 2026 00:57:32 GMT

GET
H2

200

usync.html Show response
eus.rubiconproject.com/ Frame AF35
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=pbs-Playwire&gdpr=&gdpr_consent=&us_privacy=
https://eus.rubiconproject.com/usync.html?p=pbs-Playwire&gdpr=&gdpr_consent=&us_privacy=

269 B
379 B

101ms
101ms

Document
text/html

184.31.253.153
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=pbs-Playwire&gdpr=&gdpr_consent=&us_privacy=
Requested by: Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.253.153 Sydney, Australia, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a184-31-253-153.deploy.static.akamaitechnologies.com
Software: Apache/2.4.65 (Debian) /
Resource Hash: e4df52d49c57bc3e7158cb052cc05c60f1258c24de5c5728dac5d43272943ad9

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 224
content-type: text/html
date: Tue, 24 Mar 2026 00:57:32 GMT
etag: "10d-63d602600b800-gzip"
last-modified: Wed, 27 Aug 2025 22:17:04 GMT
server: Apache/2.4.65 (Debian)
vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 24 Mar 2026 00:57:32 GMT
location: https://eus.rubiconproject.com/usync.html?p=pbs-Playwire&gdpr=&gdpr_consent=&us_privacy=
server: AkamaiGHost

GET
H/1.1 200
OK geo Show response
ut.pubmatic.com/ Frame 3DBE 22 B
257 B 391ms
141ms XHR
application/json 207.65.33.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://ut.pubmatic.com/geo?pubid=0

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

207.65.33.86 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

Resource Hash

3e448774ba2817d085dfdd3cf021098a286343ee7f916df7c4a05217511b199b

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Strict-Transport-Security: max-age=16070400; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Content-Length: 22
Date: Tue, 24 Mar 2026 00:57:32 GMT
Content-Type: application/json

GET
H2

204

match
ssp-sync.criteo.com/user-sync/
Redirect Chain

https://x.bidswitch.net/sync?ssp=criteo&custom_data=-Ex2D192JTJCY1ZCZllpSTVLeHhEalJod2IlMkZLaXYyck9QVDVrclVNTldWSWFwY0h4YyUzRA&gpp=&gpp_sid=&gdpr=0&gdpr_consent=&us_privacy=&cr_user_id=k-XhAczkLZMV...
https://ssp-sync.criteo.com/user-sync/match?p=-Ex2D192JTJCY1ZCZllpSTVLeHhEalJod2IlMkZLaXYyck9QVDVrclVNTldWSWFwY0h4YyUzRA&u=af83d098-46e0-4192-95f2-f2da33b7063b

0
255 B

285ms
285ms

Image
text/plain

182.161.73.164
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to Show image

Full URL

https://ssp-sync.criteo.com/user-sync/match?p=-Ex2D192JTJCY1ZCZllpSTVLeHhEalJod2IlMkZLaXYyck9QVDVrclVNTldWSWFwY0h4YyUzRA&u=af83d098-46e0-4192-95f2-f2da33b7063b

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

182.161.73.164 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-store,max-age=0
x-criteo-endpoint-version: none
cross-origin-resource-policy: cross-origin
x-criteo-endpoint-action: StoreMatchResult
x-criteo-endpoint-controller: UserSync
date: Tue, 24 Mar 2026 00:57:33 GMT
server: Kestrel

Redirect headers

via: 1.1 google
cache-control: no-cache, no-store, must-revalidate
location: //ssp-sync.criteo.com/user-sync/match?p=-Ex2D192JTJCY1ZCZllpSTVLeHhEalJod2IlMkZLaXYyck9QVDVrclVNTldWSWFwY0h4YyUzRA&u=af83d098-46e0-4192-95f2-f2da33b7063b
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:32 GMT

GET
H2

204

match
ssp-sync.criteo.com/user-sync/
Redirect Chain

https://secure.adnxs.com/getuid?https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fmatch%3fp%3dTvGegV9GREFlU1FyeG04TTNpWm9iSXNoWFdMNUJXdGpiemolMkJKd25wdnYlMkZCdkdsQSUzRA%26u%3d%24UID&gdpr=0&gdpr_consent=
https://ssp-sync.criteo.com/user-sync/match?p=TvGegV9GREFlU1FyeG04TTNpWm9iSXNoWFdMNUJXdGpiemolMkJKd25wdnYlMkZCdkdsQSUzRA&u=3655796931204238726&gdpr=0&gdpr_consent=

0
255 B

614ms
186ms

Image
text/plain

182.161.73.164
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to Show image

Full URL

https://ssp-sync.criteo.com/user-sync/match?p=TvGegV9GREFlU1FyeG04TTNpWm9iSXNoWFdMNUJXdGpiemolMkJKd25wdnYlMkZCdkdsQSUzRA&u=3655796931204238726&gdpr=0&gdpr_consent=

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

182.161.73.164 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-store,max-age=0
x-criteo-endpoint-version: none
cross-origin-resource-policy: cross-origin
x-criteo-endpoint-action: StoreMatchResult
x-criteo-endpoint-controller: UserSync
date: Tue, 24 Mar 2026 00:57:32 GMT
server: Kestrel

Redirect headers

cache-control: no-store, no-cache, private
location: https://ssp-sync.criteo.com/user-sync/match?p=TvGegV9GREFlU1FyeG04TTNpWm9iSXNoWFdMNUJXdGpiemolMkJKd25wdnYlMkZCdkdsQSUzRA&u=3655796931204238726&gdpr=0&gdpr_consent=
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
x-proxy-origin: 103.108.231.245; 103.108.231.245; 594.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; *.adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin: *
an-x-request-uuid: ceceeda4-b968-474b-ad71-19fd462911e8
content-length: 0
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: text/html; charset=utf-8
server: nginx/1.25.5

GET
H2

204

match
ssp-sync.criteo.com/user-sync/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=commerce_grid_dbm&google_hm=k-XhAczkLZMVoImS4BFFelATBROC0DcS0uslkPLg&google_cm&google_redir=https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fmatch%3fp%3...
https://ssp-sync.criteo.com/user-sync/match?p=WycD_V9MNHdXJTJCUHVLaWVFeW1rOEF4cVlWV0Y4dGREdDcxbndiWU9KU1RhQ1JmVFUlM0Q&u=CAESEIEWEfY9bvF-wAX8N9Aa4Gs&gdpr=0&gdpr_consent=&google_cver=1

0
256 B

510ms
187ms

Image
text/plain

182.161.73.164
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to Show image

Full URL

https://ssp-sync.criteo.com/user-sync/match?p=WycD_V9MNHdXJTJCUHVLaWVFeW1rOEF4cVlWV0Y4dGREdDcxbndiWU9KU1RhQ1JmVFUlM0Q&u=CAESEIEWEfY9bvF-wAX8N9Aa4Gs&gdpr=0&gdpr_consent=&google_cver=1

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

182.161.73.164 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-store,max-age=0
x-criteo-endpoint-version: none
cross-origin-resource-policy: cross-origin
x-criteo-endpoint-action: StoreMatchResult
x-criteo-endpoint-controller: UserSync
date: Tue, 24 Mar 2026 00:57:32 GMT
server: Kestrel

Redirect headers

cache-control: no-cache, must-revalidate
location: https://ssp-sync.criteo.com/user-sync/match?p=WycD_V9MNHdXJTJCUHVLaWVFeW1rOEF4cVlWV0Y4dGREdDcxbndiWU9KU1RhQ1JmVFUlM0Q&u=CAESEIEWEfY9bvF-wAX8N9Aa4Gs&gdpr=0&gdpr_consent=&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 395
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H2

200

bidder-initiated
ssp-sync.criteo.com/user-sync/
Redirect Chain

https://ad.turn.com/r/cs?pid=75&us_privacy=&gdpr=0&gdpr_consent=
https://ssp-sync.criteo.com/user-sync/bidder-initiated?gdpr_consent=&gdpr=0&us_privacy=&dsp=11&buyer_id=9200000678844645331

0
269 B

305ms
260ms

Image
text/plain

182.161.73.164
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to Show image

Full URL

https://ssp-sync.criteo.com/user-sync/bidder-initiated?gdpr_consent=&gdpr=0&us_privacy=&dsp=11&buyer_id=9200000678844645331

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

182.161.73.164 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-store,max-age=0
x-criteo-endpoint-version: none
cross-origin-resource-policy: cross-origin
x-criteo-endpoint-action: BidderInitiatedRedirectMode
x-criteo-endpoint-controller: UserSync
content-length: 0
date: Tue, 24 Mar 2026 00:57:32 GMT
server: Kestrel

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Location: https://ssp-sync.criteo.com/user-sync/bidder-initiated?gdpr_consent=&gdpr=0&us_privacy=&dsp=11&buyer_id=9200000678844645331
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Content-Length: 0
Date: Tue, 24 Mar 2026 00:57:32 GMT
Pragma: no-cache
Connection: keep-alive

GET
H2

200

bidder-initiated
ssp-sync.criteo.com/user-sync/
Redirect Chain

https://ds.uncn.jp/mg/0/sync_push
https://ssp-sync.criteo.com/user-sync/bidder-initiated?dsp=479&buyer_id=v_8c52eabc-66a2-4689-8976-bc1464557ed1

0
269 B

247ms
245ms

Image
text/plain

182.161.73.164
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to Show image

Full URL

https://ssp-sync.criteo.com/user-sync/bidder-initiated?dsp=479&buyer_id=v_8c52eabc-66a2-4689-8976-bc1464557ed1

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

182.161.73.164 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-store,max-age=0
x-criteo-endpoint-version: none
cross-origin-resource-policy: cross-origin
x-criteo-endpoint-action: BidderInitiatedRedirectMode
x-criteo-endpoint-controller: UserSync
content-length: 0
date: Tue, 24 Mar 2026 00:57:32 GMT
server: Kestrel

Redirect headers

location: https://ssp-sync.criteo.com/user-sync/bidder-initiated?dsp=479&buyer_id=v_8c52eabc-66a2-4689-8976-bc1464557ed1
content-length: 137
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: text/html; charset=utf-8
server: Apache

GET
H2

204

match
ssp-sync.criteo.com/user-sync/
Redirect Chain

https://cs.admanmedia.com/e805be652c9053b8f771665f0ac3c361.gif?puid=k-XhAczkLZMVoImS4BFFelATBROC0DcS0uslkPLg&redir=https%3a%2f%2fssp-sync.criteo.com%2fuser-sync%2fmatch%3fp%3d6y5FTF93aDlJU1JtcXQ5RU...
https://ssp-sync.criteo.com/user-sync/match?p=6y5FTF93aDlJU1JtcXQ5RUFKNXB5OHlzQzdoanVuRHlnWlNIdmtLRzhlSWxxcnBjJTNE&u=1c5e3660-4ba7-41fb-86ab-157616b6339c

0
255 B

140ms
139ms

Image
text/plain

182.161.73.164
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to Show image

Full URL

https://ssp-sync.criteo.com/user-sync/match?p=6y5FTF93aDlJU1JtcXQ5RUFKNXB5OHlzQzdoanVuRHlnWlNIdmtLRzhlSWxxcnBjJTNE&u=1c5e3660-4ba7-41fb-86ab-157616b6339c

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

182.161.73.164 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-store,max-age=0
x-criteo-endpoint-version: none
cross-origin-resource-policy: cross-origin
x-criteo-endpoint-action: StoreMatchResult
x-criteo-endpoint-controller: UserSync
date: Tue, 24 Mar 2026 00:57:35 GMT
server: Kestrel

Redirect headers

expires: 0
cache-control: no-cache, no-store, must-revalidate
location: https://ssp-sync.criteo.com/user-sync/match?p=6y5FTF93aDlJU1JtcXQ5RUFKNXB5OHlzQzdoanVuRHlnWlNIdmtLRzhlSWxxcnBjJTNE&u=1c5e3660-4ba7-41fb-86ab-157616b6339c
content-length: 0
date: Tue, 24 Mar 2026 00:57:35 GMT
pragma: no-cache
server: nginx

GET
H2

204

match
ssp-sync.criteo.com/user-sync/
Redirect Chain

https://t.adx.opera.com/pub/sync?pubid=pub13186530141056&gdpr=0&consent=&us_privacy=&gpp=&gpp_sid=&custom_data=eUTedl8zcURNOFBkSkt1TGNmTVptWVFZWHlnWkNNaWRJd0dhdTBWejJqRXQ5UXlFJTNE
https://www.temu.com/api/adx/cm/pixel-opera?adx_uid=c8fb46b639a16f79&gdpr=0&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Ft.oa.opera.com%2Fsync%3Fvendor%3D60369%26pubid%3Dpub13186530141056%26gdpr%3...
https://t.oa.opera.com/sync?vendor=60369&pubid=pub13186530141056&gdpr=0&consent=&us_privacy=&custom_data=eUTedl8zcURNOFBkSkt1TGNmTVptWVFZWHlnWkNNaWRJd0dhdTBWejJqRXQ5UXlFJTNE
https://ssp-sync.criteo.com/user-sync/match?p=eUTedl8zcURNOFBkSkt1TGNmTVptWVFZWHlnWkNNaWRJd0dhdTBWejJqRXQ5UXlFJTNE&u=OPU2a0648129ab14ff488fc7a655aebbf80

0
255 B

141ms
141ms

Image
text/plain

182.161.73.164
CRITEO-AS-AP Crit...

General

Check archive.org

Download Go to Show image

Full URL

https://ssp-sync.criteo.com/user-sync/match?p=eUTedl8zcURNOFBkSkt1TGNmTVptWVFZWHlnWkNNaWRJd0dhdTBWejJqRXQ5UXlFJTNE&u=OPU2a0648129ab14ff488fc7a655aebbf80

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

182.161.73.164 , Singapore, ASN55569 (CRITEO-AS-AP Criteo APAC, JP),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=31536000; preload;
cache-control: no-store,max-age=0
x-criteo-endpoint-version: none
cross-origin-resource-policy: cross-origin
x-criteo-endpoint-action: StoreMatchResult
x-criteo-endpoint-controller: UserSync
date: Tue, 24 Mar 2026 00:57:34 GMT
server: Kestrel

Redirect headers

Cache-Control: no-cache, no-store, must-revalidate
Location: https://ssp-sync.criteo.com/user-sync/match?p=eUTedl8zcURNOFBkSkt1TGNmTVptWVFZWHlnWkNNaWRJd0dhdTBWejJqRXQ5UXlFJTNE&u=OPU2a0648129ab14ff488fc7a655aebbf80
Pragma: no-cache
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, OPTIONS
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Access-Control-Allow-Origin: *
Content-Length: 179
Date: Tue, 24 Mar 2026 00:57:34 GMT
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With

GET
H/1.1 200
OK geo Show response
ut.pubmatic.com/ Frame E3C1 22 B
257 B 345ms
142ms XHR
application/json 207.65.33.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://ut.pubmatic.com/geo?pubid=158326

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

207.65.33.86 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

Resource Hash

3e448774ba2817d085dfdd3cf021098a286343ee7f916df7c4a05217511b199b

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Strict-Transport-Security: max-age=16070400; includeSubDomains
Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Content-Length: 22
Date: Tue, 24 Mar 2026 00:57:32 GMT
Content-Type: application/json

GET
H2 200 usync.js Show response
eus.rubiconproject.com/ Frame 8D2C 45 KB
11 KB 121ms
120ms Script
text/html 184.31.253.153
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.253.153 Sydney, Australia, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a184-31-253-153.deploy.static.akamaitechnologies.com
Software: Apache/2.4.65 (Debian) / PHP/8.3.24
Resource Hash: 54bad2ce1afbc76d3145cc534472fa4cbf628cb5309b8a896e58605cd6d8464b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/usync.html

Response headers

cache-control: max-age=39940
content-encoding: gzip
expires: Tue, 24 Mar 2026 12:03:12 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
content-length: 11509
date: Tue, 24 Mar 2026 00:57:32 GMT
last-modified: Mon, 23 Mar 2026 12:03:12 GMT
x-powered-by: PHP/8.3.24
server: Apache/2.4.65 (Debian)
content-type: text/html;charset=UTF-8
vary: Accept-Encoding

GET

cs
cs.lkqd.net/ Frame B066
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=lkqd_dbm&google_cm
https://cs.lkqd.net/cs?partnerId=59&partnerUserId=CAESEChPhHzrMhEJkA6EudHvHbc&google_cver=1

0
0

GET cs
cs.lkqd.net/ Frame B066 0
0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame B066
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP328_SoCAJ65CD7DVBdNP8&google_cver=1

43 B
717 B

162ms
162ms

Image
image/gif

104.18.27.193
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP328_SoCAJ65CD7DVBdNP8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIY6-uXzAIwAQ&v=APEucNVeDa29K9wO4LJYTNTXwwEmo4J_Dbylp2sa0lyYN3mcyv_2dHQRDghUWGs6bhCa-d0fhBLGHMJH8Uc3R9SpHgxBhj3q4A
Protocol: H3
Server: 104.18.27.193 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

cache-control: no-cache
nel: {"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hkzpDEHYYsBO53ocn1bcHcJlW4tXkuhfgFNbWlodZTU%2BGqHPHqDj4lHk%2Fv9epYAKSayep0PyW9FIGBboqRJk82UE7l7Oxnjn2bRQUk1yZFJJ%2Ffe3xw%3D%3D"}]}
cf-ray: 9e11b8eb9eeb2d51-PER
expires: 0
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/gif
server: cloudflare
priority: u=2,i

Redirect headers

cache-control: no-cache, must-revalidate
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP328_SoCAJ65CD7DVBdNP8&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 313
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame B066
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=acHhfIsFVogAOMpRAK-AqgAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP328_SoCAJ65CD7DVBdNP8&google_cver=1

43 B
719 B

160ms
160ms

Image
image/gif

104.18.27.193
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP328_SoCAJ65CD7DVBdNP8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJfnugEQi4Dw4AIY6-uXzAIwAQ&v=APEucNVeDa29K9wO4LJYTNTXwwEmo4J_Dbylp2sa0lyYN3mcyv_2dHQRDghUWGs6bhCa-d0fhBLGHMJH8Uc3R9SpHgxBhj3q4A
Protocol: H3
Server: 104.18.27.193 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://googleads.g.doubleclick.net/

Response headers

cache-control: no-cache
nel: {"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
cf-cache-status: DYNAMIC
pragma: no-cache
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=daALxBWYY1lKcdsMc9%2BsSfZPwufLZuQkPV4vbgvfAjgoeOh3VD%2FHSSsS0DMrsfiF21O%2FM2HPt9WFtR0yHtLLWwMjSJUn%2FFGFhnjD%2F95oUeNYOc8y6w%3D%3D"}]}
cf-ray: 9e11b8edb98a2d51-PER
expires: 0
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: image/gif
server: cloudflare
priority: u=2,i

