wheregoes.com Open in urlscan Pro
2606:4700:3035::ac43:b70e Public Scan

Go To Rescan
Add Verdict Report

URL:
https://wheregoes.com/trace/20234856657/
Submission: On October 17 via manual (October 17th 2023, 2:12:15 am UTC) from ID — Scanned from DE

Summary HTTP 215 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 65 IPs in 6 countries across 75 domains to perform 215 HTTP transactions. The main IP is 2606:4700:3035::ac43:b70e, located in United States and belongs to CLOUDFLARENET, US. The main domain is wheregoes.com.
TLS certificate: Issued by GTS CA 1P5 on October 15th 2023. Valid for: 3 months.

This is the only time wheregoes.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
12	2606:4700:303... 2606:4700:3035::ac43:b70e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700:e2:... 2606:4700:e2::ac40:8820	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.139.128.10 151.139.128.10	20446 (STACKPATH...) (STACKPATH-CDN)
9	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	64.227.38.224 64.227.38.224	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
1	52.210.78.166 52.210.78.166	16509 (AMAZON-02) (AMAZON-02)
1	2a02:2638:3::7 2a02:2638:3::7	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	34.120.63.153 34.120.63.153	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
10	34.254.59.116 34.254.59.116	16509 (AMAZON-02) (AMAZON-02)
3	51.89.9.253 51.89.9.253	16276 (OVH) (OVH)
2	63.251.14.3 63.251.14.3	14744 (INTERNAP-...) (INTERNAP-BLOCK-4)
3	2602:803:c003... 2602:803:c003:200::21	26667 (RUBICONPR...) (RUBICONPROJECT)
3 19	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
3	2a02:2638:3::3 2a02:2638:3::3	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	65.9.66.104 65.9.66.104	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:2250:6000:a:e047:753:6381	16509 (AMAZON-02) (AMAZON-02)
1	34.102.146.192 34.102.146.192	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2606:4700:10:... 2606:4700:10::6816:3456	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:5514	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	34.120.135.53 34.120.135.53	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	63.33.97.132 63.33.97.132	16509 (AMAZON-02) (AMAZON-02)
2 8	2a02:2638:3::c 2a02:2638:3::c	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1	162.19.138.117 162.19.138.117	16276 (OVH) (OVH)
1 2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2001	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2004	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:46::45 2620:1ec:46::45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4 10	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	54.216.59.119 54.216.59.119	16509 (AMAZON-02) (AMAZON-02)
2	151.101.129.108 151.101.129.108	54113 (FASTLY) (FASTLY)
3	151.101.193.108 151.101.193.108	54113 (FASTLY) (FASTLY)
6	95.101.149.233 95.101.149.233	() ()
1	13.32.27.45 13.32.27.45	() ()
1	95.101.148.20 95.101.148.20	() ()
1	52.18.35.108 52.18.35.108	() ()
1 2	185.86.139.101 185.86.139.101	() ()
2 9	104.18.27.193 104.18.27.193	() ()
2 2	23.201.255.110 23.201.255.110	() ()
3	23.32.184.192 23.32.184.192	() ()
1	2600:9000:223... 2600:9000:223f:8600:1f:4c18:bd40:93a1	() ()
1	77.245.57.72 77.245.57.72	() ()
1	34.228.176.115 34.228.176.115	() ()
2 2	216.52.2.86 216.52.2.86	() ()
2 2	193.0.160.130 193.0.160.130	() ()
1	69.166.1.34 69.166.1.34	() ()
1 1	145.40.97.67 145.40.97.67	() ()
3	3.71.149.231 3.71.149.231	() ()
1	18.156.141.126 18.156.141.126	() ()
1 1	23.212.88.20 23.212.88.20	() ()
3	69.173.144.165 69.173.144.165	() ()
1 2	198.47.127.19 198.47.127.19	() ()
5 6	172.217.16.194 172.217.16.194	() ()
3	35.71.131.137 35.71.131.137	() ()
1 1	34.95.81.168 34.95.81.168	() ()
2 2	2620:116:800d... 2620:116:800d:21:e365:4988:e8a7:3270	() ()
2 2	3.120.0.219 3.120.0.219	() ()
1 2	2a02:fa8:8806... 2a02:fa8:8806:20::2040	() ()
6	34.247.233.198 34.247.233.198	() ()
3 5	18.196.230.223 18.196.230.223	() ()
4 4	37.157.3.30 37.157.3.30	() ()
2	2a05:d018:d29... 2a05:d018:d29:3605:290e:3f93:cc5a:81f7	() ()
1	52.212.215.149 52.212.215.149	() ()
1 1	208.93.169.131 208.93.169.131	() ()
2 2	151.101.66.49 151.101.66.49	() ()
2 2	185.184.8.90 185.184.8.90	() ()
1 1	178.250.1.9 178.250.1.9	() ()
10	185.64.191.210 185.64.191.210	() ()
1 1	85.114.159.118 85.114.159.118	() ()
1 1	35.214.230.141 35.214.230.141	() ()
1	72.251.241.204 72.251.241.204	() ()
1	35.186.193.173 35.186.193.173	() ()
1	195.5.165.20 195.5.165.20	() ()
2 2	34.111.129.221 34.111.129.221	() ()
1	34.111.131.239 34.111.131.239	() ()
1	34.91.62.186 34.91.62.186	() ()
1	98.98.134.242 98.98.134.242	() ()
1 1	134.122.57.34 134.122.57.34	() ()
1	2600:9000:211... 2600:9000:211e:ea00:1b:5138:8a40:93a1	() ()
2 2	31.172.81.159 31.172.81.159	() ()
215	65