Redirect headers

cache-control: no-cache, must-revalidate
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEP328_SoCAJ65CD7DVBdNP8&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 313
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H/1.1 200
OK geo Show response
ut.pubmatic.com/ Frame 3DBE 22 B
0 305ms
305ms XHR
application/json 207.65.33.86
PubMatic

General

Check archive.org

Download Go to

Full URL: https://ut.pubmatic.com/geo?pubid=0
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?gdpr=&gdpr_consent=&us_privacy=&predirect=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dpubmatic%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.86 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: /
Resource Hash: 3e448774ba2817d085dfdd3cf021098a286343ee7f916df7c4a05217511b199b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Content-Length: 22
Date: Tue, 24 Mar 2026 00:57:32 GMT
Content-Type: application/json

GET
H/1.1 200
OK geo Show response
ut.pubmatic.com/ Frame E3C1 22 B
0 250ms
250ms XHR
application/json 207.65.33.86
PubMatic

General

Check archive.org

Download Go to

Full URL: https://ut.pubmatic.com/geo?pubid=158326
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 207.65.33.86 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),
Reverse DNS
Software: /
Resource Hash: 3e448774ba2817d085dfdd3cf021098a286343ee7f916df7c4a05217511b199b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

Access-Control-Allow-Origin: *
Cache-Control: max-age=172800
Content-Length: 22
Date: Tue, 24 Mar 2026 00:57:32 GMT
Content-Type: application/json

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6012 0
20 B 191ms
191ms Ping
image/gif 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3192895515943&version=m202602230101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6012 0
20 B 190ms
190ms Ping
image/gif 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3192895515943&version=m202602230101&ct=77&x=8&cor=8034683852766147584

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 6012 37 KB
21 KB 267ms
266ms Script
text/javascript 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bkpdlq2Zl6VZlMWCu_aRvvxcYcaPbKJa80kxSJiK-4vGY-nlCQHqoivuy5dv2OmnKUonqJKGNJNQkBjKwfbBOZD0hYWbOybX_z-5rjHzmI9jJ_ft4CXrDX3A9XDzUCV9Fx6OcwZzpC2b9xKFuFK5scV__qVDoJyp8OUgm76TXVA6bgkZJFZBpa43XGmj9fgrHW9_9T2G1hkkmYXpx48Q7mHmmaJaxb-d2i3RGUKPAVLbKQM9tzHDEcs_prHQ7qqxypU9ZM_RQM3hTYsvbbOUMa_Vx-5vZptZW7kNNjzYZcLL6FkNk&cry=1&dbm_d=AKAmf-AbybIbSmhr4mm7LyYAms9W2Hof-g8JICAh_AcLOzgiyXo13HeE6Lu2kvhvJAmTUcAW4U1xHidI8J-70W7VXJyPvdhnjXTLudMQy7kMp8m4ltS_cG6WHX1axljFkGcYHJ06uewbbzkCLTVOWhTzdR6e3UlKDMClAtrhjbAk6JhX570M5rzfoyTIxkq9ASbIHKGaPQbriKvT2SSbXphG1GTXDoawUryJ7SsXM0mYVQKBn1XaRgvMQ5pl2lmOrQGdHrC8hUDhg3kwh-q1teaD9QBOLqhgNDyM9kBYjtWgNZ5ss4nNgaWJ8673qRSlXNOlxeR1zp94-kvH2X14VnMyzWHLejaaBQHJPD-8AMHJYm4MiK1tfaJzjLi7EGw6JZYbujn6wMevIkjUFULdUWvu173V3FnJlUuslhrSDEvYwp89greaXsOM_QU_pydEEqopKSzjExr4clF5DloMuWmPODUsdSW35YJVoGNA8rSUKZ5vyTosjLW-x6xBDwCKLo8fkaY2JKk8-_Bw912rNNL6N7N1aDg8_P3b9-55ISpEsAK_IhyPv9lGt6EBpN0452ExfR8hZO9x8k8es9wCSRnC3b0r4SyZapaqFaJ1YrkKiU_DzfydlooMM3KbuWmD0Cq47oSJT1X2SVaU1j1CKivhDUft3c2SIfZJ2DbIScf1Uwo5pEsMsDgcXEF4-2_ePtICGdpiZWBwN7BWqw0MXRR3m_MFV93ux2TzQP0E5ZU9YJxCl-vj_kv-OTJLZzyAWe6ldiFE_S_0wyQWqkPC21Xc6GHgeYlDtNrb8O3TGhWEbYFHIViBLJVmEOUgRt_6EaemAi7VnaAtScZWZapbkpATI4LASboFJB7niIfREpMN3CcuI18KQb7OIUqqwI3ykZPhiu3T_A1A9KZTX4oLJr2hQyV4iT0L_wNyiZ-eTmC9KW3sOUrpYjOC282r9OdmsZahz20Wvx9U6QzKkpdzjXVs8NjZ_ASUfYU-GmR6Yg8wEMNM0W0UNeht0KryzzCEOGHVeNp7TGdTuK8bM6vLE191L9YxnN57XgXpKb7vURI0UoHsvrgIxbaclpDbfmht7BL927pcvGY63GDidIPQF2w_D1GSVL-M6oCghMDJPfLKXZqOfD4HmT2KtYDV8jmDNQK_qFbxaaO3KS_g6STtmntcCRrRW8H70fUUk9uYqB10cNzGg6Jd9oxgc_t_pxA5WpQea0bDZeAcQ8qIUr7qGtr4VvT7FtgCT-RKKtcEvNVi0dlnf5DxSHyLZ2R1qh58AIgF97TwTrznZcPmNrnCfdzR21VjEXEWMz_L8O_fVTBVWE-hq4n2eCoYLZwdF0TTzO86ER4esbhyz390nBhhYenqOdZBe8Uf7rgeTKOwB-pXMdE78YeDx_pNatnj6xFaP2t9YLMfivmCYv5l4TZ-8cJ0WD1ky1hVt7Dch4QiJRQZ52kisSsPoUIbWKP1PkLFb3qBp5srGhWG1K71ml12lenvy4R9T333_4RUhfm8u6luaCiuz9EgPmMw8kBS7cZZyc-XAGo-GFSISM1ySZ9DZX9kfKFnI0D34SVXQsPqzuJBobl3EmCwpb7cqg2IL14bv-f3YhiLsg6e6ssvTOnvKfW4ETYcr8unoz0ii9YKVgeQHDrz_bhKNo52-0RwsKcmk3EDs1aIQdsPqEjhmdAmLxYplPDVLVzqcmD8MbzfsEkKvJ2foVe5I0PGJJQm-jC5JNqEBM46HJOoPXrgFtZ4oSUBCySg3x3uhISD7cAojTzckJIwBf8PpHx7cfyqM--9d0BbGbLdtRhcR1pubbVU6djKYp0kurxpBlsbOE74iknxY-HXFfFnUbqmupzv-yY5NqrD5nEEcZAKjTsGFeSp6ytBXgj4XMdGY06OUI_01WfrVIdl0dzKM7LTTLERQ-ls52XAwRQ3sF8NCA7Afs1CjMiqcOtq8H4j-VWHpyJoCoRCPVrpzHHy4ufsuqvYbDVFaQlAIUHGUYqB43QrzFuD4eQfmgGlKNcuyflb217SWwYSXuxnfevj8YIJMNulopGAMhaYw_6NTEpTEbKuibAOyCTA_9EPlxPp2btgYRLwwo8D3_csvALIRD--LblWMTth1FfEwpStejbKal-L2_RqsNl9TEMuAYRBMhg0dq3sFwYR6DpmkxI5A4O7WN7qh9GwuRIm0wvmm8bQ-d2wsvdoG3fO19wCsmi1YCIQvBoxLBWUGcg7UtH8BEGN_VcNhI3evqj3mVl27hjC30kUQtxYPZCqI0rhseKonMNBf_M878Q1PqoaXFIDWB-Uew2JKNHdgT3R2vjYThRMMpIJcDFAflSynV2RYUB0Nh77LxA3UQ2tU-_5S2eEZau0SMIhWx2wG-hesanDunpg2UGjs4iTzqmwsQ8cN4EkM4W0AsA5zmsLVC0UDu-gwJaLpbp3LvHY1DMVUxExyTh2VRO3Ut6pcwW2aj6cKDbrK1Pv7VP8Agxlvl0D1Te3MNu-0fsd2inK-3qaBQtztDq60yqq67nVqYLg2cwCqNhkKaC8Rlr8qu6heeCF-S1aIjKwYuQKxnG8AHMLknwpb6DLpBo2spQJvRRh2adWlPeTHmY5vrRC2FmPMtLN1ax9d5kKPNnxn84cJlzmMivLdK1-xAEqSmMkbfKUmfrhlDocn9puA5pEAK-bwarjW3Oh6h3P6Cl1ZyHoydTrpaP3XpoYDNk5rTX4KDMKV6_jHKh8G6Yru4UeiJiathB4iIXHeVqaR-aI8SBq-dEr9D812bY7PdzFZYOYH3sy-FhJjS5DG51-VEM0YZ5ysCAgrvBNgjVdygyA0ZELMxLoVMTLryEyKBdBIQ3f4rYjyYOIhey04bIL2dsYInDAb9UzJrrlE0RaL9evkH0rL37hgCHJT4fyB780jvycz_HdB5yIzVAIUAuUP7Bepm7vRMbFA36SiSoBP1w0ZbAQtCjC6qyxZ3JGgtFaRooj7LMGXc-Qa3eKEAKuwsFjjPk8mIMFxfDg2BdtFuJH2WRXtKnnE2hxoQ_CwBmcySmz6gwDO2j0GKO_7Wb-FnIJhx0Wzwk6jAsFK1wJ19HDqBr-l5CeHKHyWmvQNUM39dKvA9nOIxXiDN2xQ_eMUJiNNu0DU-d8B6MyaZv1gsJcwtJjhL17AEpMNujRtA0I8zNz-4A3neiem3H8PVb_SDlKIDD3p5bEhNZM--dIark2xYJ9LLWwkxE8HYrV7JMbYn-rxsguUrbN7AAw7v-NXCmt1I2x6siQk9gm9vgC1pP_j-t6WDvkWhFqrXE7vRu0QVv-A-HJzeIdOznEc0U5uiYajSU-C1vMG3Jif3ggHQU_b_Jzn_jN_YDS2Qcgb5RKt1G-YCgg1c6ntlBEyC4wa3Qi4lI2hXZbYQcixq10fep4-2WJIMP2ZqxxToQaL4MrOd_wfCrzqC1lMRsOMnb2EQNz3HDKCd8Awmvr0rNlQkpbHWjRrVdl8hbn8WZmQIVPjOy-jxdLO6knnufm68GyEtizv208nvlvjL9fG_3Em6RUo3AUOPwQGg_AoaxbaGK1Q9jCwjWCtBktpKUXHXYj7IkrNmvqrknFpMOzp6uivYJYCD_OY1H7ctz2kYbWV56ApqjzWY42mQaqyZfjVZZ18Z8gDiHfiiKD866QEC1-MjjV7MkcVqjtcfXOO9iOtixOVyjvEymKRlHXbGAS7sqELK1kUSJEYY5z-0olTcNpikc_zzC6Fqu7P3GbcVVA5oLTqjNHnfb_7lBi5Eh3CjzVUNHLp0JQt53hFKNJVl9rHS4RhqtBfSRYcvRGE5_l5WKdZKe4sqK58LTPG07-SG6Gii17qwcWNTZJ3jVMiOdCY1QyhAj0iNLxfP4e1a0hN64AX1TdljgH8QIqSJHiBIbJM3ZxBukNgSBGwlWPmKvexEPngIn2E9BR2j9qp_xn-ECArFPKXjlXiDWVkjTAZEuPo_ALNrftdprTvdN9rbV9dTS5b_bvWiTh4R9fAmFlDHoxbsxtebHEX3XL2oLl-pqDtampWLnDoC3-WyE4jQdAGrDVbpM0L9JZLRVx5xVlP8R_0x_SSEx_Api0D5x3qrYgSDsK1uZLssHosv-vK6DdJC1ze8RJye1RNXKM_tv2KTwHP4SC5PNGY6wQIpel-RXUjACEB6R9qAT-3HSZMETZqXUhRjjlGaPeRzEDtFODSTlIHBTv_ePdZYIVyTAiB1zf51Ghik8lt5Jej5kMsY5RztC2DctktQj7ugV3c4D5EVIkEhsViosQL1iIz9vE3brueUSmGTNXJfQW5DtklG1NPxBVevAgKYZRA3cT_8iVAUZ9iOEmWA7QMria1wGXpX7_EJ0Wm9ymiyAyMSb9CLek8YXILWKneKuBlN5LUaelNvKuu87TKbamOHCJthGc7sdxUORWMke3qLhEX5-i-EkbZvEJHYcefcTcCNEOZiSpjjm4uAxqKBVoMGi7u_hHexoQfTH6kDg2u7NpqnTGShHqRTVD021Frrrwq_8ZqSOU8zcUkiMqAb8gHZH9qe8Sp6u67ZqVj4_-Pp40bQM58DDe18C5xB4mSoEwdZMl_RktDtQ2lqEU5BMjNhoH8EUo_QPNViWg3z7F8g67BSAxO5unJwJRZ-y-Tv9IJT2R2mGiurPbTlCcDdScTN92JSwQKLPwUvoaOaZvJfO_quHj7C1hPj_aSb2hpiQ7K0XwhwC4HU6T2YC2NCxor6b3-mePsI8GuHd31wL7v3U0DrvekW0&pr=8%3A8A0B4360DFA2E531&cid=CAQS3gEABaugfcvcQEVisj4dXZRnK5WrcZkAku6HXMziAWv2oyd3Y25TXIbxhKtvGICe8JIaAktcmqFSCxzLVeL49DBnXLLtqH3rwfEokCmWwaQNtvvbLABYFviwG_ryNnNZ9xzcqFVyY0OKD351lOs0yAzzFbmsZvcdf9jDI7JxhJpJubUpoQSeXd5r0sd75CtTVOm2edeR-dw4lyhC9nGUG1k1DEhquSjgMTcwr-eQSGJ8zdUnpneKGHgmNGZRu1Lvqo7aFUJnGB-oidQJFz7lIJhwM6rPRYDDR0P3NL0nrU4YAQ&dv3_ver=m202602230101&nel=1&rfl=https%3A%2F%2Fpaint.toys%2F&ds=l&xdt=1&ct=77&iif=1&cor=8034683852766147584&adk=2053332817&idt=484&cac=0&dtd=47

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

6fac22d977d7f8c0c13c28100e861946a4d41cd7da77fb749f6bb090803f698e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 21711
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 usync.js Show response
eus.rubiconproject.com/ Frame 9B80 45 KB
0 0ms
0ms Script
text/html 184.31.253.153
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.253.153 Sydney, Australia, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a184-31-253-153.deploy.static.akamaitechnologies.com
Software: Apache/2.4.65 (Debian) / PHP/8.3.24
Resource Hash: 54bad2ce1afbc76d3145cc534472fa4cbf628cb5309b8a896e58605cd6d8464b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/usync.html?p=gumgum

Response headers

cache-control: max-age=39940
content-encoding: gzip
expires: Tue, 24 Mar 2026 12:03:12 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
content-length: 11509
date: Tue, 24 Mar 2026 00:57:32 GMT
last-modified: Mon, 23 Mar 2026 12:03:12 GMT
x-powered-by: PHP/8.3.24
server: Apache/2.4.65 (Debian)
content-type: text/html;charset=UTF-8
vary: Accept-Encoding

GET
H2 200 usync.js Show response
eus.rubiconproject.com/ Frame AF35 45 KB
0 1ms
1ms Script
text/html 184.31.253.153
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=pbs-Playwire&gdpr=&gdpr_consent=&us_privacy=
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.253.153 Sydney, Australia, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a184-31-253-153.deploy.static.akamaitechnologies.com
Software: Apache/2.4.65 (Debian) / PHP/8.3.24
Resource Hash: 54bad2ce1afbc76d3145cc534472fa4cbf628cb5309b8a896e58605cd6d8464b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/usync.html?p=pbs-Playwire&gdpr=&gdpr_consent=&us_privacy=

Response headers

cache-control: max-age=39940
content-encoding: gzip
expires: Tue, 24 Mar 2026 12:03:12 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
content-length: 11509
date: Tue, 24 Mar 2026 00:57:32 GMT
last-modified: Mon, 23 Mar 2026 12:03:12 GMT
x-powered-by: PHP/8.3.24
server: Apache/2.4.65 (Debian)
content-type: text/html;charset=UTF-8
vary: Accept-Encoding

GET
H2 200 setUser Show response
script-api.ccgateway.net/ 0
360 B 304ms
303ms Script
text/javascript 52.91.215.149
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://script-api.ccgateway.net/setUser?parent=5bb3e20859&site=paint.toys&ccuid=55f93eb7-929f-4425-9190-25b425ce4aa7&ccsid=e61582bc-cfea-4f52-95a1-e6e9c0a49c3d
Requested by: Host: carbon-cdn.ccgateway.net
URL: https://carbon-cdn.ccgateway.net/script?id=paint.toys&parentId=5bb3e20859
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.91.215.149 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-91-215-149.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: private,max-age=300
content-length: 0
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: text/javascript

GET
H2 200 bundle Show response
script-api.ccgateway.net/script/ 16 KB
5 KB 560ms
559ms Script
text/javascript 52.91.215.149
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://script-api.ccgateway.net/script/bundle?id=paint.toys&parentId=5bb3e20859
Requested by: Host: carbon-cdn.ccgateway.net
URL: https://carbon-cdn.ccgateway.net/script?id=paint.toys&parentId=5bb3e20859
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.91.215.149 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-91-215-149.compute-1.amazonaws.com
Software: /
Resource Hash: c879e20b7fd8e872a394d588a3363a46561ca1bd1bdaabee0d213d4f429a4ed9

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

cache-control: public,max-age=1200
content-encoding: gzip
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 422 v1
match.sharethrough.com/FGMrCMMc/ 0
228 B 725ms
314ms Image
text/plain 54.255.134.76
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://match.sharethrough.com/FGMrCMMc/v1?gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&redirectUri=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dsharethrough%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

54.255.134.76 Singapore, Singapore, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-255-134-76.ap-southeast-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=16000000; includeSubDomains; preload;

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=16000000; includeSubDomains; preload;
content-length: 0

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 193ms
192ms Fetch
image/x-icon 142.250.207.6
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.035824886388643784

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.207.6 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzsyda-ah-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Wed, 25 Mar 2026 00:57:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

POST
H2 200 483.json Show response
id5-sync.com/g/v2/ 1 KB
1 KB 775ms
774ms Fetch
application/json 162.19.138.117
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://id5-sync.com/g/v2/483.json

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

6799fae5c506aa9c9ae7be36d878a474b0650d2a6acd48c41c8fbf03e4daf8e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://paint.toys
p3p: CP="CAO PSA OUR"
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: application/json
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame E3C1 6 KB
7 KB 388ms
141ms Script
text/html 67.199.150.81
PubMatic

General

Check archive.org

Download Go to

Full URL

https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=57115023&p=158326&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.81 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

Resource Hash

97b4c1e3433cd028bc05d35e5106de99c0f512d926fc35d218b9dfd954ba8300

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

strict-transport-security: max-age=16070400; includeSubDomains
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: text/html; charset=UTF-8

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 249C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEErwF0n-bBqP_lB9aFAvA7k&google_cver=1

43 B
136 B

205ms
199ms

Image
image/gif

34.98.64.218
Google LLC

General

Check archive.org

Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEErwF0n-bBqP_lB9aFAvA7k&google_cver=1
Requested by: Host: playwire-d.openx.net
URL: https://playwire-d.openx.net/w/1.0/pd?cc=1
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://playwire-d.openx.net/

Response headers

cache-control: private, max-age=0, no-cache
pragma: no-cache
x-forwarded-for: 103.108.231.245
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/gif
vary: Accept

Redirect headers

cache-control: no-cache, must-revalidate
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEErwF0n-bBqP_lB9aFAvA7k&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 295
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H3 200 pixel
cm.g.doubleclick.net/ Frame 249C 170 B
188 B 196ms
196ms Image
image/png 142.250.183.34
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=Nzg4YzBlOWQtM2IwZS0yMDIzLWQ3YmEtNTgzYzc1MDAwNTRi

Requested by

Host: playwire-d.openx.net
URL: https://playwire-d.openx.net/w/1.0/pd?cc=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://playwire-d.openx.net/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 24 Mar 2026 00:57:32 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

GET
H2

200

sd
jp-u.openx.net/w/1.0/ Frame 249C
Redirect Chain

https://cr-p3.ladsp.com/cookiesender/3
https://cr-p3.ladsp.com/cookiesender/3?cr=true
https://jp-u.openx.net/w/1.0/sd?id=537072451&val=ARe7Eb7OA3p2ks8AKUSwzqoLec8AAAGdHVjR0w

43 B
97 B

216ms
209ms

Image
image/gif

34.98.64.218
Google LLC

General

Check archive.org

Download Go to Show image

Full URL: https://jp-u.openx.net/w/1.0/sd?id=537072451&val=ARe7Eb7OA3p2ks8AKUSwzqoLec8AAAGdHVjR0w
Requested by: Host: playwire-d.openx.net
URL: https://playwire-d.openx.net/w/1.0/pd?cc=1
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://playwire-d.openx.net/

Response headers

cache-control: private, max-age=0, no-cache
pragma: no-cache
x-forwarded-for: 103.108.231.245
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/gif
vary: Accept

Redirect headers

cache-control: no-cache
location: https://jp-u.openx.net/w/1.0/sd?id=537072451&val=ARe7Eb7OA3p2ks8AKUSwzqoLec8AAAGdHVjR0w
pragma: no-cache
via: 1.1 26131a3cde08b60652129237128292a2.cloudfront.net (CloudFront)
expires: -1
x-cache: Miss from cloudfront
content-length: 0
x-amz-cf-id: 5h7Nz-f1JGiMSGeN2bV_hE82I4FmQJiYNxjRHZcT6eu-uk1W5iwlOA==
date: Tue, 24 Mar 2026 00:57:33 GMT
x-amz-cf-pop: SYD3-P2

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 249C
Redirect Chain

https://match.adsrvr.org/track/cmf/openx?oxid=54e3dd57-f279-7e87-c25a-0285bfe2cb2b&gdpr=0
https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=OTdmMzlhN2MtNTk4Mi00MmMwLTg2ZDItNjQ5NzczYWNkZDc5&gdpr=0&gdpr_consent=&ttd_tdid=97f39a7c-5982-42c0-86d2-64977...
https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=97f39a7c-5982-42c0-86d2-649773acdd79&google_gid=CAESEDtUeSBgIgOm7yHzBCBrGec&google_cver=1
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=97f39a7c-5982-42c0-86d2-649773acdd79
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=3655796931204238726&ttd_tdid=97f39a7c-5982-42c0-86d2-649773acdd79
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=&expires=30

42 B
1 KB

190ms
141ms

Image
image/gif

69.173.158.64
Magnite

General

Check archive.org

Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=&expires=30
Requested by: Host: playwire-d.openx.net
URL: https://playwire-d.openx.net/w/1.0/pd?cc=1
Protocol: HTTP/1.1
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://playwire-d.openx.net/

Response headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: e2b6b837307e4a2cb84d126fbaf2cea2
Pragma: no-cache
content-length: 42
Content-Type: image/gif

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=&expires=30
content-length: 289
date: Tue, 24 Mar 2026 00:57:34 GMT
server: Kestrel

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 249C
Redirect Chain

https://ad.turn.com/r/cs?pid=9&gdpr=0
https://us-u.openx.net/w/1.0/sd?id=537073061&val=4063995112698938896&gdpr=0&gdpr_consent=&us_privacy=

43 B
97 B

312ms
312ms

Image
image/gif

34.98.64.218
Google LLC

General

Check archive.org

Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537073061&val=4063995112698938896&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: playwire-d.openx.net
URL: https://playwire-d.openx.net/w/1.0/pd?cc=1
Protocol: H2
Server: 34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://playwire-d.openx.net/

Response headers

cache-control: private, max-age=0, no-cache
pragma: no-cache
x-forwarded-for: 103.108.231.245
via: 1.1 google
expires: Mon, 26 Jul 1997 05:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
p3p: CP="CUR ADM OUR NOR STA NID"
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/gif
vary: Accept

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Location: https://us-u.openx.net/w/1.0/sd?id=537073061&val=4063995112698938896&gdpr=0&gdpr_consent=&us_privacy=
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Content-Length: 0
Date: Tue, 24 Mar 2026 00:57:33 GMT
Pragma: no-cache
Connection: keep-alive

GET
H/1.1 200
OK send
sync-dsp.ad-m.asia/dsp/api/sync/ Frame 249C 43 B
243 B 660ms
280ms Image
image/gif 220.150.223.50
BEKKOAME BEKKOAME...

General

Check archive.org

Download Go to Show image

Full URL: https://sync-dsp.ad-m.asia/dsp/api/sync/send?s=openx
Requested by: Host: playwire-d.openx.net
URL: https://playwire-d.openx.net/w/1.0/pd?cc=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 220.150.223.50 , Japan, ASN4686 (BEKKOAME BEKKOAME INTERNET INC., JP),
Reverse DNS: 50.223.150.220.in-addr.arpa
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://playwire-d.openx.net/

Response headers

Cache-Control: no-store,no-cache
Pragma: no-cache
Connection: close
expires: -1
Content-Length: 43
Date: Tue, 24 Mar 2026 00:57:33 GMT
Content-Type: image/gif
Server: nginx

GET
H2 200 px.gif Show response
ad-delivery.net/ 43 B
110 B 53ms
53ms Fetch
image/gif 172.66.148.140
Cloudflare

General

Check archive.org

Download Go to

Full URL: https://ad-delivery.net/px.gif?ch=2&e=0.7657661143967137
Requested by: Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.148.140 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

x-goog-metageneration: 5
access-control-expose-headers: *
x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow==
cf-cache-status: HIT
etag: "ad4b0f606e0f8465bc4c4c170b37e1a3"
age: 887630
x-goog-stored-content-encoding: identity
expires: Fri, 13 Mar 2026 19:10:47 GMT
x-goog-stored-content-length: 43
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: image/gif
last-modified: Wed, 05 May 2021 19:25:32 GMT
x-guploader-uploadid: ABgVH8-8d6tsHANUa2r84JrwjQITmm63V7aSPrfwA9n_jkotwDDYByg5ASpAwhKW45wurAfWr-QyLYc
cache-control: public, max-age=86400
x-goog-storage-class: MULTI_REGIONAL
cf-ray: 9e11b8ebeac77381-PER
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1620242732037093
content-length: 43
server: cloudflare

GET
H2 200 v1 Show response
lb.eu-1-id5-sync.com/lb/ 56 B
330 B 387ms
387ms Fetch
application/json 162.19.138.83
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://lb.eu-1-id5-sync.com/lb/v1

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.83 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31532338.ip-162-19-138.eu

Software

Resource Hash

aece7df7daa784b6485a804b1b689d9d7c08ac90f2693456a873cfc89468a04f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-origin: https://paint.toys
content-encoding: gzip
date: Tue, 24 Mar 2026 00:57:32 GMT
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20260323/r20110914/ Frame 6012 28 KB
10 KB 98ms
97ms Script
text/javascript 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20260323/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bkpdlq2Zl6VZlMWCu_aRvvxcYcaPbKJa80kxSJiK-4vGY-nlCQHqoivuy5dv2OmnKUonqJKGNJNQkBjKwfbBOZD0hYWbOybX_z-5rjHzmI9jJ_ft4CXrDX3A9XDzUCV9Fx6OcwZzpC2b9xKFuFK5scV__qVDoJyp8OUgm76TXVA6bgkZJFZBpa43XGmj9fgrHW9_9T2G1hkkmYXpx48Q7mHmmaJaxb-d2i3RGUKPAVLbKQM9tzHDEcs_prHQ7qqxypU9ZM_RQM3hTYsvbbOUMa_Vx-5vZptZW7kNNjzYZcLL6FkNk&cry=1&dbm_d=AKAmf-AbybIbSmhr4mm7LyYAms9W2Hof-g8JICAh_AcLOzgiyXo13HeE6Lu2kvhvJAmTUcAW4U1xHidI8J-70W7VXJyPvdhnjXTLudMQy7kMp8m4ltS_cG6WHX1axljFkGcYHJ06uewbbzkCLTVOWhTzdR6e3UlKDMClAtrhjbAk6JhX570M5rzfoyTIxkq9ASbIHKGaPQbriKvT2SSbXphG1GTXDoawUryJ7SsXM0mYVQKBn1XaRgvMQ5pl2lmOrQGdHrC8hUDhg3kwh-q1teaD9QBOLqhgNDyM9kBYjtWgNZ5ss4nNgaWJ8673qRSlXNOlxeR1zp94-kvH2X14VnMyzWHLejaaBQHJPD-8AMHJYm4MiK1tfaJzjLi7EGw6JZYbujn6wMevIkjUFULdUWvu173V3FnJlUuslhrSDEvYwp89greaXsOM_QU_pydEEqopKSzjExr4clF5DloMuWmPODUsdSW35YJVoGNA8rSUKZ5vyTosjLW-x6xBDwCKLo8fkaY2JKk8-_Bw912rNNL6N7N1aDg8_P3b9-55ISpEsAK_IhyPv9lGt6EBpN0452ExfR8hZO9x8k8es9wCSRnC3b0r4SyZapaqFaJ1YrkKiU_DzfydlooMM3KbuWmD0Cq47oSJT1X2SVaU1j1CKivhDUft3c2SIfZJ2DbIScf1Uwo5pEsMsDgcXEF4-2_ePtICGdpiZWBwN7BWqw0MXRR3m_MFV93ux2TzQP0E5ZU9YJxCl-vj_kv-OTJLZzyAWe6ldiFE_S_0wyQWqkPC21Xc6GHgeYlDtNrb8O3TGhWEbYFHIViBLJVmEOUgRt_6EaemAi7VnaAtScZWZapbkpATI4LASboFJB7niIfREpMN3CcuI18KQb7OIUqqwI3ykZPhiu3T_A1A9KZTX4oLJr2hQyV4iT0L_wNyiZ-eTmC9KW3sOUrpYjOC282r9OdmsZahz20Wvx9U6QzKkpdzjXVs8NjZ_ASUfYU-GmR6Yg8wEMNM0W0UNeht0KryzzCEOGHVeNp7TGdTuK8bM6vLE191L9YxnN57XgXpKb7vURI0UoHsvrgIxbaclpDbfmht7BL927pcvGY63GDidIPQF2w_D1GSVL-M6oCghMDJPfLKXZqOfD4HmT2KtYDV8jmDNQK_qFbxaaO3KS_g6STtmntcCRrRW8H70fUUk9uYqB10cNzGg6Jd9oxgc_t_pxA5WpQea0bDZeAcQ8qIUr7qGtr4VvT7FtgCT-RKKtcEvNVi0dlnf5DxSHyLZ2R1qh58AIgF97TwTrznZcPmNrnCfdzR21VjEXEWMz_L8O_fVTBVWE-hq4n2eCoYLZwdF0TTzO86ER4esbhyz390nBhhYenqOdZBe8Uf7rgeTKOwB-pXMdE78YeDx_pNatnj6xFaP2t9YLMfivmCYv5l4TZ-8cJ0WD1ky1hVt7Dch4QiJRQZ52kisSsPoUIbWKP1PkLFb3qBp5srGhWG1K71ml12lenvy4R9T333_4RUhfm8u6luaCiuz9EgPmMw8kBS7cZZyc-XAGo-GFSISM1ySZ9DZX9kfKFnI0D34SVXQsPqzuJBobl3EmCwpb7cqg2IL14bv-f3YhiLsg6e6ssvTOnvKfW4ETYcr8unoz0ii9YKVgeQHDrz_bhKNo52-0RwsKcmk3EDs1aIQdsPqEjhmdAmLxYplPDVLVzqcmD8MbzfsEkKvJ2foVe5I0PGJJQm-jC5JNqEBM46HJOoPXrgFtZ4oSUBCySg3x3uhISD7cAojTzckJIwBf8PpHx7cfyqM--9d0BbGbLdtRhcR1pubbVU6djKYp0kurxpBlsbOE74iknxY-HXFfFnUbqmupzv-yY5NqrD5nEEcZAKjTsGFeSp6ytBXgj4XMdGY06OUI_01WfrVIdl0dzKM7LTTLERQ-ls52XAwRQ3sF8NCA7Afs1CjMiqcOtq8H4j-VWHpyJoCoRCPVrpzHHy4ufsuqvYbDVFaQlAIUHGUYqB43QrzFuD4eQfmgGlKNcuyflb217SWwYSXuxnfevj8YIJMNulopGAMhaYw_6NTEpTEbKuibAOyCTA_9EPlxPp2btgYRLwwo8D3_csvALIRD--LblWMTth1FfEwpStejbKal-L2_RqsNl9TEMuAYRBMhg0dq3sFwYR6DpmkxI5A4O7WN7qh9GwuRIm0wvmm8bQ-d2wsvdoG3fO19wCsmi1YCIQvBoxLBWUGcg7UtH8BEGN_VcNhI3evqj3mVl27hjC30kUQtxYPZCqI0rhseKonMNBf_M878Q1PqoaXFIDWB-Uew2JKNHdgT3R2vjYThRMMpIJcDFAflSynV2RYUB0Nh77LxA3UQ2tU-_5S2eEZau0SMIhWx2wG-hesanDunpg2UGjs4iTzqmwsQ8cN4EkM4W0AsA5zmsLVC0UDu-gwJaLpbp3LvHY1DMVUxExyTh2VRO3Ut6pcwW2aj6cKDbrK1Pv7VP8Agxlvl0D1Te3MNu-0fsd2inK-3qaBQtztDq60yqq67nVqYLg2cwCqNhkKaC8Rlr8qu6heeCF-S1aIjKwYuQKxnG8AHMLknwpb6DLpBo2spQJvRRh2adWlPeTHmY5vrRC2FmPMtLN1ax9d5kKPNnxn84cJlzmMivLdK1-xAEqSmMkbfKUmfrhlDocn9puA5pEAK-bwarjW3Oh6h3P6Cl1ZyHoydTrpaP3XpoYDNk5rTX4KDMKV6_jHKh8G6Yru4UeiJiathB4iIXHeVqaR-aI8SBq-dEr9D812bY7PdzFZYOYH3sy-FhJjS5DG51-VEM0YZ5ysCAgrvBNgjVdygyA0ZELMxLoVMTLryEyKBdBIQ3f4rYjyYOIhey04bIL2dsYInDAb9UzJrrlE0RaL9evkH0rL37hgCHJT4fyB780jvycz_HdB5yIzVAIUAuUP7Bepm7vRMbFA36SiSoBP1w0ZbAQtCjC6qyxZ3JGgtFaRooj7LMGXc-Qa3eKEAKuwsFjjPk8mIMFxfDg2BdtFuJH2WRXtKnnE2hxoQ_CwBmcySmz6gwDO2j0GKO_7Wb-FnIJhx0Wzwk6jAsFK1wJ19HDqBr-l5CeHKHyWmvQNUM39dKvA9nOIxXiDN2xQ_eMUJiNNu0DU-d8B6MyaZv1gsJcwtJjhL17AEpMNujRtA0I8zNz-4A3neiem3H8PVb_SDlKIDD3p5bEhNZM--dIark2xYJ9LLWwkxE8HYrV7JMbYn-rxsguUrbN7AAw7v-NXCmt1I2x6siQk9gm9vgC1pP_j-t6WDvkWhFqrXE7vRu0QVv-A-HJzeIdOznEc0U5uiYajSU-C1vMG3Jif3ggHQU_b_Jzn_jN_YDS2Qcgb5RKt1G-YCgg1c6ntlBEyC4wa3Qi4lI2hXZbYQcixq10fep4-2WJIMP2ZqxxToQaL4MrOd_wfCrzqC1lMRsOMnb2EQNz3HDKCd8Awmvr0rNlQkpbHWjRrVdl8hbn8WZmQIVPjOy-jxdLO6knnufm68GyEtizv208nvlvjL9fG_3Em6RUo3AUOPwQGg_AoaxbaGK1Q9jCwjWCtBktpKUXHXYj7IkrNmvqrknFpMOzp6uivYJYCD_OY1H7ctz2kYbWV56ApqjzWY42mQaqyZfjVZZ18Z8gDiHfiiKD866QEC1-MjjV7MkcVqjtcfXOO9iOtixOVyjvEymKRlHXbGAS7sqELK1kUSJEYY5z-0olTcNpikc_zzC6Fqu7P3GbcVVA5oLTqjNHnfb_7lBi5Eh3CjzVUNHLp0JQt53hFKNJVl9rHS4RhqtBfSRYcvRGE5_l5WKdZKe4sqK58LTPG07-SG6Gii17qwcWNTZJ3jVMiOdCY1QyhAj0iNLxfP4e1a0hN64AX1TdljgH8QIqSJHiBIbJM3ZxBukNgSBGwlWPmKvexEPngIn2E9BR2j9qp_xn-ECArFPKXjlXiDWVkjTAZEuPo_ALNrftdprTvdN9rbV9dTS5b_bvWiTh4R9fAmFlDHoxbsxtebHEX3XL2oLl-pqDtampWLnDoC3-WyE4jQdAGrDVbpM0L9JZLRVx5xVlP8R_0x_SSEx_Api0D5x3qrYgSDsK1uZLssHosv-vK6DdJC1ze8RJye1RNXKM_tv2KTwHP4SC5PNGY6wQIpel-RXUjACEB6R9qAT-3HSZMETZqXUhRjjlGaPeRzEDtFODSTlIHBTv_ePdZYIVyTAiB1zf51Ghik8lt5Jej5kMsY5RztC2DctktQj7ugV3c4D5EVIkEhsViosQL1iIz9vE3brueUSmGTNXJfQW5DtklG1NPxBVevAgKYZRA3cT_8iVAUZ9iOEmWA7QMria1wGXpX7_EJ0Wm9ymiyAyMSb9CLek8YXILWKneKuBlN5LUaelNvKuu87TKbamOHCJthGc7sdxUORWMke3qLhEX5-i-EkbZvEJHYcefcTcCNEOZiSpjjm4uAxqKBVoMGi7u_hHexoQfTH6kDg2u7NpqnTGShHqRTVD021Frrrwq_8ZqSOU8zcUkiMqAb8gHZH9qe8Sp6u67ZqVj4_-Pp40bQM58DDe18C5xB4mSoEwdZMl_RktDtQ2lqEU5BMjNhoH8EUo_QPNViWg3z7F8g67BSAxO5unJwJRZ-y-Tv9IJT2R2mGiurPbTlCcDdScTN92JSwQKLPwUvoaOaZvJfO_quHj7C1hPj_aSb2hpiQ7K0XwhwC4HU6T2YC2NCxor6b3-mePsI8GuHd31wL7v3U0DrvekW0&pr=8%3A8A0B4360DFA2E531&cid=CAQS3gEABaugfcvcQEVisj4dXZRnK5WrcZkAku6HXMziAWv2oyd3Y25TXIbxhKtvGICe8JIaAktcmqFSCxzLVeL49DBnXLLtqH3rwfEokCmWwaQNtvvbLABYFviwG_ryNnNZ9xzcqFVyY0OKD351lOs0yAzzFbmsZvcdf9jDI7JxhJpJubUpoQSeXd5r0sd75CtTVOm2edeR-dw4lyhC9nGUG1k1DEhquSjgMTcwr-eQSGJ8zdUnpneKGHgmNGZRu1Lvqo7aFUJnGB-oidQJFz7lIJhwM6rPRYDDR0P3NL0nrU4YAQ&dv3_ver=m202602230101&nel=1&rfl=https%3A%2F%2Fpaint.toys%2F&ds=l&xdt=1&ct=77&iif=1&cor=8034683852766147584&adk=2053332817&idt=484&cac=0&dtd=47