12 2606:4700:3035::ac43:b70e (United States)

ASN13335 (CLOUDFLARENET, US)

wheregoes.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:e2::ac40:8820 (United States)

ASN13335 (CLOUDFLARENET, US)

api.fouanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.139.128.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: map3.hwcdn.net

cdn4.buysellads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 64.227.38.224 (Slough, United Kingdom)

ASN14061 (DIGITALOCEAN-ASN, US)
PTR: srv-eu-ldn-17.buysellads.com

srv.buysellads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.210.78.166 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-210-78-166.eu-west-1.compute.amazonaws.com

hb-api.omnitagjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:2638:3::7 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

bidder.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.63.153 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 153.63.120.34.bc.googleusercontent.com

prebid.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 34.254.59.116 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-59-116.eu-west-1.compute.amazonaws.com

ads.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.253 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: ip253.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.251.14.3 (United States)

ASN14744 (INTERNAP-BLOCK-4, US)
PTR: 3.14.251.63.unassigned.ord.singlehop.net

ap.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2602:803:c003:200::21 (Amsterdam, Netherlands)

ASN26667 (RUBICONPROJECT, US)

fastlane.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

19 37.252.172.123 (Frankfurt am Main, Germany) 3 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fra1-ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:2638:3::3 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

static.criteo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 65.9.66.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-104.fra56.r.cloudfront.net

tags.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2250:6000:a:e047:753:6381 (United States)

ASN16509 (AMAZON-02, US)

cdn.prod.uidapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.146.192 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.146.102.34.bc.googleusercontent.com

oa.openxcdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:3456 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5514 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.120.135.53 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 53.135.120.34.bc.googleusercontent.com

oajs.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.33.97.132 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-33-97-132.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a02:2638:3::c (France) 2 redirects

ASN44788 (ASN-CRITEO-EUROPE, FR)

gum.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mug.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.117 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31533568.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

google-bidout-d.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

adsdk.microsoft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2620:1ec:c11::200 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.216.59.119 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com

s.update.ib.adnxs.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.129.108 (United States)

ASN54113 (FASTLY, US)

cdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.101.193.108 (United States)

ASN54113 (FASTLY, US)

acdn.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 95.101.149.233 (None, )

ASN- ()

eus.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.45 (None, )

ASN- ()

public.servenobid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 95.101.148.20 (None, )

ASN- ()

contextual.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.18.35.108 (None, )

ASN- ()

g2.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.86.139.101 (None, ) 1 redirects

ASN- ()

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 104.18.27.193 (None, ) 2 redirects

ASN- ()

ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
dsum.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.201.255.110 (None, ) 2 redirects

ASN- ()

secure-assets.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.32.184.192 (None, )

ASN- ()

ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223f:8600:1f:4c18:bd40:93a1 (None, )

ASN- ()

cs-rtb.minutemedia-prebid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 77.245.57.72 (None, )

ASN- ()

sync.adkernel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.228.176.115 (None, )

ASN- ()

cs-server-s2s.yellowblue.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.52.2.86 (None, ) 2 redirects

ASN- ()

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 193.0.160.130 (None, ) 2 redirects

ASN- ()

p.rfihub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.166.1.34 (None, )

ASN- ()

sync.go.sonobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.40.97.67 (None, ) 1 redirects

ASN- ()

prebid.a-mo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.71.149.231 (None, )

ASN- ()

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.156.141.126 (None, )

ASN- ()

match.sharethrough.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.212.88.20 (None, ) 1 redirects

ASN- ()

hbx.media.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 69.173.144.165 (None, )

ASN- ()

token.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (None, ) 1 redirects

ASN- ()

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.217.16.194 (None, ) 5 redirects

ASN- ()

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.71.131.137 (None, )

ASN- ()

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.81.168 (None, ) 1 redirects

ASN- ()

euexchangesync.digitaleast.mobi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:116:800d:21:e365:4988:e8a7:3270 (None, ) 2 redirects

ASN- ()

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.0.219 (None, ) 2 redirects

ASN- ()

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:fa8:8806:20::2040 (None, ) 1 redirects

ASN- ()

casale-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.247.233.198 (None, )

ASN- ()

usersync.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.196.230.223 (None, ) 3 redirects

ASN- ()

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.3.30 (None, ) 4 redirects

ASN- ()

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3605:290e:3f93:cc5a:81f7 (None, )

ASN- ()

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.215.149 (None, )

ASN- ()

ad.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.93.169.131 (None, ) 1 redirects

ASN- ()

bh.contextweb.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.66.49 (None, ) 2 redirects

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.184.8.90 (None, ) 2 redirects

ASN- ()

creativecdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.1.9 (None, ) 1 redirects

ASN- ()

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.64.191.210 (None, )

ASN- ()

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.118 (None, ) 1 redirects

ASN- ()

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.214.230.141 (None, ) 1 redirects

ASN- ()

csync.loopme.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.251.241.204 (None, )

ASN- ()

cm.adgrx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (None, )

ASN- ()

ipac.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 195.5.165.20 (None, )

ASN- ()

core.iprom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.129.221 (None, ) 2 redirects

ASN- ()

cr.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.131.239 (None, )

ASN- ()

idsync.frontend.weborama.fr	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.91.62.186 (None, )

ASN- ()

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 98.98.134.242 (None, )

ASN- ()

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 134.122.57.34 (None, ) 1 redirects

ASN- ()

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:ea00:1b:5138:8a40:93a1 (None, )

ASN- ()

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.172.81.159 (None, ) 2 redirects