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

5dd140f28631905de9c6d2b344823ebeb351fb28f0614097acd88af105d743af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

content-encoding: br
etag: 11003058156929656316
age: 42545
x-content-type-options: nosniff
expires: Mon, 06 Apr 2026 13:08:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Mon, 23 Mar 2026 13:08:27 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
cache-control: public, max-age=1209600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-length: 10645
x-xss-protection: 0
server: cafe

GET
H3 200 ufs_web_display.js Show response
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 6012 237 KB
73 KB 98ms
97ms Script
text/javascript 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

4d5dc25198f0f493ce8b221a2e559147962e73d4cfc747f05fb41638e4c7800d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

content-encoding: br
etag: 3719088209277678497
age: 1650
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 01:30:02 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date: Tue, 24 Mar 2026 00:30:02 GMT
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=ISO-8859-1
vary: Accept-Encoding
cache-control: public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-length: 74813
x-xss-protection: 0
server: cafe

GET
H2 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 6012 41 KB
14 KB 99ms
98ms Script
text/javascript 172.217.25.193
Google LLC

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.25.193 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

nrt12s13-in-f193.1e100.net

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

content-encoding: br
age: 1883
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options: nosniff
expires: Tue, 24 Mar 2026 01:16:09 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:26:09 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=3000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 13937
x-xss-protection: 0
server: sffe

GET
H/1.1 200
OK / Show response
servedby.flashtalking.com/imp/7/296969;10263025;201;jsappend;18330;10263025/ Frame 6012 5 KB
3 KB 377ms
182ms Script
text/javascript 23.46.10.245
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL

https://servedby.flashtalking.com/imp/7/296969;10263025;201;jsappend;18330;10263025/?bundle_id=&ft_partnerimpid=ABAjH0hNXwEgHnuMPZ-iGVw1rzj4&pub_id=8&ft_referrer=https%3A%2F%2Fpaint.toys%2Foil&ft_keyword=20988505181&site_url=https%3A%2F%2Fpaint.toys%2Foil&ft_section=20988505181&sup_platform=8&gdpr=&gdpr_consent=&us_privacy=%24%7BUS_PRIVACY%7D&ftRandom=a2ef5351fd&ftClick=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CAUFie-HBaam2E-3PjuMPmsnbgQGQ79LhgQGG3cGYmBX43JSYQxABILq-8BZgpYCAgKgBoAGL4oqgAcgBCagDAcgDmwSqBIQCT9B2s9YjnzL8-rerzSBRHIGqO8Z6vpnkz3B_RLDubL6jX-snkXksQp5aHuqCDFLbV9s82E2ch25ru-uqat3ZFOVuBqHLiPlwFT302tU9yDmIXKJW2iV7cl2QVkG6byVaVwEI5i0Ebyi6ttfCP3hIXcrXXn2H0UzOa_ao2NGUdbeN96yne4JA71enVO5hGuXZTSCt3ogEVDHI0FGAut24zdu8BvVn_NkA_fA-UD5AqnyMmZaUxvgzodladlmSPp9McLwlRkatMs6RlFi_G7myJJrYzsD8e26A4OPj3pfXoaVI665Kwjo0puxVhaw7tNKBr1mb0svPA5Rn0UxRmakAsMsG6T3ABKzT483hBOAEA4gF3diMmE6QBgGgBk2AB92d9d8CqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcA0gguCIBhEAEYXzIIioKAgICAgAg6DYBAgMCAgICAqIACqANIvf3BOlj-w8-WqreTA_IIH2JpZGRlci14YXBpOjE5MTI4ODp2bFdBWWtLX1lCd2uACgSYCwHICwGADAGqDQJBVfANAYgODrAT6fCwIdATANgTDdgUAdAVAcoWAgoA-BYBgBcBshcQGAIqCjg4NTM2OTY3NTFQBrIYCRICnWMYTSIBANAZAQ&ae=1&num=1&cid=CAQS3gEABaugfcvcQEVisj4dXZRnK5WrcZkAku6HXMziAWv2oyd3Y25TXIbxhKtvGICe8JIaAktcmqFSCxzLVeL49DBnXLLtqH3rwfEokCmWwaQNtvvbLABYFviwG_ryNnNZ9xzcqFVyY0OKD351lOs0yAzzFbmsZvcdf9jDI7JxhJpJubUpoQSeXd5r0sd75CtTVOm2edeR-dw4lyhC9nGUG1k1DEhquSjgMTcwr-eQSGJ8zdUnpneKGHgmNGZRu1Lvqo7aFUJnGB-oidQJFz7lIJhwM6rPRYDDR0P3NL0nrU4YAQ&sig=AOD64_1Wde_MfPBTVIe-TghrFvNhiJu3ew&client=ca-pub-6579838053286784&dbm_c=AKAmf-A8ODr_TeWBYYAATE58XixrNzFe9oI0uQrqoL8muTjvb5_fM-z9zUHFaZUbKRSOBvIrgSFuF49NJ1BK48n1qVjXZpuUIIE0tH4eXIjaB5CB-UNPDB_lXUqkjhYjgG_Mmz0N69wsEdWp6eXmPheX-CH9qrOdfDmK3oEVuZwpGV7JAjeSNrWnK09Z_BqBHP89viLX0JkWLTBHVGnfxPmqOo8Z1iTSV4WyA7xCxZzgef6p9sGmVGFM_qQHY4kTmTerlh3LDQ87TZl38iyc95-KjjvtpGGIxiSanZMnr196tWOo9ESIvK0&cry=1&dbm_d=AKAmf-Ctqm_1f3LpvufQUKS4m9QD84OgWnArytCoFmf99U-4KaZoWMhXaXNLVd7SfaQm1xp9UZiV9vBPk-8GdFE8bzWgAu1afFv8c3cEyGR-o5eO3LEGGW_NPDlUMlRNeZUYyM4730YiL0WrzM371MBKYiSvfKvtlRFEalaF_2F15Bu1UN1fPnIas4sMyvHf_cNRtzPeVa80rD8l03UUnFIpfgqZ9nAZsidWHBWg8Xc41Okb76LXMfRMg7RS0F3zWYWJzynASMohXxWDcLv1A-ZcX-xNChNnNlicH1tN7w-8RR_ZD4XyRfQa7I3udNGRD8p4OXUQoGw8QsBxLr582F-mBUpuwTPIFFStjoyFO21HiKKq4Z7V37leO6JPpj9myXfS0msU-BizyYuEs-grr-EkaxIgl3xnZsjfJxUGsOBX8VTz6kmEcvr6X8vDfVKQQdDiAN5hWMzW5dIN7mNjM98jYevywECDa1ejSbexBOjfYno1lbwksyhNFvqACMpwS9RD9_rRrJ5HC2k3AhL-Pb550GIuGw_jhXoN3edVIdfVAYZkJjapdjHz_mFEscP1kZtB6xjTY1gMT94guz-KSA6cLBrVB0od7iRbYwL5FcDEj0U0O77yOMshOf1gDrP__4YSKFNMbb1A4ZZ5q-2zRZi4j4J5XLSNxRGenTr3hV5mB7DYCEBfh9IvyPxoxRbAgyt1OTgaqJi-&adurl=&ft_agentEnv=0&ftOBA=1&cachebuster=a2ef5351fd

Requested by

Host: cdn.flashtalking.com
URL: https://cdn.flashtalking.com/armada/tags/placement-ft-inserts/10263025-ftInsert.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.46.10.245 Sydney, Australia, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

a23-46-10-245.deploy.static.akamaitechnologies.com

Software

prod-xre-app4.syd11 /

Resource Hash

1e8707fb5fab6d47dc2483b288ee387e2f0f15160051b8f55f4aa669cef81349

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

Strict-Transport-Security: max-age=86400
Cache-Control: max-age=0, no-cache, no-store
Content-Encoding: gzip
Pragma: no-cache
Connection: keep-alive
Expires: Tue, 24 Mar 2026 00:57:33 GMT
Content-Length: 2867
Allow-Fenced-Frame-Automatic-Beacons: true
Date: Tue, 24 Mar 2026 00:57:33 GMT
Content-Type: text/javascript;charset=iso-8859-1
Vary: Accept-Encoding
Server: prod-xre-app4.syd11

GET
H2 200 usync.html Show response
eus.rubiconproject.com/ Frame 5AD1 269 B
379 B 93ms
93ms Document
text/html 184.31.253.153
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?&geo=as&co=au
Requested by: Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.253.153 Sydney, Australia, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a184-31-253-153.deploy.static.akamaitechnologies.com
Software: Apache/2.4.65 (Debian) /
Resource Hash: e4df52d49c57bc3e7158cb052cc05c60f1258c24de5c5728dac5d43272943ad9

Request headers

Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
content-encoding: gzip
content-length: 224
content-type: text/html
date: Tue, 24 Mar 2026 00:57:32 GMT
etag: "10d-63d602600b800-gzip"
last-modified: Wed, 27 Aug 2025 22:17:04 GMT
server: Apache/2.4.65 (Debian)
vary: Accept-Encoding

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame EF32 1 KB
837 B 97ms
97ms Document
text/html 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

bea1c5ab168f662fc9eb5bda3474e5b1bbd0d3ecc1d9c68e2a753f613c2ae0c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

age: 3771
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 812
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 23 Mar 2026 23:54:41 GMT
etag: 9725182468138058862
expires: Tue, 24 Mar 2026 23:54:41 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 6012 211 B
0 Image
image/png

General

Check archive.org

Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b911ffb39a050dd884be456f36275d8bd7e9894a06acaf1d4fd4f03b132c9bb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6012 0
0 383ms
191ms Fetch
image/gif 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-start2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6012 0
0 374ms
190ms Fetch
image/gif 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6012 0
0 555ms
190ms Fetch
image/gif 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=colleague-executed&name=4

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6012 0
0 332ms
192ms Fetch
image/gif 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6012 0
0 523ms
191ms Fetch
image/gif 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EF32
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEMsmIz4m1d53G9QrTpNTcf8&google_cver=1&google_push=AXcoOmR0zgqhvGjaLSMRl4U-p4zQ5Qk4I6DuR85ztN-IcTAjgdjkBRZInU8LfHbUiE-vM75qv1FRJ...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmR0zgqhvGjaLSMRl4U-p4zQ5Qk4I6DuR85ztN-IcTAjgdjkBRZInU8LfHbUiE-vM75qv1FRJ8RbANpUn_EdxUTNsOP09usl

170 B
188 B

193ms
193ms

Image
image/png

142.250.183.34
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmR0zgqhvGjaLSMRl4U-p4zQ5Qk4I6DuR85ztN-IcTAjgdjkBRZInU8LfHbUiE-vM75qv1FRJ8RbANpUn_EdxUTNsOP09usl

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmR0zgqhvGjaLSMRl4U-p4zQ5Qk4I6DuR85ztN-IcTAjgdjkBRZInU8LfHbUiE-vM75qv1FRJ8RbANpUn_EdxUTNsOP09usl
x-msedge-ref: Ref A: 5303649210B24EB681C7A22F69706D13 Ref B: PER201000404062 Ref C: 2026-03-24T00:57:33Z
x-li-fabric: prod-ltx1
x-li-uuid: AAZNuqLw7K6G5YpsJIpS0A==
x-li-proto: http/2
alt-svc: h3=":443"; ma=86400
x-cache: CONFIG_NOCACHE
content-length: 0
date: Tue, 24 Mar 2026 00:57:32 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EF32
Redirect Chain

https://mweb.ck.inmobi.com/sync/3?redirect=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dinmobi_pte_limited%26google_hm%3D%24DSP_CKID&google_gid=CAESEMscr7V4mJ6Db1nAGtdpmGE&google_cver=...
https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=MzlkODU4MjQtYjI5MC00YWVmLWJmZDEtZWVkZjc1Zjc0ZmFl&google_gid=CAESEMscr7V4mJ6Db1nAGtdpmGE&google_cver=1&google_push=AXcoOmTB...

170 B
188 B

196ms
196ms

Image
image/png

142.250.183.34
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=MzlkODU4MjQtYjI5MC00YWVmLWJmZDEtZWVkZjc1Zjc0ZmFl&google_gid=CAESEMscr7V4mJ6Db1nAGtdpmGE&google_cver=1&google_push=AXcoOmTBo_qydi6uDxkjCSggYZ0ttlabcm-EbvC_URse3RVxBCaQ_4RAVmrS8SMGQL1hkYYd0aeGuDLbY3gIOoA-OQq83F_QSfV5Bg

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 24 Mar 2026 00:57:34 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://cm.g.doubleclick.net/pixel?google_nid=inmobi_pte_limited&google_hm=MzlkODU4MjQtYjI5MC00YWVmLWJmZDEtZWVkZjc1Zjc0ZmFl&google_gid=CAESEMscr7V4mJ6Db1nAGtdpmGE&google_cver=1&google_push=AXcoOmTBo_qydi6uDxkjCSggYZ0ttlabcm-EbvC_URse3RVxBCaQ_4RAVmrS8SMGQL1hkYYd0aeGuDLbY3gIOoA-OQq83F_QSfV5Bg
content-length: 0
date: Tue, 24 Mar 2026 00:57:34 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EF32
Redirect Chain

https://match.prod.bidr.io/cookie-sync/adx?google_gid=CAESEN_w1x1E-yNUr8gagkEEXTM&google_cver=1&google_push=AXcoOmQ0nof2JpvaXnAmb1YhTrsX2bly_cGpBeoQ5lWSt2wHME1tilaXMJ8G-NXzcuWdeEodm5NOz2NeA4g4lHU6k...
https://match.prod.bidr.io/cookie-sync/adx?google_gid=CAESEN_w1x1E-yNUr8gagkEEXTM&google_cver=1&google_push=AXcoOmQ0nof2JpvaXnAmb1YhTrsX2bly_cGpBeoQ5lWSt2wHME1tilaXMJ8G-NXzcuWdeEodm5NOz2NeA4g4lHU6k...
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGOVVFN1RnOE1BQUFCaGVCYXgzQQ&google_push=AXcoOmQ0nof2JpvaXnAmb1YhTrsX2bly_cGpBeoQ5lWSt2wHME1tilaXMJ8G-NXzcuWdeEodm5NOz...

170 B
188 B

207ms
207ms

Image
image/png

142.250.183.34
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGOVVFN1RnOE1BQUFCaGVCYXgzQQ&google_push=AXcoOmQ0nof2JpvaXnAmb1YhTrsX2bly_cGpBeoQ5lWSt2wHME1tilaXMJ8G-NXzcuWdeEodm5NOz2NeA4g4lHU6kNRwlUdOuyjfZQ&bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

strict-transport-security: max-age=2592000; includeSubDomains
location: https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGOVVFN1RnOE1BQUFCaGVCYXgzQQ&google_push=AXcoOmQ0nof2JpvaXnAmb1YhTrsX2bly_cGpBeoQ5lWSt2wHME1tilaXMJ8G-NXzcuWdeEodm5NOz2NeA4g4lHU6kNRwlUdOuyjfZQ&bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
server: gunicorn

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EF32
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESELfPBhV3QbehqhIhA6K4Pls&google_cver=1&google_push=AXcoOmT1J0hdpqivgAGF5ARaI_sgfllLbyMx9yIoee92VWL-_tHR0tQkCcwfvHbAMyWtYhZQQLeWd3SZc-40yD3...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=35EQdmtSVxh17Walk1vmlmds5_U&google_push=AXcoOmT1J0hdpqivgAGF5ARaI_sgfllLbyMx9yIoee92VWL-_tHR0tQkCcwfvHbAMyWtYhZQQLeWd3SZc-40yD...