ASN- ()

sync.bumlam.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
24	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 261 secure.adnxs.com — Cisco Umbrella Rank: 542 fra1-ib.adnxs.com — Cisco Umbrella Rank: 7911 cdn.adnxs.com — Cisco Umbrella Rank: 2045 acdn.adnxs.com — Cisco Umbrella Rank: 663	140 KB
18	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 108 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 157	162 KB
15	pubmatic.com 1 redirects ads.pubmatic.com image6.pubmatic.com simage2.pubmatic.com image2.pubmatic.com	35 KB
15	doubleclick.net 5 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 214 cm.g.doubleclick.net	190 KB
14	rubiconproject.com 2 redirects fastlane.rubiconproject.com — Cisco Umbrella Rank: 563 eus.rubiconproject.com secure-assets.rubiconproject.com token.rubiconproject.com	38 KB
12	wheregoes.com wheregoes.com	159 KB
11	servenobid.com ads.servenobid.com — Cisco Umbrella Rank: 2878 public.servenobid.com	8 KB
10	bing.com 4 redirects www.bing.com — Cisco Umbrella Rank: 75	23 KB
10	criteo.com 3 redirects bidder.criteo.com — Cisco Umbrella Rank: 895 gum.criteo.com — Cisco Umbrella Rank: 478 mug.criteo.com — Cisco Umbrella Rank: 2541 dis.criteo.com	15 KB
9	casalemedia.com 2 redirects ssum-sec.casalemedia.com dsum-sec.casalemedia.com dsum.casalemedia.com	6 KB
7	gumgum.com g2.gumgum.com usersync.gumgum.com rtb.gumgum.com Failed	3 KB
6	adnxs.net s.update.ib.adnxs.net — Cisco Umbrella Rank: 7767	50 KB
5	bidswitch.net 3 redirects x.bidswitch.net	1 KB
5	yahoo.com ups.analytics.yahoo.com pr-bh.ybp.yahoo.com	581 B
4	adform.net 4 redirects c1.adform.net	3 KB
4	openx.net 2 redirects oajs.openx.net — Cisco Umbrella Rank: 1906 google-bidout-d.openx.net — Cisco Umbrella Rank: 1919 us-u.openx.net	959 B
4	lijit.com 2 redirects ap.lijit.com — Cisco Umbrella Rank: 754 ce.lijit.com	2 KB
3	weborama.fr 2 redirects cr.frontend.weborama.fr idsync.frontend.weborama.fr	898 B
3	adsrvr.org match.adsrvr.org	445 B
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 223	177 KB
3	crwdcntrl.net tags.crwdcntrl.net — Cisco Umbrella Rank: 1164 bcp.crwdcntrl.net — Cisco Umbrella Rank: 1073 sync.crwdcntrl.net	12 KB
3	criteo.net static.criteo.net — Cisco Umbrella Rank: 728	73 KB
3	onetag-sys.com onetag-sys.com — Cisco Umbrella Rank: 913	361 B
3	media.net 1 redirects prebid.media.net — Cisco Umbrella Rank: 1420 contextual.media.net hbx.media.net	11 KB
3	fouanalytics.com api.fouanalytics.com — Cisco Umbrella Rank: 11499	7 KB
2	bumlam.com 2 redirects sync.bumlam.com	1 KB
2	creativecdn.com 2 redirects creativecdn.com	701 B
2	everesttech.net 2 redirects sync-tm.everesttech.net	644 B
2	dotomi.com 1 redirects casale-match.dotomi.com pubmatic-match.dotomi.com	285 B
2	w55c.net 2 redirects pm.w55c.net	1 KB
2	quantserve.com 2 redirects cms.quantserve.com	996 B
2	rfihub.com 2 redirects p.rfihub.com	2 KB
2	smartadserver.com 1 redirects ssbsync.smartadserver.com	1 KB
2	microsoft.com adsdk.microsoft.com — Cisco Umbrella Rank: 4847	72 KB
2	id5-sync.com cdn.id5-sync.com — Cisco Umbrella Rank: 1156 id5-sync.com — Cisco Umbrella Rank: 470	30 KB
1	smaato.net s.ad.smaato.net	241 B
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	555 B
1	sitescout.com pixel-sync.sitescout.com	187 B
1	simpli.fi um.simpli.fi	610 B
1	iprom.net core.iprom.net	277 B
1	ctnsnet.com ipac.ctnsnet.com	369 B
1	adgrx.com cm.adgrx.com	283 B
1	loopme.me 1 redirects csync.loopme.me	225 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	524 B
1	contextweb.com 1 redirects bh.contextweb.com	540 B
1	360yield.com ad.360yield.com	199 B
1	digitaleast.mobi 1 redirects euexchangesync.digitaleast.mobi	244 B
1	sharethrough.com match.sharethrough.com	35 B
1	a-mo.net 1 redirects prebid.a-mo.net	156 B
1	sonobi.com sync.go.sonobi.com	399 B
1	yellowblue.io cs-server-s2s.yellowblue.io	370 B
1	adkernel.com sync.adkernel.com	160 B
1	minutemedia-prebid.com cs-rtb.minutemedia-prebid.com	524 B
1	google.com www.google.com — Cisco Umbrella Rank: 2	1 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 373	1 KB
1	openxcdn.net oa.openxcdn.net — Cisco Umbrella Rank: 2118	8 KB
1	uidapi.com cdn.prod.uidapi.com — Cisco Umbrella Rank: 2931	3 KB
1	omnitagjs.com hb-api.omnitagjs.com — Cisco Umbrella Rank: 3692	845 B
1	buysellads.com srv.buysellads.com — Cisco Umbrella Rank: 23867	720 B
1	buysellads.net cdn4.buysellads.net — Cisco Umbrella Rank: 23960	141 KB
0	admanmedia.com Failed cs.admanmedia.com Failed
0	audrte.com Failed a.audrte.com Failed
0	onaudience.com Failed pixel-eu.onaudience.com Failed
0	mrtnsvr.com Failed ad.mrtnsvr.com Failed
0	opera.com Failed t.adx.opera.com Failed
0	bidr.io Failed match.prod.bidr.io Failed
0	sportradarserving.com Failed a.sportradarserving.com Failed
0	socdm.com Failed tg.socdm.com Failed
0	zemanta.com Failed b1sync.zemanta.com Failed
0	deepintent.com Failed match.deepintent.com Failed
0	ipredictive.com Failed sync.ipredictive.com Failed
0	stackadapt.com Failed sync.srv.stackadapt.com Failed
0	amazon-adsystem.com Failed s.amazon-adsystem.com Failed aax-eu.amazon-adsystem.com Failed
0	disqus.com Failed ssp.disqus.com Failed
0	turn.com Failed ad.turn.com Failed
215	75

	Domain	Requested by
12	wheregoes.com	wheregoes.com
10	www.bing.com	4 redirects 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
10	ads.servenobid.com	cdn4.buysellads.net public.servenobid.com ssum-sec.casalemedia.com g2.gumgum.com ads.pubmatic.com ssbsync.smartadserver.com
9	securepubads.g.doubleclick.net	cdn4.buysellads.net securepubads.g.doubleclick.net wheregoes.com 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com www.googletagservices.com
8	tpc.googlesyndication.com	securepubads.g.doubleclick.net 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com tpc.googlesyndication.com
8	ib.adnxs.com	2 redirects cdn4.buysellads.net acdn.adnxs.com
7	pagead2.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
6	simage2.pubmatic.com	ads.pubmatic.com
6	usersync.gumgum.com	g2.gumgum.com
6	cm.g.doubleclick.net	5 redirects g2.gumgum.com
6	eus.rubiconproject.com	cdn4.buysellads.net eus.rubiconproject.com public.servenobid.com g2.gumgum.com
6	s.update.ib.adnxs.net	secure.adnxs.com s.update.ib.adnxs.net
6	fra1-ib.adnxs.com	secure.adnxs.com cdn.adnxs.com
6	gum.criteo.com	2 redirects static.criteo.net secure.adnxs.com
5	x.bidswitch.net	3 redirects g2.gumgum.com ssbsync.smartadserver.com
5	dsum-sec.casalemedia.com	1 redirects ssum-sec.casalemedia.com
5	secure.adnxs.com	1 redirects 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com secure.adnxs.com
4	image2.pubmatic.com	ads.pubmatic.com
4	c1.adform.net	4 redirects
3	match.adsrvr.org	ssum-sec.casalemedia.com g2.gumgum.com ads.pubmatic.com
3	token.rubiconproject.com	eus.rubiconproject.com
3	ups.analytics.yahoo.com	public.servenobid.com ads.pubmatic.com
3	ads.pubmatic.com	public.servenobid.com g2.gumgum.com ads.pubmatic.com
3	ssum-sec.casalemedia.com	1 redirects public.servenobid.com ssum-sec.casalemedia.com
3	acdn.adnxs.com	4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com cdn4.buysellads.net
3	www.googletagservices.com	securepubads.g.doubleclick.net 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
3	4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
3	static.criteo.net	securepubads.g.doubleclick.net cdn4.buysellads.net static.criteo.net
3	fastlane.rubiconproject.com	cdn4.buysellads.net
3	onetag-sys.com	cdn4.buysellads.net public.servenobid.com
3	api.fouanalytics.com	wheregoes.com api.fouanalytics.com
2	sync.bumlam.com	2 redirects
2	cr.frontend.weborama.fr	2 redirects
2	creativecdn.com	2 redirects
2	sync-tm.everesttech.net	2 redirects ads.pubmatic.com
2	pr-bh.ybp.yahoo.com	g2.gumgum.com ads.pubmatic.com
2	pm.w55c.net	2 redirects
2	cms.quantserve.com	2 redirects
2	image6.pubmatic.com	1 redirects ads.pubmatic.com
2	p.rfihub.com	2 redirects
2	ce.lijit.com	2 redirects
2	secure-assets.rubiconproject.com	2 redirects
2	ssbsync.smartadserver.com	1 redirects public.servenobid.com
2	cdn.adnxs.com	secure.adnxs.com
2	adsdk.microsoft.com	secure.adnxs.com
2	mug.criteo.com
2	oajs.openx.net	1 redirects
2	ap.lijit.com	cdn4.buysellads.net public.servenobid.com
1	s.ad.smaato.net	ssbsync.smartadserver.com
1	match.adsby.bidtheatre.com	1 redirects
1	pubmatic-match.dotomi.com	ads.pubmatic.com
1	pixel-sync.sitescout.com	ads.pubmatic.com
1	um.simpli.fi	ads.pubmatic.com
1	idsync.frontend.weborama.fr	ads.pubmatic.com
1	sync.crwdcntrl.net	ads.pubmatic.com
1	core.iprom.net	ads.pubmatic.com
1	ipac.ctnsnet.com	ads.pubmatic.com
1	cm.adgrx.com	ads.pubmatic.com
1	csync.loopme.me	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	dis.criteo.com	1 redirects
1	bh.contextweb.com	1 redirects
1	ad.360yield.com	g2.gumgum.com
1	us-u.openx.net	1 redirects
1	dsum.casalemedia.com	ssum-sec.casalemedia.com
1	casale-match.dotomi.com	1 redirects
1	euexchangesync.digitaleast.mobi	1 redirects
1	hbx.media.net	1 redirects
1	match.sharethrough.com	public.servenobid.com
1	prebid.a-mo.net	1 redirects
1	sync.go.sonobi.com	public.servenobid.com
1	cs-server-s2s.yellowblue.io	public.servenobid.com
1	sync.adkernel.com	public.servenobid.com
1	cs-rtb.minutemedia-prebid.com	public.servenobid.com
1	g2.gumgum.com	public.servenobid.com
1	contextual.media.net	cdn4.buysellads.net
1	public.servenobid.com	cdn4.buysellads.net
1	www.google.com	tpc.googlesyndication.com
1	google-bidout-d.openx.net	oa.openxcdn.net
1	id5-sync.com	cdn.id5-sync.com
1	bcp.crwdcntrl.net	tags.crwdcntrl.net
1	cdn.jsdelivr.net	securepubads.g.doubleclick.net
1	cdn.id5-sync.com	securepubads.g.doubleclick.net
1	oa.openxcdn.net	securepubads.g.doubleclick.net
1	cdn.prod.uidapi.com	securepubads.g.doubleclick.net
1	tags.crwdcntrl.net	securepubads.g.doubleclick.net
1	prebid.media.net	cdn4.buysellads.net
1	bidder.criteo.com	cdn4.buysellads.net
1	hb-api.omnitagjs.com	cdn4.buysellads.net
1	srv.buysellads.com	cdn4.buysellads.net
1	cdn4.buysellads.net	wheregoes.com
0	cs.admanmedia.com Failed	ssbsync.smartadserver.com
0	a.audrte.com Failed	ads.pubmatic.com
0	pixel-eu.onaudience.com Failed	ads.pubmatic.com
0	ad.mrtnsvr.com Failed	ads.pubmatic.com
0	t.adx.opera.com Failed	ads.pubmatic.com
0	match.prod.bidr.io Failed	ads.pubmatic.com
0	a.sportradarserving.com Failed	ads.pubmatic.com
0	aax-eu.amazon-adsystem.com Failed	ads.pubmatic.com
0	tg.socdm.com Failed	g2.gumgum.com
0	rtb.gumgum.com Failed	g2.gumgum.com
0	b1sync.zemanta.com Failed	g2.gumgum.com ads.pubmatic.com
0	match.deepintent.com Failed	g2.gumgum.com
0	sync.ipredictive.com Failed	g2.gumgum.com
0	sync.srv.stackadapt.com Failed	g2.gumgum.com ads.pubmatic.com
0	s.amazon-adsystem.com Failed	ssum-sec.casalemedia.com ssbsync.smartadserver.com
0	ssp.disqus.com Failed	public.servenobid.com
0	ad.turn.com Failed	public.servenobid.com ads.pubmatic.com
215	108