170 B
188 B

196ms
195ms

Image
image/png

142.250.183.34
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=35EQdmtSVxh17Walk1vmlmds5_U&google_push=AXcoOmT1J0hdpqivgAGF5ARaI_sgfllLbyMx9yIoee92VWL-_tHR0tQkCcwfvHbAMyWtYhZQQLeWd3SZc-40yD3ORW6YixyLqE3W

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=35EQdmtSVxh17Walk1vmlmds5_U&google_push=AXcoOmT1J0hdpqivgAGF5ARaI_sgfllLbyMx9yIoee92VWL-_tHR0tQkCcwfvHbAMyWtYhZQQLeWd3SZc-40yD3ORW6YixyLqE3W
Content-Length: 242
Date: Tue, 24 Mar 2026 00:57:33 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EF32
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEFOIV21NHhojPBH7Sz2qb3U&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFOIV21NHhojPBH7Sz2qb3U&google_hm=acHhfIsFVogAOMpRAK_AqgAAFM4AAAAB&google_nid=index&google_push=AXcoOmRe_UVCV7seG1TOnINCgGnsjS32tUX58...

170 B
188 B

197ms
197ms

Image
image/png

142.250.183.34
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFOIV21NHhojPBH7Sz2qb3U&google_hm=acHhfIsFVogAOMpRAK_AqgAAFM4AAAAB&google_nid=index&google_push=AXcoOmRe_UVCV7seG1TOnINCgGnsjS32tUX58gkkPN5HQut1J7_3h4EAVg4cCiwwGIKM7BYhfvsyqNfrTq-mOvRw8czv_kku3hnS

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

cache-control: no-cache
location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEFOIV21NHhojPBH7Sz2qb3U&google_hm=acHhfIsFVogAOMpRAK_AqgAAFM4AAAAB&google_nid=index&google_push=AXcoOmRe_UVCV7seG1TOnINCgGnsjS32tUX58gkkPN5HQut1J7_3h4EAVg4cCiwwGIKM7BYhfvsyqNfrTq-mOvRw8czv_kku3hnS
cf-cache-status: DYNAMIC
pragma: no-cache
nel: {"report_to":"cf-nel","success_fraction":0.01,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=F9FH6EHynyICsAYz043kcn9s84DH8lov9QLV7rgl4Yz65ZbszwhGBw8OvmsUbZEToszT5Zs3%2Bs7y2lScAb9bCVqTVfdNY7D0YaKymk9vpcuSh94viw%3D%3D"}]}
cf-ray: 9e11b8edf9bd2d51-PER
expires: 0
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
date: Tue, 24 Mar 2026 00:57:33 GMT
server: cloudflare
priority: u=3,i

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EF32
Redirect Chain

https://cs.media.net/cksync?type=g&google_gid=CAESEN6uCCPcAMftYm4Ye0Z6QHY&google_cver=1&google_push=AXcoOmT-xnakHWUhtLtNkrwWvfAdtVOR16tQV9d7JV1COa7ZPOimLDpKmXIrXubPbCkpsy7mxFF5IT6VJvfDL_tljSlQf9dgU...
https://cm.g.doubleclick.net/pixel?google_hm=NDE3MzE1NDUzNTI3NTg4MDAwMFYxMA%3D%3D&google_nid=media&google_push=AXcoOmT-xnakHWUhtLtNkrwWvfAdtVOR16tQV9d7JV1COa7ZPOimLDpKmXIrXubPbCkpsy7mxFF5IT6VJvfDL_...

170 B
188 B

276ms
275ms

Image
image/png

142.250.183.34
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_hm=NDE3MzE1NDUzNTI3NTg4MDAwMFYxMA%3D%3D&google_nid=media&google_push=AXcoOmT-xnakHWUhtLtNkrwWvfAdtVOR16tQV9d7JV1COa7ZPOimLDpKmXIrXubPbCkpsy7mxFF5IT6VJvfDL_tljSlQf9dgUfzOrQ&google_sc=1&mn_hm=NDE3MzE1NDUzNTI3NTg4MDAwMFYxMA%3D%3D&gdpr=&gdpr_consent=

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_hm=NDE3MzE1NDUzNTI3NTg4MDAwMFYxMA%3D%3D&google_nid=media&google_push=AXcoOmT-xnakHWUhtLtNkrwWvfAdtVOR16tQV9d7JV1COa7ZPOimLDpKmXIrXubPbCkpsy7mxFF5IT6VJvfDL_tljSlQf9dgUfzOrQ&google_sc=1&mn_hm=NDE3MzE1NDUzNTI3NTg4MDAwMFYxMA%3D%3D&gdpr=&gdpr_consent=
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
content-length: 378
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame EF32
Redirect Chain

https://s.seedtag.com/cs/cookiesync/google?google_gid=CAESEKiWewAQ6L85Z9BCEuX2nU4&google_cver=1&google_push=AXcoOmSCv_U-flt2s_l5wsf9Aa-WuIThYCGXyg7jy4yx1mZSsUXXoYe8bIBN7aBZQ-uhjl0TluZFjN8vNeXOnPoLv...
https://cm.g.doubleclick.net/pixel?google_nid=seedtag_beachfront&google_hm=019d1d58-d10e-77d4-9c99-e2737774aab6&google_push=AXcoOmSCv_U-flt2s_l5wsf9Aa-WuIThYCGXyg7jy4yx1mZSsUXXoYe8bIBN7aBZQ-uhjl0Tl...

170 B
188 B

195ms
195ms

Image
image/png

142.250.183.34
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=seedtag_beachfront&google_hm=019d1d58-d10e-77d4-9c99-e2737774aab6&google_push=AXcoOmSCv_U-flt2s_l5wsf9Aa-WuIThYCGXyg7jy4yx1mZSsUXXoYe8bIBN7aBZQ-uhjl0TluZFjN8vNeXOnPoLvMXIREnc4VuPxw

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=seedtag_beachfront&google_hm=019d1d58-d10e-77d4-9c99-e2737774aab6&google_push=AXcoOmSCv_U-flt2s_l5wsf9Aa-WuIThYCGXyg7jy4yx1mZSsUXXoYe8bIBN7aBZQ-uhjl0TluZFjN8vNeXOnPoLvMXIREnc4VuPxw
cf-cache-status: DYNAMIC
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS, DELETE, PUT, HEAD
via: 1.1 google
cf-ray: 9e11b8ee4e1ec742-PER
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 248
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: text/plain; charset=utf-8
vary: Accept
server: cloudflare
priority: u=3,i
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame EF32 0
12 B 194ms
194ms Image
text/html 142.250.183.34
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KkE_c1WbVy0xhSax-puzI8jy3JPhuEAAGKrBYegvS-J89u4M6Hjp_a9TzxG8g_kuGk6J5qmA

Requested by

Host: 3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com
URL: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/safeframe/1-0-45/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://pagead2.googlesyndication.com/

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: text/html
server: HTTP server (unknown)

GET
H2 200 usync.js Show response
eus.rubiconproject.com/ Frame 5AD1 45 KB
0 1ms
1ms Script
text/html 184.31.253.153
Akamai Technologies

General

Check archive.org

Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?&geo=as&co=au
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.31.253.153 Sydney, Australia, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a184-31-253-153.deploy.static.akamaitechnologies.com
Software: Apache/2.4.65 (Debian) / PHP/8.3.24
Resource Hash: 54bad2ce1afbc76d3145cc534472fa4cbf628cb5309b8a896e58605cd6d8464b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/usync.html?&geo=as&co=au

Response headers

cache-control: max-age=39940
content-encoding: gzip
expires: Tue, 24 Mar 2026 12:03:12 GMT
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
content-length: 11509
date: Tue, 24 Mar 2026 00:57:32 GMT
last-modified: Mon, 23 Mar 2026 12:03:12 GMT
x-powered-by: PHP/8.3.24
server: Apache/2.4.65 (Debian)
content-type: text/html;charset=UTF-8
vary: Accept-Encoding

GET
H2 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 6E08 38 KB
13 KB 129ms
129ms Document
text/html 172.217.25.193
Google LLC

General

Check archive.org

Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.25.193 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

nrt12s13-in-f193.1e100.net

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 1884
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 24 Mar 2026 00:26:09 GMT
expires: Tue, 24 Mar 2026 01:16:09 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6012 0
0 413ms
190ms Fetch
image/gif 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=fle-fetch-start2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 8D2C 7 B
1 KB 144ms
144ms XHR
application/json 69.173.158.64
Magnite

General

Check archive.org

Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software: /
Resource Hash: a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
access-control-allow-credentials: true
Expires: 0
access-control-allow-origin: https://eus.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 548ddf114c6f6bfbb66a4cdeb6a219f4
content-length: 7
content-type: application/json; charset=UTF-8

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 9B80 7 B
1 KB 288ms
142ms XHR
application/json 69.173.158.64
Magnite

General

Check archive.org

Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software: /
Resource Hash: a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
access-control-allow-credentials: true
Expires: 0
access-control-allow-origin: https://eus.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 808ed95536e7f55d8adbcb9fc76d309d
content-length: 7
content-type: application/json; charset=UTF-8

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame AF35 7 B
1 KB 432ms
141ms XHR
application/json 69.173.158.64
Magnite

General

Check archive.org

Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software: /
Resource Hash: a1dd48c657971696c2087f2a6beb489ee65b25320b763222f10718dd93e9149e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
access-control-allow-credentials: true
Expires: 0
access-control-allow-origin: https://eus.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: da1c8a4a3f9301c03fbeb7a6212a0a54
content-length: 7
content-type: application/json; charset=UTF-8

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame D328
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gdpr=0&gdpr_consent=

35 B
591 B

246ms
246ms

Document
image/gif

185.84.60.23
ADFORM Adform A/S

General

Check archive.org

Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

185.84.60.23 , Denmark, ASN198622 (ADFORM Adform A/S, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-type: image/gif
date: Tue, 24 Mar 2026 00:57:33 GMT
expires: -1
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
expires: -1
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gdpr=0&gdpr_consent=
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 pubmatic Show response
um.simpli.fi/ Frame 8EA9 43 B
409 B 133ms
132ms Document
image/gif 34.142.217.223
Google LLC

General

Check archive.org

Download Go to

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.142.217.223 Singapore, Singapore, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),

Reverse DNS

223.217.142.34.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-length: 43
content-type: image/gif
date: Tue, 24 Mar 2026 00:57:33 GMT
expires: Mon, 23 Mar 2026 00:57:33 GMT
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 3E77
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA%3D%3D%26piggybackCookie%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b32b69c1-e17c-4c00-823c-e54643bf3f3f&gdpr=0&gdpr_consent=

42 B
211 B

256ms
183ms

Document
image/gif

67.199.150.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b32b69c1-e17c-4c00-823c-e54643bf3f3f&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache,no-store,must-revalidate
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Cross-Origin-Resource-Policy: cross-origin
Date: Tue, 24 Mar 2026 00:57:33 GMT
Keep-Alive: timeout=360
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Referrer-Policy: strict-origin
Server: MT3 2373 98ac4b7 master ord ord-pixel-x13 config_version:"1131"
Strict-Transport-Security: 31536000
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: all
X-XSS-Protection: 0
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD0xMjk2MDA==&piggybackCookie=uid:b32b69c1-e17c-4c00-823c-e54643bf3f3f&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 1F91
Redirect Chain

https://ups.analytics.yahoo.com/ups/58917/cms?uid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gpp=&gpp_sid=&us_privacy=&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNjQmdGw9NDMyMDA=&piggybackCookie=y-stekv19E2oAfU7pHSmhbYqfMyBPyjQqbqmdJeiI-~A&gdpr=0

42 B
356 B

305ms
140ms

Document
image/gif

67.199.150.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNjQmdGw9NDMyMDA=&piggybackCookie=y-stekv19E2oAfU7pHSmhbYqfMyBPyjQqbqmdJeiI-~A&gdpr=0

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

age: 0
content-length: 0
content-type: text/html
date: Tue, 24 Mar 2026 00:57:33 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNjQmdGw9NDMyMDA=&piggybackCookie=y-stekv19E2oAfU7pHSmhbYqfMyBPyjQqbqmdJeiI-~A&gdpr=0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
referrer-policy: no-referrer-when-downgrade
server: ATS
strict-transport-security: max-age=31536000
x-content-type-options: nosniff

GET
H2

200

SPug Show response
image4.pubmatic.com/AdServer/ Frame 979E
Redirect Chain

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=DC6DF086-7BB9-400E-B7B9-740D658571B8&redir=true&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-7MJSYTVE2uX5mV4qJFruptvGrNAOHYg-~A&gdpr=0&us_privacy=

0
49 B

97ms
96ms

Document
text/plain

207.65.33.76
PubMatic

General

Check archive.org

Download Go to

Full URL

https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-7MJSYTVE2uX5mV4qJFruptvGrNAOHYg-~A&gdpr=0&us_privacy=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

207.65.33.76 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

age: 0
content-length: 0
content-type: text/html
date: Tue, 24 Mar 2026 00:57:33 GMT
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-7MJSYTVE2uX5mV4qJFruptvGrNAOHYg-~A&gdpr=0&us_privacy=
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
referrer-policy: no-referrer-when-downgrade
server: ATS
strict-transport-security: max-age=31536000
x-content-type-options: nosniff

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame D02B
Redirect Chain

https://ups.analytics.yahoo.com/ups/58917/cms?uid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gpp=&gpp_sid=&us_privacy=&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNjQmdGw9NDMyMDA=&piggybackCookie=y-stekv19E2oAfU7pHSmhbYqfMyBPyjQqbqmdJeiI-~A&gdpr=0

42 B
98 B

167ms
126ms

Document
image/gif

67.199.150.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNjQmdGw9NDMyMDA=&piggybackCookie=y-stekv19E2oAfU7pHSmhbYqfMyBPyjQqbqmdJeiI-~A&gdpr=0

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

age: 0
content-length: 0
content-type: text/html
date: Tue, 24 Mar 2026 00:57:33 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNjQmdGw9NDMyMDA=&piggybackCookie=y-stekv19E2oAfU7pHSmhbYqfMyBPyjQqbqmdJeiI-~A&gdpr=0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
referrer-policy: no-referrer-when-downgrade
server: ATS
strict-transport-security: max-age=31536000
x-content-type-options: nosniff

GET
H2 200 pixel-pubmatic Show response
www.temu.com/api/adx/cm/ Frame EE80 0
236 B 316ms
314ms Document
text/plain 151.101.130.58
Fastly

General

Check archive.org

Download Go to

Full URL

https://www.temu.com/api/adx/cm/pixel-pubmatic?id=DC6DF086-7BB9-400E-B7B9-740D658571B8&gdpr=0&gdpr_consent=&us_privacy=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.130.58 , United States, ASN54113 (FASTLY - Fastly, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

accept-ranges: none
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cip: 103.108.231.245
content-encoding: br
content-security-policy-report-only: default-src 'none';script-src 'report-sample';report-uri /api/sec-csp/110000007/sec-gif
date: Tue, 24 Mar 2026 00:57:33 GMT
server: nginx
strict-transport-security: max-age=31536000
vary: accept-encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-gateway-request-id: 1774313853333-5b94a653c27935b152d08a019d1d58d195-30
x-served-by: cache-per-ypph1920035-PER
x-timer: S1774313853.199601,VS0,VE267
yak-timeinfo: 1774313853333|4

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 9E16
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9200000678844645331&gdpr=0&gdpr_consent=&us_privacy=

1 B
243 B

139ms
138ms

Document
text/html

207.65.33.82
PubMatic

General

Check archive.org

Download Go to

Full URL

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9200000678844645331&gdpr=0&gdpr_consent=&us_privacy=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

207.65.33.82 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Date: Tue, 24 Mar 2026 00:57:33 GMT
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=9200000678844645331&gdpr=0&gdpr_consent=&us_privacy=
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: no-cache

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 5AF6
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy=&us_privacy=&gpp=&gpp_sid=
https://pool.liftdsp.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent=
https://pool.liftdsp.com/ul_cb/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic&bsw_custom_parameter=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent=
https://x.bidswitch.net/sync?dsp_id=23&expires=14&user_id=2135eb1c-c98b-48b2-80a5-b4c47c6d3c22&user_group=1&ssp=pubmatic&bsw_param=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=

1 B
222 B

95ms
95ms

Document
text/html

67.199.150.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 1
content-type: text/html; charset=utf-8
date: Tue, 24 Mar 2026 00:57:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Tue, 24 Mar 2026 00:57:34 GMT
location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=af83d098-46e0-4192-95f2-f2da33b7063b&gdpr=0&gdpr_consent=&gdpr_pd=&us_privacy=
via: 1.1 google

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 7496
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=35EQdmtSVxh17Walk1vmlmds5_U&gdpr=0&gdpr_consent=

42 B
296 B

135ms
134ms

Document
image/gif

67.199.150.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=35EQdmtSVxh17Walk1vmlmds5_U&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

Connection: keep-alive
Content-Length: 188
Content-Type: text/html; charset=utf-8
Date: Tue, 24 Mar 2026 00:57:33 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=35EQdmtSVxh17Walk1vmlmds5_U&gdpr=0&gdpr_consent=

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 9BF8
Redirect Chain

https://creativecdn.com/cm-notify?pi=pubmatic&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNTQmdGw9NDMyMDA%3D&piggybackCookie=r5un3n8FevsvPj7mwWcAhmCbp4iS_GCRl-f4TJnKHUY&pi=pubmatic&gdpr=0&gdpr_consent=&us_privacy=&g...

42 B
349 B

197ms
184ms

Document
image/gif

67.199.150.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNTQmdGw9NDMyMDA%3D&piggybackCookie=r5un3n8FevsvPj7mwWcAhmCbp4iS_GCRl-f4TJnKHUY&pi=pubmatic&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNTQmdGw9NDMyMDA%3D&piggybackCookie=r5un3n8FevsvPj7mwWcAhmCbp4iS_GCRl-f4TJnKHUY&pi=pubmatic&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
pragma: no-cache
vary: Accept-Encoding

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 0EDB
Redirect Chain

https://t.adx.opera.com/pub/sync?pubid=pub8730968190912&gdpr=0&gdpr_consent=
https://www.temu.com/api/adx/cm/pixel-opera?adx_uid=70749415dd06aadc&gdpr=0&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Ft.oa.opera.com%2Fsync%3Fvendor%3D60369%26pubid%3Dpub8730968190912%26gdpr%3D...
https://t.oa.opera.com/sync?vendor=60369&pubid=pub8730968190912&gdpr=0&consent=&us_privacy=&custom_data=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU6abf14ce3cd64bf5b11b8697c52556d1&gpdr=0&gdpr_consent=

42 B
396 B

143ms
143ms

Document
image/gif

207.65.33.82
PubMatic

General

Check archive.org

Download Go to

Full URL

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU6abf14ce3cd64bf5b11b8697c52556d1&gpdr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

207.65.33.82 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:35 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 195
Content-Type: text/html; charset=utf-8
Date: Tue, 24 Mar 2026 00:57:35 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0ODkmdGw9NDMyMDA=&piggybackCookie=OPU6abf14ce3cd64bf5b11b8697c52556d1&gpdr=0&gdpr_consent=
Pragma: no-cache

GET
H2

200

b9pj45k4 Show response
sync-tm.everesttech.net/ct/upi/pid/ Frame A2EE
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=0&gdpr_con...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=0&gdpr_...