This site contains links to these domains. Also see Links.

Domain
twitter.com

Subject Issuer	Validity	Valid
wheregoes.com GTS CA 1P5	`2023-10-15` - `2024-01-13`	3 months	crt.sh
fouanalytics.com E1	`2023-09-09` - `2023-12-08`	3 months	crt.sh
cdn4.buysellads.net R3	`2023-09-19` - `2023-12-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.buysellads.com Sectigo RSA Domain Validation Secure Server CA	`2023-05-25` - `2024-06-24`	a year	crt.sh
omnitagjs.com Sectigo RSA Domain Validation Secure Server CA	`2023-06-23` - `2024-07-22`	a year	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2023-12-23`	3 months	crt.sh
prebid.media.net GTS CA 1D4	`2023-08-31` - `2023-11-29`	3 months	crt.sh
ads.servenobid.com Amazon RSA 2048 M01	`2023-04-29` - `2024-05-27`	a year	crt.sh
*.onetag-sys.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-12-28` - `2024-01-28`	a year	crt.sh
*.lijit.com Go Daddy Secure Certificate Authority - G2	`2023-05-06` - `2024-05-04`	a year	crt.sh
*.rubiconproject.com DigiCert TLS RSA SHA256 2020 CA1	`2023-03-05` - `2024-04-03`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2023-02-13` - `2024-03-15`	a year	crt.sh
*.criteo.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-09` - `2024-01-06`	3 months	crt.sh
*.crwdcntrl.net Amazon RSA 2048 M01	`2023-10-08` - `2024-11-05`	a year	crt.sh
cdn.prod.uidapi.com R3	`2023-08-10` - `2023-11-08`	3 months	crt.sh
oa.openxcdn.net GTS CA 1D4	`2023-09-25` - `2023-12-24`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-07` - `2024-05-06`	a year	crt.sh
*.id5-sync.com R3	`2023-09-01` - `2023-11-30`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
adsdk.microsoft.com Microsoft Azure TLS Issuing CA 02	`2023-10-11` - `2024-04-08`	6 months	crt.sh
post.update.ib.adnxs.net R3	`2023-10-07` - `2024-01-05`	3 months	crt.sh
cdn.adnxs.com GeoTrust TLS RSA CA G1	`2023-03-27` - `2024-04-26`	a year	crt.sh
www.bing.com Microsoft Azure TLS Issuing CA 05	`2023-07-26` - `2024-01-22`	6 months	crt.sh
*.servenobid.com Amazon RSA 2048 M02	`2023-02-21` - `2024-02-05`	a year	crt.sh
*.media.net DigiCert TLS RSA SHA256 2020 CA1	`2023-02-10` - `2024-02-18`	a year	crt.sh
ie-ad-exch-prd-one-eks.prd.eks.ie.adexchange.gumgum.com Amazon RSA 2048 M01	`2023-07-17` - `2024-08-14`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
casalemedia.com Cloudflare Inc ECC CA-3	`2023-05-21` - `2024-05-20`	a year	crt.sh
*.pubmatic.com DigiCert TLS RSA SHA256 2020 CA1	`2023-01-25` - `2024-01-24`	a year	crt.sh
*.minutemedia-prebid.com Amazon RSA 2048 M01	`2023-05-01` - `2024-05-29`	a year	crt.sh
*.adkernel.com AlphaSSL CA - SHA256 - G4	`2023-01-03` - `2024-02-04`	a year	crt.sh
*.yellowblue.io Amazon ECDSA 256 M02	`2023-04-18` - `2024-05-16`	a year	crt.sh
*.go.sonobi.com Go Daddy Secure Certificate Authority - G2	`2022-12-06` - `2024-01-07`	a year	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-03` - `2024-01-24`	6 months	crt.sh
*.sharethrough.com Amazon RSA 2048 M01	`2023-06-14` - `2024-07-12`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2023-04-12` - `2024-05-13`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2023-08-29` - `2024-02-21`	6 months	crt.sh
*.360yield.com Amazon RSA 2048 M01	`2023-05-29` - `2024-06-26`	a year	crt.sh
*.ad-server.k8s.ie.ggops.com Amazon RSA 2048 M02	`2023-02-08` - `2024-02-15`	a year	crt.sh
public1.adgear.com Sectigo RSA Domain Validation Secure Server CA	`2023-03-03` - `2024-03-31`	a year	crt.sh
*.ctnsnet.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-13` - `2024-11-10`	a year	crt.sh
*.iprom.net R3	`2023-08-16` - `2023-11-14`	3 months	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2022-11-07` - `2023-12-08`	a year	crt.sh
*.sitescout.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2023-01-09` - `2024-02-02`	a year	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2023-08-15` - `2024-09-15`	a year	crt.sh
s.ad.smaato.net Amazon RSA 2048 M03	`2023-09-04` - `2024-10-02`	a year	crt.sh