85 B
171 B

47ms
47ms

Document
image/png

151.101.194.49
Fastly

General

Check archive.org

Download Go to

Full URL: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=0&gdpr_consent=&_test=acHhfQAFu8y20gAn
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.49 , United States, ASN54113 (FASTLY - Fastly, Inc., US),
Reverse DNS
Software: Jetty(9.4.35.v20201120) /
Resource Hash: acccc501aa6afa3cfac15e8ddccf1561deed2ed08c2f7d652abbdbe9aa71609a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 1238
cache-control: no-cache
content-length: 85
content-type: image/png
date: Tue, 24 Mar 2026 00:57:33 GMT
pragma: no-cache
server: Jetty(9.4.35.v20201120)
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 1897
x-robots-tag: noindex
x-served-by: cache-per-ypph1920035-PER
x-timer: S1774313854.640306,VS0,VE0

Redirect headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: no-cache
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
location: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=0&gdpr_consent=&_test=acHhfQAFu8y20gAn
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
pragma: no-cache
server: Jetty(9.4.35.v20201120)
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-robots-tag: noindex
x-served-by: cache-per-ypph1920035-PER
x-timer: S1774313853.355954,VS0,VE237

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame A274
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&__qcmcs=1
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=uaPxzeqrpZiirfeZ7Pi_nu6uqp6i_qrO66NBygrs

42 B
337 B

95ms
95ms

Document
image/gif

207.65.33.82
PubMatic

General

Check archive.org

Download Go to

Full URL

https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=uaPxzeqrpZiirfeZ7Pi_nu6uqp6i_qrO66NBygrs

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

207.65.33.82 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-store, proxy-revalidate
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
location: https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=uaPxzeqrpZiirfeZ7Pi_nu6uqp6i_qrO66NBygrs
strict-transport-security: max-age=86400

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame C512
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3655796931204238726&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=

42 B
475 B

330ms
137ms

Document
image/gif

67.199.150.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3655796931204238726&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
access-control-allow-origin: *
an-x-request-uuid: ddfb66bb-ddb9-489f-b165-e4aefbd86fd8
cache-control: no-store, no-cache, private
content-length: 0
content-type: text/html; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
expires: Sat, 15 Nov 2008 16:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=3655796931204238726&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma: no-cache
server: nginx/1.25.5
x-proxy-origin: 103.108.231.245; 103.108.231.245; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; *.adnxs.com
x-xss-protection: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 6355
Redirect Chain

https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
https://pubmatic-match.dotomi.com/match/bounce/current?DotomiTest=53c05d70562321dc&is_secure=true&networkId=17100&version=1&nuid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gdpr=0&gdpr_consent=&us_privacy...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AQANPdEyx4jdawI5SCveAQEBAQEBAQCcHFnQ8gEBAJwcWdDy&expiration=1774400253&nuid=DC6DF086-7BB9-40...

42 B
370 B

96ms
95ms

Document
image/gif

67.199.150.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AQANPdEyx4jdawI5SCveAQEBAQEBAQCcHFnQ8gEBAJwcWdDy&expiration=1774400253&nuid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gpp_sid=&gpp=&is_secure=true&us_privacy=&gdpr_consent=&gdpr=0

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

cache-control: no-cache, private, max-age=0, no-store
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
expires: 0
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ2MSZ0bD0xMDA4MA==&piggybackCookie=AQANPdEyx4jdawI5SCveAQEBAQEBAQCcHFnQ8gEBAJwcWdDy&expiration=1774400253&nuid=DC6DF086-7BB9-400E-B7B9-740D658571B8&gpp_sid=&gpp=&is_secure=true&us_privacy=&gdpr_consent=&gdpr=0
pragma: no-cache
server: nginx

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 922E
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&gpp=&gpp_sid=&piggybackCookie=7017700947177846861

42 B
267 B

94ms
94ms

Document
image/gif

67.199.150.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&gpp=&gpp_sid=&piggybackCookie=7017700947177846861

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
expires: -1
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&gpp=&gpp_sid=&piggybackCookie=7017700947177846861
pragma: no-cache
server: nginx
strict-transport-security: max-age=31536000; includeSubDomains

GET

user-sync
sync.adkernel.com/ Frame 12E2
Redirect Chain

https://sync.adkernel.com/user-sync?zone=218872&t=image&r=https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MjgmdGw9MjE2MDA=&piggybackCookie={UID}&gdpr=0&gdpr_consent=&us_priva...
https://sync.colossusssp.com/pbs.gif?gdpr=0&gdpr_consent=null&&redir=https%3A%2F%2Fsync.adkernel.com%2Fuser-sync%3Fzone%3D218872%26dsp%3D1061476%26t%3Dimage%26uid%3D%5BUID%5D
https://sync.adkernel.com/user-sync?zone=218872&dsp=1061476&t=image&uid=0d031850-e754-4951-a3d7-440fdd615e1f

0
0

GET
H2 200 cm Show response
ipac.ctnsnet.com/int/ Frame 502F 43 B
374 B 467ms
248ms Document
image/gif 35.186.193.173
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.193.173 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),

Reverse DNS

173.193.186.35.bc.googleusercontent.com

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 43
content-type: image/gif
date: Tue, 24 Mar 2026 00:57:33 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 google

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 3DB1
Redirect Chain

https://b1sync.outbrain.com/usersync/pubmatic/?cb=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDMmdGw9MTI5NjAw%26piggybackCookie%3D__UID__&gdpr=0&gdpr_cons...
https://b1sync.outbrain.com/usersync/pubmatic/?cb=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDMmdGw9MTI5NjAw%26piggybackCookie%3D__UID__&gdpr=0&gdpr_cons...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDMmdGw9MTI5NjAw&piggybackCookie=760b59a1-affb-4c2b-89e9-9faf95132669&gdpr=0

42 B
209 B

144ms
144ms

Document
image/gif

67.199.150.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDMmdGw9MTI5NjAw&piggybackCookie=760b59a1-affb-4c2b-89e9-9faf95132669&gdpr=0

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

cache-control: no-cache, no-store, must-revalidate
content-length: 179
content-type: text/html; charset=utf-8
date: Tue, 24 Mar 2026 00:57:34 GMT
expires: Thu, 01 Dec 1994 16:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDMmdGw9MTI5NjAw&piggybackCookie=760b59a1-affb-4c2b-89e9-9faf95132669&gdpr=0
p3p: CP="We do not support P3P header."
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 686C
Redirect Chain

https://cm-mx.advolve.io/pixel?adx_id=462&vcode=bz0yJnR5cGU9MSZjb2RlPTQwNTImdGw9MTI5NjAw&adx_uid=$UID&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNTImdGw9MTI5NjAw&piggybackCookie=69c1e17e2c8198ca1012e2ce

42 B
305 B

97ms
96ms

Document
image/gif

207.65.33.82
PubMatic

General

Check archive.org

Download Go to

Full URL

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNTImdGw9MTI5NjAw&piggybackCookie=69c1e17e2c8198ca1012e2ce

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

207.65.33.82 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Tue, 24 Mar 2026 00:57:34 GMT
Server: nginx
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNTImdGw9MTI5NjAw&piggybackCookie=69c1e17e2c8198ca1012e2ce
x-envoy-upstream-service-time: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 118B
Redirect Chain

https://a.tribalfusion.com/i.match?p=b11&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw&piggybackCookie=$TF_USER_ID_ENC$&gdpr=0&gdpr_consent=&us_p...
https://s.tribalfusion.com/z/i.match?p=b11&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw&piggybackCookie=$TF_USER_ID_ENC$&gdpr=0&gdpr_consent=&us...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw

42 B
96 B

151ms
151ms

Document
image/gif

67.199.150.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache private
cf-cache-status: DYNAMIC
cf-ray: 9e11b8f099e5cffa-PER
content-type: text/html
date: Tue, 24 Mar 2026 00:57:33 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMjYmdGw9MTI5NjAw
p3p: CP="NOI DEVo TAIa OUR BUS"
pragma: no-cache
priority: u=0,i
server: cloudflare
server-timing: cfExtPri
x-function: 209
x-reuse-index: 144

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 93EC
Redirect Chain

https://gocm.c.appier.net/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=gJ9zQ_AjDi-WfF0WfeHBaQ

42 B
256 B

171ms
170ms

Document
image/gif

207.65.33.82
PubMatic

General

Check archive.org

Download Go to

Full URL

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=gJ9zQ_AjDi-WfF0WfeHBaQ

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

207.65.33.82 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

Accept-Ch: Sec-CH-UA-Model,Sec-CH-UA-Platform-Version
Cache-Control: no-store
Connection: keep-alive
Content-Length: 0
Date: Tue, 24 Mar 2026 00:57:33 GMT
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDImdGw9MTI5NjAw&piggybackCookie=gJ9zQ_AjDi-WfF0WfeHBaQ
P3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: nginx

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame F9AE
Redirect Chain

https://cr-p10.ladsp.com/cookiesender/10?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwMzEmdGw9MTI5NjAw&piggybackCookie=$UID
https://cr-p10.ladsp.com/cookiesender/10?cr=true&https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwMzEmdGw9MTI5NjAw&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwMzEmdGw9MTI5NjAw&piggybackCookie=AVVGU8ckJxJRks8AKUSwzqoLec8AAAGdHVjTLA

42 B
214 B

125ms
124ms

Document
image/gif

67.199.150.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwMzEmdGw9MTI5NjAw&piggybackCookie=AVVGU8ckJxJRks8AKUSwzqoLec8AAAGdHVjTLA

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

cache-control: no-cache
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
expires: -1
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwMzEmdGw9MTI5NjAw&piggybackCookie=AVVGU8ckJxJRks8AKUSwzqoLec8AAAGdHVjTLA
pragma: no-cache
via: 1.1 26131a3cde08b60652129237128292a2.cloudfront.net (CloudFront)
x-amz-cf-id: SDedmQ4q3QD2CEcaaixowRw5ZhnrQSTSRaPtJ7VAr3p-0H0TtnP2Qg==
x-amz-cf-pop: SYD3-P2
x-cache: Miss from cloudfront

GET usersyncsupply
cm-supply-web.gammaplatform.com/adx/ Frame 3BE9 0
0

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame F341
Redirect Chain

https://dsp.adkernel.com/sync?exchange=4&r=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTQwNTkmdGw9MTI5NjAw%26piggybackCookie%3D%7BUID%7D&gdpr=&gdpr_consent=&gp...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNTkmdGw9MTI5NjAw&piggybackCookie=A8162138932825430366

42 B
198 B

157ms
157ms

Document
image/gif

207.65.33.82
PubMatic

General

Check archive.org

Download Go to

Full URL

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNTkmdGw9MTI5NjAw&piggybackCookie=A8162138932825430366

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

207.65.33.82 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

Connection: keep-alive
Content-Length: 0
Date: Tue, 24 Mar 2026 00:57:34 GMT
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNTkmdGw9MTI5NjAw&piggybackCookie=A8162138932825430366
Server: nginx

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 17CA
Redirect Chain

https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=&us_privacy=&gpp=&gpp_sid=
https://cm.adgrx.com/bridge.gif?AG_PID=pubmatic&gdpr=0&gdpr_consent=&gpp=&gpp_sid=&us_privacy=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=7151965e-271c-11f1-9005-aaf5cfb141f6

42 B
324 B

95ms
94ms

Document
image/gif

67.199.150.86
PubMatic

General

Check archive.org

Download Go to

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=7151965e-271c-11f1-9005-aaf5cfb141f6

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:34 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate
Connection: keep-alive
Content-Length: 0
Content-Type: image/gif
Date: Tue, 24 Mar 2026 00:57:34 GMT
Expires: Thu, 23 Sep 2004 17:42:04 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDEmdGw9MTI5NjAw&piggybackCookie=7151965e-271c-11f1-9005-aaf5cfb141f6
P3P: CP="NOI OTC OTP OUR NOR"
Pragma: no-cache
cache-control: max-age=0, private, must-revalidate
vary: accept-encoding

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame 41F9
Redirect Chain

https://cm.mgid.com/m?cdsp=834174&mode=inverse&gdpr=0&gdpr_consent=&us_privacy=&adu=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTQwNDImdGw9MTI5NjAw%26piggyback...
https://cm.mgid.com/m?adu=https%3A%2F%2Fimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTQwNDImdGw9MTI5NjAw%26piggybackCookie%3D%7Bmuidn%7D%26gdpr%3D%7BGDPR%7D%26gdpr_consent%3D...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNDImdGw9MTI5NjAw&piggybackCookie=q2nxO0ZsNoVh&gdpr=0&gdpr_consent=

42 B
213 B

119ms
119ms

Document
image/gif

207.65.33.82
PubMatic

General

Check archive.org

Download Go to

Full URL

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNDImdGw9MTI5NjAw&piggybackCookie=q2nxO0ZsNoVh&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=158326

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

207.65.33.82 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 24 Mar 2026 00:57:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx
strict-transport-security: max-age=16070400; includeSubDomains

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate max-age=0
cf-cache-status: DYNAMIC
cf-ray: 9e11b8f08ce6d132-PER
content-length: 43
content-type: image/gif
date: Tue, 24 Mar 2026 00:57:33 GMT
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQwNDImdGw9MTI5NjAw&piggybackCookie=q2nxO0ZsNoVh&gdpr=0&gdpr_consent=
pragma: no-cache
priority: u=0,i
server: cloudflare
server-timing: cfExtPri
speculation-rules: "/cdn-cgi/speculation"
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
x-robots-tag: noindex

GET
H2

200

demconf.jpg
dpm.demdex.net/ Frame E3C1
Redirect Chain

https://dpm.demdex.net/ibs:dpid=19566&dpuuid=DC6DF086-7BB9-400E-B7B9-740D658571B8
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=19566&dpuuid=DC6DF086-7BB9-400E-B7B9-740D658571B8

42 B
718 B

330ms
329ms

Image
image/gif

54.71.255.99
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=19566&dpuuid=DC6DF086-7BB9-400E-B7B9-740D658571B8

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

54.71.255.99 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-71-255-99.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-usw2-2-v082-0f13f48eb.edge-usw2.demdex.com 1 ms
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
x-tid: OZIsEyjAQZ8=
expires: Thu, 01 Jan 1970 00:00:00 UTC
content-length: 59
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Tue, 24 Mar 2026 00:57:34 GMT
content-type: image/gif

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=19566&dpuuid=DC6DF086-7BB9-400E-B7B9-740D658571B8
dcs: dcs-prod-usw2-2-v082-08f47437b.edge-usw2.demdex.com 0 ms
pragma: no-cache
x-tid: xFVGG2dxRzI=
expires: Thu, 01 Jan 1970 00:00:00 UTC
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Tue, 24 Mar 2026 00:57:33 GMT

GET
H2

200

sync
pippio.com/api/ Frame E3C1
Redirect Chain

https://idsync.rlcdn.com/420486.gif?partner_uid=DC6DF086-7BB9-400E-B7B9-740D658571B8
https://idsync.rlcdn.com/1000.gif?memo=CIbVGRIwCiwIARCMowEaJERDNkRGMDg2LTdCQjktNDAwRS1CN0I5LTc0MEQ2NTg1NzFCOBAAGg0I_cKHzgYSBQjoBxAAQgBKAA
https://pippio.com/api/sync?pid=5324&it=1&iv=d2240467ad8a34cb1babbea3f5f99448e27978a3e72f305a0e8274cc82a4d257791426b5417dce21&_=2

42 B
571 B

558ms
338ms

Image
image/gif

107.178.254.65
Google LLC

General

Check archive.org

Download Go to Show image

Full URL: https://pippio.com/api/sync?pid=5324&it=1&iv=d2240467ad8a34cb1babbea3f5f99448e27978a3e72f305a0e8274cc82a4d257791426b5417dce21&_=2
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Server: 107.178.254.65 , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),
Reverse DNS: 65.254.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-cache, no-store
timing-allow-origin: *
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 42
date: Tue, 24 Mar 2026 00:57:34 GMT
content-type: image/gif

Redirect headers

cache-control: no-cache, no-store
timing-allow-origin: *
location: https://pippio.com/api/sync?pid=5324&it=1&iv=d2240467ad8a34cb1babbea3f5f99448e27978a3e72f305a0e8274cc82a4d257791426b5417dce21&_=2
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT

GET
H2

200

info
uipglob.semasio.net/dbm/1/ Frame E3C1
Redirect Chain

https://uipglob.semasio.net/pubmatic/1/info?sType=sync&sExtCookieId=DC6DF086-7BB9-400E-B7B9-740D658571B8&sInitiator=external&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/pubmatic/1/info2?sType=sync&sExtCookieId=DC6DF086-7BB9-400E-B7B9-740D658571B8&sInitiator=external&gdpr=0&gdpr_consent=
https://sg.semasio.net/sync/1/15927723?&gdpr=0&gdpr_consent=&sInitiator=external&sExtCookieId=DC6DF086-7BB9-400E-B7B9-740D658571B8
https://match.adsrvr.org/track/cmf/generic?ttd_pid=semasio&ttd_tpi=1&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/tradedesk/1/info?sType=sync&gdpr=0&gdpr_consent=&sInitiator=internal&sExtCookieId=97f39a7c-5982-42c0-86d2-649773acdd79
https://sg.semasio.net/sync/1/32675800?&gdpr=0&gdpr_consent=&sInitiator=internal&sExtCookieId=97f39a7c-5982-42c0-86d2-649773acdd79
https://ib.adnxs.com/getuid?https%3A%2F%2Fsa.semasio.net%2Fsync%2F1%2F4354957%3FsExtCookieId%3D%24UID%26sInitiator%3Dinternal&gdpr=0&gdpr_consent=
https://sa.semasio.net/sync/1/4354957?sExtCookieId=3655796931204238726&sInitiator=internal&gdpr=0&gdpr_consent=
https://track.adform.net/serving/cookie/match/?party=1008&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/adform/1/info?sType=sync&sExtCookieId=7017700947177846861&sInitiator=internal&gdpr=0&gdpr_consent=
https://sg.semasio.net/sync/1/16266044?sExtCookieId=7017700947177846861&gdpr=0&gdpr_consent=&sInitiator=internal
https://sync.srv.stackadapt.com/sync?nid=semasio
https://sg.semasio.net/sync/1/30805874?$sType=sync&sInitiator=internal&sExtCookieId=35EQdmtSVxh17Walk1vmlmds5_U&gdpr=&gdpr_consent=
https://cm.g.doubleclick.net/pixel?google_nid=semasio_ddp&google_cm&google_hm=MTFFRkEyRDBDNTU2RTNBRg&_sdv&gdpr=0&gdpr_consent=
https://uipglob.semasio.net/dbm/1/info?sType=sync&sExtCookieId=CAESEJ4DoEP9vErLGOHdb2v0rtA&sInitiator=internal&google_cver=1&_sdv=&gdpr=0&gdpr_consent=&google_cver=1