This page contains 55 frames:

Primary Page: https://wheregoes.com/trace/20234856657/
Frame ID: 7CB3E270BF21665B23BCB49D71EE11F9
Requests: 46 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=wheregoes.com
Frame ID: C5DF51572BA57310054D41EFDF99A0B6
Requests: 2 HTTP requests in this frame

Frame: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Frame ID: B303878583DD2D3C224B591977736D44
Requests: 1 HTTP requests in this frame

Frame: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 3F84B69E21E8C8A0B5968C5F4C7C8F8A
Requests: 1 HTTP requests in this frame

Frame: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: C1FECA1745391B7844C5E37FAE8D7295
Requests: 25 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvduxSeH9iLXgxPT5MeuWkeiOKI_0sWKWx7wNSgWKrkNM2_geAeC6-Db9geDMCJHwh2kGqlVnCbY4une0Tfv0aMsGovNxpO_fyD7aCH3DgbVIRLzLMlblHMLoiDEUWXDw0hi53emgYgStgCT6Qhno_gW7F6-IpNhXIL09xloVXQ6ck9mCybt-Fw_LABcKE8NhSMRacbap78qJSmf59bVbvoqeboq0uyJeMiFDxs937tTSXSGHNH5OwaOBplXd1XCRN6KPcOfsyWtOwQJ5v4FrxA4pyEG1GNjvVN7F9PNqA1c5B_TCY6NmpAZXP2CKjaAdY66rbbF5htB0GvQ5xan7BFbzI4iA&sai=AMfl-YQKdo1nSvEF_0k6HvfyNZzJGhBagG4Myamk2ERYTTlotyQhxFcH3w7XFtL3menpjfcnL0c8xB_iuVYBYl3vwUcw0YTRlZ7Upw5fugmo5MQ1Nd-_XiO50NXs7ao46q67nSg9AOgTMX433mZr97A&sig=Cg0ArKJSzFuREJexZ-dvEAE&uach_m=[UACH]&adurl=
Frame ID: 7F9293F282FA893A424369AF04701E4C
Requests: 8 HTTP requests in this frame

Frame: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: EEC31080748943D50007232143D589FA
Requests: 18 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 37403A58BF46CFF2093BDFED9E9FD128
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 409C30CD7522656B6D7C5DC2367E3AC6
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=8394&pub_id=1070141
Frame ID: A44CEE4CABA5E84E686892985B03DC38
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=8394&pub_id=1070141
Frame ID: 7097A81E7E0E688E6CEEA2ADF559F7F8
Requests: 3 HTTP requests in this frame

Frame: blob://https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/29b4f9cb-d10c-43b6-bf14-b540ccf0686c
Frame ID: 01B57F6983016AFECCAA5F0AC676DE32
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?origin=publishertag&topUrl=wheregoes.com
Frame ID: BFAD13546B95BEC2DD1AF12BD6B3AC69
Requests: 2 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 3C5E331B9C42C8620811AD70E538AE61
Requests: 2 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: C6C3311395A980679EA739D8C0C0B5DE
Requests: 3 HTTP requests in this frame

Frame: https://public.servenobid.com/sync.html
Frame ID: 8E0B428E3600370A2C3FE0443EB44BB0
Requests: 13 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1697508731473
Frame ID: 675206A86AB47BDBC615F0E7BC2F2E01
Requests: 1 HTTP requests in this frame