42 B
443 B

98ms
98ms

Image
image/gif

95.173.218.112
CDN77 Datacamp Li...

General

Check archive.org

Download Go to Show image

Full URL: https://uipglob.semasio.net/dbm/1/info?sType=sync&sExtCookieId=CAESEJ4DoEP9vErLGOHdb2v0rtA&sInitiator=internal&google_cver=1&_sdv=&gdpr=0&gdpr_consent=&google_cver=1
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Server: 95.173.218.112 Singapore, Singapore, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS: unn-95-173-218-112.datapacket.com
Software: /
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
routing-server-id: -1
frontend-id: 0
pragma: no-cache
expires: Sat, 01 Jan 2011 12:00:00 GMT
access-control-allow-origin: *
uip-response-status: Ok
content-length: 42
date: Tue, 24 Mar 2026 00:57:36 GMT
p3p: policyref="http://uip.semasio.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
content-type: image/gif

Redirect headers

cache-control: no-cache, must-revalidate
location: https://uipglob.semasio.net/dbm/1/info?sType=sync&sExtCookieId=CAESEJ4DoEP9vErLGOHdb2v0rtA&sInitiator=internal&google_cver=1&_sdv=&gdpr=0&gdpr_consent=&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 390
date: Tue, 24 Mar 2026 00:57:36 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame E3C1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=3G3whnu5QA63uXQNZYVxuA%3D%3D&gdpr=0&gdpr_consent=&google_cm
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=&google_gid=CAESEDRfVD0JiDyM-lmEX-JurKQ&google_cver=1

4 KB
4 KB

96ms
96ms

Image
text/html

23.221.132.242
Akamai Technologies

General

Check archive.org

Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=&google_gid=CAESEDRfVD0JiDyM-lmEX-JurKQ&google_cver=1
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Server: 23.221.132.242 Sydney, Australia, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a23-221-132-242.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

cache-control: max-age=113866
content-encoding: gzip
expires: Wed, 25 Mar 2026 08:35:19 GMT
accept-ranges: bytes
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 7259
date: Tue, 24 Mar 2026 00:57:33 GMT
last-modified: Mon, 29 Sep 2025 15:12:50 GMT
content-type: text/html
server: Apache
vary: Accept-Encoding

Redirect headers

cache-control: no-cache, must-revalidate
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=&google_gid=CAESEDRfVD0JiDyM-lmEX-JurKQ&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 362
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame E3C1
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENus9K45FbDvO_pIAI57C80&google_cver=1

42 B
397 B

96ms
96ms

Image
image/gif

207.65.33.82
PubMatic

General

Check archive.org

Download Go to Show image

Full URL

https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENus9K45FbDvO_pIAI57C80&google_cver=1

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

207.65.33.82 , Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

strict-transport-security: max-age=16070400; includeSubDomains
cache-control: no-store, no-cache, private
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: image/gif; charset=utf-8
server: nginx

Redirect headers

cache-control: no-cache, must-revalidate
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESENus9K45FbDvO_pIAI57C80&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 379
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame E3C1
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=

42 B
316 B

388ms
142ms

Image
image/gif

67.199.150.86
PubMatic

General

Check archive.org

Download Go to Show image

Full URL

https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

67.199.150.86 Singapore, Singapore, ASN62713 (AS-PUBMATIC - PubMatic, Inc., US),

Reverse DNS

Software

nginx /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://ads.pubmatic.com/

Response headers

strict-transport-security: max-age=16070400; includeSubDomains
cache-control: no-store, no-cache, private
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: image/gif; charset=utf-8
server: nginx

Redirect headers

location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=97f39a7c-5982-42c0-86d2-649773acdd79&gdpr=0&gdpr_consent=
content-length: 355
date: Tue, 24 Mar 2026 00:57:33 GMT
server: Kestrel

POST
H2 200 483.json Show response
id5-sync.com/g/v2/ 1 KB
1 KB 653ms
652ms Fetch
application/json 162.19.138.117
OVH OVH SAS

General

Check archive.org

Download Go to

Full URL

https://id5-sync.com/g/v2/483.json

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH OVH SAS, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

c9444beb2bb01b0fedb9266be00611936aff0365959fbb7eb0be20f9795b28c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://paint.toys/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
expires: Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin: https://paint.toys
p3p: CP="CAO PSA OUR"
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: application/json
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

OPTIONS
H2 204 page_visit
pb-ing-02.ccgateway.net/v1.0/parent/5bb3e20859/engagement/trigger/ Frame 0
0 1060ms
515ms Preflight 52.42.137.213
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://pb-ing-02.ccgateway.net/v1.0/parent/5bb3e20859/engagement/trigger/page_visit
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.137.213 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-42-137-213.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paint.toys
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,Authorization,X-Forwarded-For
access-control-allow-methods: GET,POST
access-control-allow-origin: https://paint.toys
access-control-max-age: 86400
date: Tue, 24 Mar 2026 00:57:34 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

OPTIONS
H2 204 ad_impression
pb-ing-02.ccgateway.net/v1.0/parent/5bb3e20859/engagement/trigger/ Frame 0
0 1058ms
515ms Preflight 52.42.137.213
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://pb-ing-02.ccgateway.net/v1.0/parent/5bb3e20859/engagement/trigger/ad_impression
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.137.213 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-42-137-213.us-west-2.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://paint.toys
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Content-Length,Accept-Encoding,Authorization,X-Forwarded-For
access-control-allow-methods: GET,POST
access-control-allow-origin: https://paint.toys
access-control-max-age: 86400
date: Tue, 24 Mar 2026 00:57:34 GMT
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 page_visit Show response
pb-ing-02.ccgateway.net/v1.0/parent/5bb3e20859/engagement/trigger/ 60 B
332 B 424ms
423ms Fetch
application/json 52.42.137.213
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://pb-ing-02.ccgateway.net/v1.0/parent/5bb3e20859/engagement/trigger/page_visit
Requested by: Host: script-api.ccgateway.net
URL: https://script-api.ccgateway.net/script/bundle?id=paint.toys&parentId=5bb3e20859
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.137.213 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-42-137-213.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: b750fdd3f7a94b9437d5ab5e25060a17b38a5756fe2ed03ef5ddcf9f3741e7d1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://paint.toys/

Response headers

access-control-allow-origin: https://paint.toys
content-length: 60
date: Tue, 24 Mar 2026 00:57:34 GMT
content-type: application/json; charset=utf-8
vary: Origin
access-control-allow-credentials: true

POST
H2 200 ad_impression Show response
pb-ing-02.ccgateway.net/v1.0/parent/5bb3e20859/engagement/trigger/ 60 B
332 B 337ms
335ms Fetch
application/json 52.42.137.213
Amazon.com

General

Check archive.org

Download Go to

Full URL: https://pb-ing-02.ccgateway.net/v1.0/parent/5bb3e20859/engagement/trigger/ad_impression
Requested by: Host: script-api.ccgateway.net
URL: https://script-api.ccgateway.net/script/bundle?id=paint.toys&parentId=5bb3e20859
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.42.137.213 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-42-137-213.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: b750fdd3f7a94b9437d5ab5e25060a17b38a5756fe2ed03ef5ddcf9f3741e7d1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://paint.toys/

Response headers

access-control-allow-origin: https://paint.toys
content-length: 60
date: Tue, 24 Mar 2026 00:57:34 GMT
content-type: application/json; charset=utf-8
vary: Origin
access-control-allow-credentials: true

GET
H2

200

user_sync
pb-ing-02.ccgateway.net/v1.0/parent/5bb3e20859/engagement/trigger/
Redirect Chain

https://sync.crwdcntrl.net/qmap?c=18513&tp=MGNI&tpid=55f93eb7-929f-4425-9190-25b425ce4aa7&d=https%3A%2F%2Fpb-ing-02.ccgateway.net%2Fv1.0%2Fparent%2F5bb3e20859%2Fengagement%2Ftrigger%2Fuser_sync%3Fs...
https://pb-ing-02.ccgateway.net/v1.0/parent/5bb3e20859/engagement/trigger/user_sync?src=lotame&puid=7b515599190e17b3636a5175a97bafc9&id=paint.toys&parentId=5bb3e20859&ccsid=e61582bc-cfea-4f52-95a1-...

0
38 B

1032ms
516ms

Image
text/plain

52.42.137.213
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://pb-ing-02.ccgateway.net/v1.0/parent/5bb3e20859/engagement/trigger/user_sync?src=lotame&puid=7b515599190e17b3636a5175a97bafc9&id=paint.toys&parentId=5bb3e20859&ccsid=e61582bc-cfea-4f52-95a1-e6e9c0a49c3d&ccuid=55f93eb7-929f-4425-9190-25b425ce4aa7&ccpt=0&pvid=9eed6ee9-c49c-4c8c-b09e-e6eeabee4223&engid=794d7793-891d-4196-9509-aebc96ce5fc9&engcount=0&engttl=60
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Server: 52.42.137.213 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-42-137-213.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

date: Tue, 24 Mar 2026 00:57:34 GMT
content-length: 0

Redirect headers

strict-transport-security: max-age=31536000 ; includeSubDomains
cache-control: no-cache
location: https://pb-ing-02.ccgateway.net/v1.0/parent/5bb3e20859/engagement/trigger/user_sync?src=lotame&puid=7b515599190e17b3636a5175a97bafc9&id=paint.toys&parentId=5bb3e20859&ccsid=e61582bc-cfea-4f52-95a1-e6e9c0a49c3d&ccuid=55f93eb7-929f-4425-9190-25b425ce4aa7&ccpt=0&pvid=9eed6ee9-c49c-4c8c-b09e-e6eeabee4223&engid=794d7793-891d-4196-9509-aebc96ce5fc9&engcount=0&engttl=60
pragma: no-cache
expires: 0
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT

GET
H3 200 favicon.ico Show response
ad.doubleclick.net/ 1 KB
129 B 193ms
193ms Fetch
image/x-icon 142.250.207.6
Google LLC

General

Check archive.org

Download Go to

Full URL

https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250&e=0.7452105301650676

Requested by

Host: btloader.com
URL: https://btloader.com/tag?o=5150306120761344&upapi=true

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.207.6 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

tzsyda-ah-in-f6.1e100.net

Software

sffe /

Resource Hash

d961b08e4321250926de6f79087594975fe20ad1518de8f91eb711af5d1a6ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://paint.toys/

Response headers

content-encoding: gzip
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
x-content-type-options: nosniff
expires: Wed, 25 Mar 2026 00:57:33 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: image/x-icon
vary: Accept-Encoding
last-modified: Tue, 08 May 2012 13:08:06 GMT
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
content-length: 104
x-xss-protection: 0
server: sffe

GET
H3 200 czTgy9mIi5RGiBXHKckI-wtOrMiLac-Kl8s6PTrkjyk.js Show response
pagead2.googlesyndication.com/bg/ Frame 6E08 56 KB
22 KB 96ms
96ms Script
text/javascript 142.250.195.226
Google LLC

General

Check archive.org

Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/czTgy9mIi5RGiBXHKckI-wtOrMiLac-Kl8s6PTrkjyk.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.195.226 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

maa03s43-in-f2.1e100.net

Software

sffe /

Resource Hash

7334e0cbd9888b94468815c729c908fb0b4eacc88b69cf8a97cb3a3d3ae48f29

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://tpc.googlesyndication.com/

Response headers

content-encoding: br
age: 240301
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
x-content-type-options: nosniff
expires: Sun, 21 Mar 2027 06:12:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Sat, 21 Mar 2026 06:12:32 GMT
last-modified: Fri, 20 Mar 2026 09:28:00 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
accept-ranges: bytes
content-length: 22136
x-xss-protection: 0
server: sffe

GET
H/1.1 200
OK ftUtils.js Show response
ajs-assets.ftstatic.com/ Frame 6012 100 KB
31 KB 388ms
185ms Script
application/javascript 23.46.10.246
AKAMAI-ASN1 Akama...

General

Check archive.org

Download Go to

Full URL: https://ajs-assets.ftstatic.com/ftUtils.js
Requested by: Host: servedby.flashtalking.com
URL: https://servedby.flashtalking.com/imp/7/296969;10263025;201;jsappend;18330;10263025/?bundle_id=&ft_partnerimpid=ABAjH0hNXwEgHnuMPZ-iGVw1rzj4&pub_id=8&ft_referrer=https%3A%2F%2Fpaint.toys%2Foil&ft_keyword=20988505181&site_url=https%3A%2F%2Fpaint.toys%2Foil&ft_section=20988505181&sup_platform=8&gdpr=&gdpr_consent=&us_privacy=%24%7BUS_PRIVACY%7D&ftRandom=a2ef5351fd&ftClick=https://googleads.g.doubleclick.net/dbm/clk?sa=L&ai=CAUFie-HBaam2E-3PjuMPmsnbgQGQ79LhgQGG3cGYmBX43JSYQxABILq-8BZgpYCAgKgBoAGL4oqgAcgBCagDAcgDmwSqBIQCT9B2s9YjnzL8-rerzSBRHIGqO8Z6vpnkz3B_RLDubL6jX-snkXksQp5aHuqCDFLbV9s82E2ch25ru-uqat3ZFOVuBqHLiPlwFT302tU9yDmIXKJW2iV7cl2QVkG6byVaVwEI5i0Ebyi6ttfCP3hIXcrXXn2H0UzOa_ao2NGUdbeN96yne4JA71enVO5hGuXZTSCt3ogEVDHI0FGAut24zdu8BvVn_NkA_fA-UD5AqnyMmZaUxvgzodladlmSPp9McLwlRkatMs6RlFi_G7myJJrYzsD8e26A4OPj3pfXoaVI665Kwjo0puxVhaw7tNKBr1mb0svPA5Rn0UxRmakAsMsG6T3ABKzT483hBOAEA4gF3diMmE6QBgGgBk2AB92d9d8CqAenzLECqAemvhuoB8zOsQKoB_PRG6gHltgbqAeqm7ECqAeOzhuoB5PYG6gH8OAbqAfulrECqAf-nrECqAevvrECqAfVyRuoB9m2sQKoB5oGqAf_nrECqAffn7ECqAf4wrECqAf7wrECqAfn17EC2AcA0gguCIBhEAEYXzIIioKAgICAgAg6DYBAgMCAgICAqIACqANIvf3BOlj-w8-WqreTA_IIH2JpZGRlci14YXBpOjE5MTI4ODp2bFdBWWtLX1lCd2uACgSYCwHICwGADAGqDQJBVfANAYgODrAT6fCwIdATANgTDdgUAdAVAcoWAgoA-BYBgBcBshcQGAIqCjg4NTM2OTY3NTFQBrIYCRICnWMYTSIBANAZAQ&ae=1&num=1&cid=CAQS3gEABaugfcvcQEVisj4dXZRnK5WrcZkAku6HXMziAWv2oyd3Y25TXIbxhKtvGICe8JIaAktcmqFSCxzLVeL49DBnXLLtqH3rwfEokCmWwaQNtvvbLABYFviwG_ryNnNZ9xzcqFVyY0OKD351lOs0yAzzFbmsZvcdf9jDI7JxhJpJubUpoQSeXd5r0sd75CtTVOm2edeR-dw4lyhC9nGUG1k1DEhquSjgMTcwr-eQSGJ8zdUnpneKGHgmNGZRu1Lvqo7aFUJnGB-oidQJFz7lIJhwM6rPRYDDR0P3NL0nrU4YAQ&sig=AOD64_1Wde_MfPBTVIe-TghrFvNhiJu3ew&client=ca-pub-6579838053286784&dbm_c=AKAmf-A8ODr_TeWBYYAATE58XixrNzFe9oI0uQrqoL8muTjvb5_fM-z9zUHFaZUbKRSOBvIrgSFuF49NJ1BK48n1qVjXZpuUIIE0tH4eXIjaB5CB-UNPDB_lXUqkjhYjgG_Mmz0N69wsEdWp6eXmPheX-CH9qrOdfDmK3oEVuZwpGV7JAjeSNrWnK09Z_BqBHP89viLX0JkWLTBHVGnfxPmqOo8Z1iTSV4WyA7xCxZzgef6p9sGmVGFM_qQHY4kTmTerlh3LDQ87TZl38iyc95-KjjvtpGGIxiSanZMnr196tWOo9ESIvK0&cry=1&dbm_d=AKAmf-Ctqm_1f3LpvufQUKS4m9QD84OgWnArytCoFmf99U-4KaZoWMhXaXNLVd7SfaQm1xp9UZiV9vBPk-8GdFE8bzWgAu1afFv8c3cEyGR-o5eO3LEGGW_NPDlUMlRNeZUYyM4730YiL0WrzM371MBKYiSvfKvtlRFEalaF_2F15Bu1UN1fPnIas4sMyvHf_cNRtzPeVa80rD8l03UUnFIpfgqZ9nAZsidWHBWg8Xc41Okb76LXMfRMg7RS0F3zWYWJzynASMohXxWDcLv1A-ZcX-xNChNnNlicH1tN7w-8RR_ZD4XyRfQa7I3udNGRD8p4OXUQoGw8QsBxLr582F-mBUpuwTPIFFStjoyFO21HiKKq4Z7V37leO6JPpj9myXfS0msU-BizyYuEs-grr-EkaxIgl3xnZsjfJxUGsOBX8VTz6kmEcvr6X8vDfVKQQdDiAN5hWMzW5dIN7mNjM98jYevywECDa1ejSbexBOjfYno1lbwksyhNFvqACMpwS9RD9_rRrJ5HC2k3AhL-Pb550GIuGw_jhXoN3edVIdfVAYZkJjapdjHz_mFEscP1kZtB6xjTY1gMT94guz-KSA6cLBrVB0od7iRbYwL5FcDEj0U0O77yOMshOf1gDrP__4YSKFNMbb1A4ZZ5q-2zRZi4j4J5XLSNxRGenTr3hV5mB7DYCEBfh9IvyPxoxRbAgyt1OTgaqJi-&adurl=&ft_agentEnv=0&ftOBA=1&cachebuster=a2ef5351fd
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.46.10.246 Sydney, Australia, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),
Reverse DNS: a23-46-10-246.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 372f795823a54a3bc659d4e3b9f8ca82caaa75577dbbc64dbf08bfed0e0b7915