Frame: https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C407%2C2011%2C2055%2C2099%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1
Frame ID: 5A8678DCDD84B7326F07C2EBF4BE0861
Requests: 1 HTTP requests in this frame

Frame: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Frame ID: 58C1C35168E7FFA1E525CC0484817710
Requests: 13 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D
Frame ID: 7B7A34C32379701862F3D5CF6B3C50D7
Requests: 1 HTTP requests in this frame

Frame: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Frame ID: EC6C1C77E745773BEED9D57E9286A94C
Requests: 6 HTTP requests in this frame

Frame: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Frame ID: 334D30320E75E188EF27B5532719579C
Requests: 10 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
Frame ID: 8946F96368FD1A329084ECFE238EE471
Requests: 3 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Frame ID: 7168C566C319A136A94F8850EEB79571
Requests: 17 HTTP requests in this frame

Frame: https://cs-rtb.minutemedia-prebid.com/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D348%26uid%3D%7BpartnerId%7D
Frame ID: B9038900AD4F855DC3572F081AFFB550
Requests: 1 HTTP requests in this frame

Frame: https://sync.adkernel.com/user-sync?zone=181225&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D152%26uid%3D%7BUID%7D&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Frame ID: BD57D2542A7A77FA84FFB51592E8A6DB
Requests: 1 HTTP requests in this frame

Frame: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D352%26uid%3D%7BpartnerId%7D
Frame ID: D65D187799A3D40BB38A8D0B4536EF84
Requests: 1 HTTP requests in this frame

Frame: https://rtb.gumgum.com/usersync?b=adf&i=8511601196041892094&gdpr=0&gdpr_consent=
Frame ID: C82D17F853611AE4AF1FB8E2D5905106
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=atm&i=ZS3tfwAYdIZsoQAb&gdpr=0&gdpr_consent=&_test=ZS3tfwAYdIZsoQAb
Frame ID: 247377BBFF967983FE78BD87F006BAF6
Requests: 1 HTTP requests in this frame

Frame: https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9iZTE0OTlmOS01NDM5LTQyNzQtOTQ3NS00YzAwNTE4ZTA3NWE=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv
Frame ID: 98E3660D6AD523FC1EA54B629A55CB1D
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Frame ID: 8193E43AFBEC616BFA69D9F30B082655
Requests: 1 HTTP requests in this frame

Frame: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Frame ID: 49E0EB951C72592BB8EC39D75FD74C73
Requests: 1 HTTP requests in this frame

Frame: https://tg.socdm.com/aux/idsync?proto=gumgum
Frame ID: 86F0F1A3D5C655CAA61A486916BB2030
Requests: 1 HTTP requests in this frame

Frame: https://usersync.gumgum.com/usersync?b=rth&i=B3OBu39DDSC0aWlODxJZ&pi=gumgum&tc=1
Frame ID: 2F21A99F6F718D211DA7F71FDD2767C6
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html?p=gumgum
Frame ID: 8979E9E8CB617A996671A07EAD2BCBB2
Requests: 3 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Frame ID: 368D6712A23B2DF0D1584F3C4A259D24
Requests: 1 HTTP requests in this frame

Frame: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=0959BBFA-6D39-4254-96CF-1F6775E7FC0B&redir=true&gdpr=0&gdpr_consent=&dcc=t
Frame ID: 98FEDB87FD2AE802FB9A8AA555EA455D
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=C7Q5J1jlPCUQsj4lDrAmJw61MnUQsGl3Befosyp7
Frame ID: A215BF72BFFC9467FEA05FD8EB7A49BA
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6489196053422144956&gdpr=0&gdpr_consent=
Frame ID: 869DC1F0E993EE6D7EA8AEC172A757D0
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7290744501505620122&gdpr=0&gdpr_consent=
Frame ID: 480EE9AF670F49586600BE2D6C9DE32F
Requests: 1 HTTP requests in this frame

Frame: https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic
Frame ID: 9B7D57AFCFCA7F017259C0592893EA08
Requests: 1 HTTP requests in this frame

Frame: https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=
Frame ID: 0D38F36E76FE2F149BE7D10A29EBBDAF
Requests: 1 HTTP requests in this frame

Frame: https://b1sync.zemanta.com/usersync/pubmatic/?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDMmdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
Frame ID: 993557DCA469605409AFF0FAEEA032D6
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZS3tfwAVOaD-gwA4
Frame ID: DAD47FEC1EA838A590A2D31A7280B764
Requests: 1 HTTP requests in this frame

Frame: https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=
Frame ID: 4AADADD5B0D6EA61711D77A7E2E5E662
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Frame ID: E8F33B7D7C8248445F22237AB5735660
Requests: 1 HTTP requests in this frame

Frame: https://t.adx.opera.com/pub/sync?pubid=pub8730968190912
Frame ID: F83F03C416F2808A1C428B002377BD98
Requests: 1 HTTP requests in this frame

Frame: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Frame ID: EC83B86B727884DBAB9AD982CE87C7A6
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8692823271894421797
Frame ID: 87D809FC614D794D194D7C0729309FCC
Requests: 1 HTTP requests in this frame

Frame: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Frame ID: 777FC6195B78DBB93B10912127D63677
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5140084927756967657
Frame ID: B67B3EC7F30B2A9A7E4D089FF3F3F27A
Requests: 1 HTTP requests in this frame

Frame: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Frame ID: A055B3D46A97689A90DA46FE404D0E5F
Requests: 1 HTTP requests in this frame