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://3d18cb6726eb82d3067ba783b7082a30.safeframe.googlesyndication.com/

Response headers

Access-Control-Max-Age: 3000
Access-Control-Expose-Headers: Accept-Ranges, Content-Encoding, Content-Length, Content-Range
Content-Encoding: gzip
ETag: W/"b62697b3a90a4c737930e79a194afe1a"
Access-Control-Allow-Methods: GET
Expires: Wed, 25 Mar 2026 00:57:33 GMT
X-Varnish: 222337844 221241781
Akamai-Cache-Status: Hit from child
Date: Tue, 24 Mar 2026 00:57:33 GMT
Content-Type: application/javascript
Last-Modified: Mon, 08 Dec 2025 15:51:15 GMT
Vary: Accept-Encoding
x-amz-id-2: tzudfJN5gM4DlHXGXIHnAEwdiMrjZ3EWIdOcfU/3F2mizlIDlw+w5tq94H48hj10FeT6ybDX9fjfh48JVSbrVDVQ2nxIBHAmy9WbgxGnZOY=
Cache-Control: max-age=86400
Connection: keep-alive
x-amz-request-id: 6VXCAD499YA47BXS
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 30765
Server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 checksync.php Show response
hbx.media.net/ Frame 90CA 33 KB
11 KB 424ms
140ms Document
text/html 23.221.132.28
Akamai Technologies

General

Check archive.org

Download Go to

Full URL

https://hbx.media.net/checksync.php?cid=8CUEHS6F9&cs=87&type=mpbc&cv=37&vsSync=1&uspstring=&gdpr=&gdprstring=&gpp=&gpp_sid=&redirect=https%3A%2F%2Fpbs.intergient.com%2Fsetuid%3Fbidder%3Dmedianet%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%3Cvsid%3E

Requested by

Host: cdn.intergient.com
URL: https://cdn.intergient.com/prebid/prebid.335dd724b9406dcd9e2b.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.221.132.28 Sydney, Australia, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),

Reverse DNS

a23-221-132-28.deploy.static.akamaitechnologies.com

Software

Apache /

Resource Hash

0eb2a567c8163b7cdc3817ebc39f2858c465cabe6d8f61276974e444f346311d

Security Headers

Name	Value
Strict-Transport-Security	max-age=604800 max-age=86400 ; includeSubDomains

Request headers

Referer: https://paint.toys/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=93600
cache-control: max-age=172800
content-encoding: gzip
content-length: 11430
content-type: text/html; charset=UTF-8
date: Tue, 24 Mar 2026 00:57:33 GMT
expires: Thu, 26 Mar 2026 00:57:33 GMT
p3p: CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: max-age=604800
server: Apache
strict-transport-security: max-age=604800 max-age=86400 ; includeSubDomains
timing-allow-origin: *
vary: Accept-Encoding

GET
H/1.1

200

ecm3
s.amazon-adsystem.com/ Frame 8D2C
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=a9us
https://s.amazon-adsystem.com/ecm3?id=MN3WNKTO-1X-3ORV&ex=d-rubiconproject.com&status=ok

43 B
477 B

359ms
309ms

Image
image/gif

98.82.156.207
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://s.amazon-adsystem.com/ecm3?id=MN3WNKTO-1X-3ORV&ex=d-rubiconproject.com&status=ok

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

HTTP/1.1

Server

98.82.156.207 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-98-82-156-207.compute-1.amazonaws.com

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid: AP0933C5WBK2ZCM5RTS5
Content-Length: 43
Date: Tue, 24 Mar 2026 00:57:34 GMT
Content-Type: image/gif
Vary: Content-Type,Accept-Encoding,User-Agent
Server: Server

Redirect headers

Cache-Control: no-cache,no-store,must-revalidate
Location: https://s.amazon-adsystem.com/ecm3?id=MN3WNKTO-1X-3ORV&ex=d-rubiconproject.com&status=ok
Pragma: no-cache
Expires: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: e2b6b837307e4a2cb84d126fbaf2cea2
content-length: 0
Content-Type: text/html

GET
H/1.1

200

dcm
s.amazon-adsystem.com/ Frame 8D2C
Redirect Chain

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=
https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t

43 B
853 B

324ms
324ms

Image
image/gif

98.82.156.207
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

HTTP/1.1

Server

98.82.156.207 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),

Reverse DNS

ec2-98-82-156-207.compute-1.amazonaws.com

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid: TQCSNHTWDQBYSY16D70Z
Content-Length: 43
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Date: Tue, 24 Mar 2026 00:57:34 GMT
Content-Type: image/gif
Vary: Content-Type,Accept-Encoding,User-Agent
Server: Server

Redirect headers

Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Location: https://s.amazon-adsystem.com/dcm?pid=50cd21b7-d8d7-4615-9fb9-a2be831f8488&id=&dcc=t
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid: 9RM734CFFBX9W3N1DKW5
Content-Length: 0
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Date: Tue, 24 Mar 2026 00:57:34 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Server: Server

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8D2C
Redirect Chain

https://token.rubiconproject.com/token?pid=25470
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_cm&google_hm=TU4zV05LVE8tMVgtM09SVg==
https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEKw39PnY2RF2--f-2LbZNV0&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TU4zV05LVE8tMVgtM09SVg==&google_push=

170 B
188 B

195ms
194ms

Image
image/png

142.250.183.34
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TU4zV05LVE8tMVgtM09SVg==&google_push=

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 24 Mar 2026 00:57:34 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

Cache-Control: no-cache,no-store,must-revalidate
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TU4zV05LVE8tMVgtM09SVg==&google_push=
Pragma: no-cache
Expires: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 94869a3d6d62a785bc2a9351b08a70bb
content-length: 0
Content-Type: text/html

GET
H/1.1

200

dcm
aax-eu.amazon-adsystem.com/s/ Frame 8D2C
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t

43 B
853 B

422ms
422ms

Image
image/gif

67.220.228.200
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL

https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

HTTP/1.1

Server

67.220.228.200 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

Software

Server /

Resource Hash

c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid: V6D3G2PJ0PM2HRHD39XJ
Content-Length: 43
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Date: Tue, 24 Mar 2026 00:57:34 GMT
Content-Type: image/gif
Vary: Content-Type,Accept-Encoding,User-Agent
Server: Server

Redirect headers

Strict-Transport-Security: max-age=47474747; includeSubDomains; preload
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Location: https://aax-eu.amazon-adsystem.com/s/dcm?pid=a38a8ddf-19a7-4ab8-ba05-0a61de92a7e5&id=&dcc=t
Pragma: no-cache
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-amz-rid: CPZB4KT1NTRF8GHFV7KR
Content-Length: 0
p3p: policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Date: Tue, 24 Mar 2026 00:57:34 GMT
Vary: Content-Type,Accept-Encoding,User-Agent
Server: Server

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 8D2C
Redirect Chain

https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
https://ups.analytics.yahoo.com/ups/58912/cms?uid=bfhVP0nxPAWhYpEyTTRQosn5EUdSAgOZEtemQ7w0kco&csrc=
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-ysHF5qFE2oKK1VBgzlKxXu3RtFBaZ1hSVA_MLw--~A

42 B
1 KB

475ms
141ms

Image
image/gif

69.173.158.64
Magnite

General

Check archive.org

Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-ysHF5qFE2oKK1VBgzlKxXu3RtFBaZ1hSVA_MLw--~A
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: HTTP/1.1
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: d264e84c9dc1a645a3048554992c5d82
Pragma: no-cache
content-length: 42
Content-Type: image/gif

Redirect headers

strict-transport-security: max-age=31536000
location: https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=y-ysHF5qFE2oKK1VBgzlKxXu3RtFBaZ1hSVA_MLw--~A
age: 0
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: text/html
server: ATS

GET
H2

200

m
secure-gl.imrworldwide.com/cgi-bin/ Frame 8D2C
Redirect Chain

https://match.adsrvr.org/track/cmf/rubicon
https://secure-gl.imrworldwide.com/cgi-bin/m?ci=tradedesk&cg=97f39a7c-5982-42c0-86d2-649773acdd79

44 B
704 B

426ms
182ms

Image
image/gif

3.175.115.78
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://secure-gl.imrworldwide.com/cgi-bin/m?ci=tradedesk&cg=97f39a7c-5982-42c0-86d2-649773acdd79
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H2
Server: 3.175.115.78 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-3-175-115-78.syd3.r.cloudfront.net
Software: nginx /
Resource Hash: 5ecb58845a9ac30e4eb4b18eb0e7431ba1fb195ce035309735efaee67421c7a3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

access-control-allow-methods: POST, OPTIONS
expires: Thu, 01 Dec 1994 16:00:00 GMT
x-cache: Miss from cloudfront
p3p: P3P policyref="http://secure-gl.imrworldwide.com/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
x-amz-cf-id: LvomR_XrKrNGWWOMeyqVtoJpz983W9Otpg6GWTYwsa9HSoMxI4a8lg==
date: Tue, 24 Mar 2026 00:57:33 GMT
content-type: image/gif
cache-control: no-cache
accept-ch: Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Platform-Version
pragma: no-cache
cross-origin-resource-policy: cross-origin
via: 1.1 24f360fd93fc7d5a758875518fa21000.cloudfront.net (CloudFront)
access-control-allow-origin: *
content-length: 44
x-amz-cf-pop: SYD3-P3
server: nginx

Redirect headers

location: https://secure-gl.imrworldwide.com/cgi-bin/m?ci=tradedesk&cg=97f39a7c-5982-42c0-86d2-649773acdd79
content-length: 225
date: Tue, 24 Mar 2026 00:57:33 GMT
server: Kestrel

GET
H3

200

setuid
px.ads.linkedin.com/ Frame 8D2C
Redirect Chain

https://token.rubiconproject.com/token?pid=36584
https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=MN3WNKTO-1X-3ORV

0
38 B

289ms
288ms

Image
text/plain

150.171.22.12
Microsoft Corpora...

General

Check archive.org

Download Go to Show image

Full URL: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=MN3WNKTO-1X-3ORV
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H3
Server: 150.171.22.12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: E48D78A089BA427DB2D5A86302BCD1E1 Ref B: PER201000403029 Ref C: 2026-03-24T00:57:33Z
x-li-fabric: prod-ltx1
x-li-uuid: AAZNuqL8yDSVRRfG9Taw8w==
x-li-proto: http/1.1
alt-svc: h3=":443"; ma=86400
x-cache: CONFIG_NOCACHE
content-length: 0
date: Tue, 24 Mar 2026 00:57:34 GMT

Redirect headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
Location: https://px.ads.linkedin.com/setuid?partner=rubiconDb&dbredirect=true&ruxId=MN3WNKTO-1X-3ORV
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 030b4ddd4a4f3e9891a065664f20c4bb
Pragma: no-cache
content-length: 0

GET
H/1.1

204
No Content

esync
token.rubiconproject.com/ Frame 8D2C
Redirect Chain

https://id.rlcdn.com/709414.gif
https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e

0
214 B

230ms
141ms

Image
text/plain

69.173.158.64
Magnite

General

Check archive.org

Download Go to Show image

Full URL: https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: HTTP/1.1
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 0ed95c36ed1932be3ba76fc523a6e179
Pragma: no-cache

Redirect headers

cache-control: no-cache, no-store
timing-allow-origin: *
location: https://token.rubiconproject.com/esync?pid=28028&puid=&pt=e
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 8D2C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc&process_consent=T
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA86WDSCjuOBbVDcMWBfSZU&google_cver=1

42 B
1 KB

588ms
150ms

Image
image/gif

69.173.158.64
Magnite

General

Check archive.org

Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA86WDSCjuOBbVDcMWBfSZU&google_cver=1
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: HTTP/1.1
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: c80248407eff6cf595ce43a76c04e23f
Pragma: no-cache
content-length: 42
Content-Type: image/gif

Redirect headers

cache-control: no-cache, must-revalidate
location: https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEA86WDSCjuOBbVDcMWBfSZU&google_cver=1
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 326
date: Tue, 24 Mar 2026 00:57:33 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: HTTP server (unknown)

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 8D2C
Redirect Chain

https://token.rubiconproject.com/token?pid=2249&pt=n
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ODZjYTRjZTI3ZWQyMzU4MzJiYTZiMGYyZTBlNjg1Y2Y2MGM5M2VmNQ

170 B
188 B

197ms
196ms

Image
image/png

142.250.183.34
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ODZjYTRjZTI3ZWQyMzU4MzJiYTZiMGYyZTBlNjg1Y2Y2MGM5M2VmNQ

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

142.250.183.34 , United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

bom12s11-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Tue, 24 Mar 2026 00:57:34 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

Redirect headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
Location: https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=ODZjYTRjZTI3ZWQyMzU4MzJiYTZiMGYyZTBlNjg1Y2Y2MGM5M2VmNQ
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 548ddf114c6f6bfbb66a4cdeb6a219f4
Pragma: no-cache
content-length: 0

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/ Frame 8D2C
Redirect Chain

https://match.prod.bidr.io/cookie-sync/rp?bee_sync_partners=rp
https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAF9UE7Tg8MAAABheBax3A&expires=30

42 B
1 KB

677ms
141ms

Image
image/gif

69.173.158.64
Magnite

General

Check archive.org

Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAF9UE7Tg8MAAABheBax3A&expires=30
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: HTTP/1.1
Server: 69.173.158.64 Singapore, Singapore, ASN26667 (RUBICONPROJECT - Magnite, Inc., US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 94869a3d6d62a785bc2a9351b08a70bb
Pragma: no-cache
content-length: 42
Content-Type: image/gif

Redirect headers

strict-transport-security: max-age=2592000; includeSubDomains
location: https://pixel.rubiconproject.com/tap.php?v=183462&nid=4114&put=AAF9UE7Tg8MAAABheBax3A&expires=30
content-length: 0
date: Tue, 24 Mar 2026 00:57:33 GMT
server: gunicorn

GET
H3

200

receive
pixel.tapad.com/idsync/ex/ Frame 8D2C
Redirect Chain

https://token.rubiconproject.com/token?pid=37556&a=1
https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=MN3WNKTO-1X-3ORV

95 B
123 B

221ms
221ms

Image
image/png

34.111.113.62
Google LLC

General

Check archive.org

Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=MN3WNKTO-1X-3ORV

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM - Google LLC, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length: 95
date: Tue, 24 Mar 2026 00:57:34 GMT
content-type: image/png

Redirect headers

Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
Location: https://pixel.tapad.com/idsync/ex/receive?partner_id=3355&partner_device_id=MN3WNKTO-1X-3ORV
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 6690dc791bf02dde8c4051a04cfd7bb8
Pragma: no-cache
content-length: 0

GET
H3

200

pixel
capi.connatix.com/us/ Frame 8D2C
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=19564
https://capi.connatix.com/us/pixel?puid=MN3WNKTO-1X-3ORV&pId=11&gdpr=&gdpr_consent=&us_privacy=

0
293 B

87ms
87ms

Image
text/plain

172.64.146.152
Cloudflare

General

Check archive.org

Download Go to Show image

Full URL: https://capi.connatix.com/us/pixel?puid=MN3WNKTO-1X-3ORV&pId=11&gdpr=&gdpr_consent=&us_privacy=
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol: H3
Server: 172.64.146.152 , Ascension Island, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-ray: 9e11b8f4dc57274a-ADL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
content-length: 0
date: Tue, 24 Mar 2026 00:57:34 GMT
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
server: cloudflare
priority: u=3,i
access-control-allow-headers: x-sec-ch-ua-platform-version, x-sec-ch-ua-full-version-list, x-sec-ch-ua-arch, x-sec-ch-ua-bitness, x-sec-ch-ua-model

Redirect headers

Cache-Control: no-cache,no-store,must-revalidate
Location: https://capi.connatix.com/us/pixel?puid=MN3WNKTO-1X-3ORV&pId=11&gdpr=&gdpr_consent=&us_privacy=
Pragma: no-cache
Expires: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 0ed95c36ed1932be3ba76fc523a6e179
content-length: 0
Content-Type: text/html

GET
H2

200

setuid
ib.adnxs.com/prebid/ Frame 8D2C
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-apn
https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=MN3WNKTO-1X-3ORV

43 B
1 KB

94ms
94ms

Image
image/gif

103.43.89.4
Xandr Inc.

General

Check archive.org

Download Go to Show image

Full URL

https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=MN3WNKTO-1X-3ORV

Requested by

Host: paint.toys
URL: https://paint.toys/oil/

Protocol

Server

103.43.89.4 Singapore, Singapore, ASN29990 (ASN-APPNEXUS - Xandr Inc., US),

Reverse DNS

839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net

Software

nginx/1.25.5 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36
Referer: https://eus.rubiconproject.com/

Response headers

cache-control: no-store, no-cache, private
pragma: no-cache
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
x-proxy-origin: 103.108.231.245; 103.108.231.245; 839.bm-nginx-loadbalancer.mgmt.sin3.adnexus.net; *.adnxs.com
expires: Sat, 15 Nov 2008 16:00:00 GMT
an-x-request-uuid: c6643e41-c00d-4abb-b553-53189a4f3617
content-length: 43
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date: Tue, 24 Mar 2026 00:57:34 GMT
x-xss-protection: 0
content-type: image/gif
server: nginx/1.25.5

Redirect headers

Cache-Control: no-cache,no-store,must-revalidate
Location: https://ib.adnxs.com/prebid/setuid?bidder=rubicon&uid=MN3WNKTO-1X-3ORV
Pragma: no-cache
Expires: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: d335433bbbe0efeac67146df47932f6f
content-length: 0
Content-Type: text/html

GET

setuid
pbs.yahoo.com/ Frame 8D2C
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=pbs-yahoo-exchange
https://pbs.yahoo.com/setuid?bidder=rubicon&uid=MN3WNKTO-1X-3ORV

0
0

GET

ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 8D2C
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=primis
https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=MN3WNKTO-1X-3ORV
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=MN3WNKTO-1X-3ORV

0
0

GET
H2

200

usersync
usersync.gumgum.com/ Frame 9B80
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=gumgum&khaos=MN3WNKTO-1X-3ORV
https://usersync.gumgum.com/usersync?b=mag&i=MN3WNKTO-1X-3ORV

35 B
168 B

177ms
176ms

Image
image/gif

47.129.15.147
Amazon.com

General

Check archive.org

Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=mag&i=MN3WNKTO-1X-3ORV
Requested by: Host: paint.toys
URL: https://paint.toys/oil/
Protocol

paint.toys 3.33.186.135 Public Scan Open in urlscan Pro

Internal

Effective Hostname

Submitted URL

Effective URL Pivot

Effective IP

Summary

urlscan.io Verdict: No classification

Domain & IP information

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

ASN Lookup

IP Lookup

paint.toys
3.33.186.135 Public Scan Open in urlscan Pro