Frame: https://ad.mrtnsvr.com/sync/pubmatic?gdpr=0&gdpr_consent=
Frame ID: 674E1FE14B9E785BC45D41DDFBAC76A0
Requests: 1 HTTP requests in this frame

Frame: https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=0&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25_rid%26gdpr%3D0%26gdpr_consent%3D%25_gdpr_consent
Frame ID: 3D5F3BFDEF9ECE3650AF893B389E69BC
Requests: 1 HTTP requests in this frame

Frame: https://ads.servenobid.com/sync?pid=316&uid=0959BBFA-6D39-4254-96CF-1F6775E7FC0B
Frame ID: 4B0EC474F4EC539E8397721B8C87A7CF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Trace Results | WhereGoes

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

MailChimp (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

<form [^>]*id="mc-embedded-subscribe-form"
<form [^>]*name="mc-embedded-subscribe-form"

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Prebid (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.com/[^"]*(?:prebid|/pb\.js)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

215
Requests

73 %
HTTPS

27 %
IPv6

75
Domains

108
Subdomains

65
IPs

6
Countries

1384 kB
Transfer

3802 kB
Size

12
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/WhereGoes_com
Title: Twitter

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 36

https://oajs.openx.net/esp?url=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&rid=esp HTTP 302
https://oajs.openx.net/esp?url=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&rid=esp&cc=1

Request Chain 40

https://gum.criteo.com/sid/json?origin=publishertagids&domain=wheregoes.com&sn=ChromeSyncframe&so=0&topUrl=wheregoes.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=5rNhgHxJTDgzSzJ0WkdudjN2MXUvaVBuaUFFTCtUbGdWRjVZNGZ5ZEJzb1J6TnFxakdJVWVNRzVja2YxemNqeS9IR25XSlRJWFgrSEc0OUlNeHJBRTFlcG5Oa2dVcHFKdkc5Z0FZdTg1bjV2bnZHYWN0NWp2UU8yZ0MzY1lFSnJhUm5zRHlwV2Uxb1M0RHpRdU53UUVKbXc1enJub1V4U0IvWWp6emFwaGFLZjdpOWcxblIzS0hQeFRQdTNHZmVGRVNra3lFVi9VTXF5QWZiSitCVTdPWndWRGJmcHZsVlVwTWFJc3lzRU8zL0JGRVhyUFNKckF4QW9vVklGaTdiVDcrbXZqdnBRaG1wWHdDQVBLSm1xcWdwRyt2Zz09fA&cppv=2

Request Chain 73

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=4d05e800-426d-40a3-be16-c961b929ca64&bidId=15000&bidderId=4&cmExpId=V7&oAdUnit=391466&publisherId=162645330&rId=8d363aaa-38c2-40ba-88df-75781eed25e4&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1-0%3F%26RG%3Dfb3e1a2f35af4e39821d7c8c7564c2b8%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=18678115&trafficGroup=knaqe_3c&trafficSubGroup=tqcecnff&aid=4842144214698405958 HTTP 303
https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=fb3e1a2f35af4e39821d7c8c7564c2b8&SNR=1&GV=2&med=10

Request Chain 78

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=308b0460-fa7a-4e95-b757-da1d38e10fb8&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=f7950f03-05c7-4d5d-8061-fecb92e42598&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1-0%3F%26RG%3Df764d49b02fd42eb99b3c2449e1f8e1c%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=18678115&trafficGroup=knaqe_3c&trafficSubGroup=knaqe_3c_pyvpxpbasvezngvba&aid=3001808996470542539 HTTP 303
https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=f764d49b02fd42eb99b3c2449e1f8e1c&SNR=1&GV=2&med=10

Request Chain 102

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=4d05e800-426d-40a3-be16-c961b929ca64&bidId=15000&bidderId=4&cmExpId=V7&oAdUnit=391466&publisherId=162645330&rId=8d363aaa-38c2-40ba-88df-75781eed25e4&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3Ftype%3Dmv%26reqver%3D1.0%26rg%3Dfb3e1a2f35af4e39821d7c8c7564c2b8%26tids%3D15000%26med%3D10&rtype=mvFeedbackURL&tagId=18678115&trafficGroup=knaqe_3c&trafficSubGroup=tqcecnff&aid=4842144214698405958 HTTP 303
https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=fb3e1a2f35af4e39821d7c8c7564c2b8&tids=15000&med=10

Request Chain 107

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=308b0460-fa7a-4e95-b757-da1d38e10fb8&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=f7950f03-05c7-4d5d-8061-fecb92e42598&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3Ftype%3Dmv%26reqver%3D1.0%26rg%3Df764d49b02fd42eb99b3c2449e1f8e1c%26tids%3D15000%26med%3D10&rtype=mvFeedbackURL&tagId=18678115&trafficGroup=knaqe_3c&trafficSubGroup=knaqe_3c_pyvpxpbasvezngvba&aid=3001808996470542539 HTTP 303
https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=f764d49b02fd42eb99b3c2449e1f8e1c&tids=15000&med=10

Request Chain 113

https://gum.criteo.com/sid/json?origin=publishertag&domain=wheregoes.com&sn=ChromeSyncframe&so=3&topUrl=wheregoes.com&bundle=afHZlF96ZFN5RzFKMFpYeGdBY2cxdThsSFo4Z0V2UXdBaiUyRjBTaE95N0ZoUzJsTFMlMkZ6a254NXZsSW5zenI4Sm5Ma3R3JTJGbkk5Yms4QW9IN1BUS0dtTXVhJTJCMkklMkJ2WDViVFFEemFWUmhlSDBxd2huOWRZZVoySlhUUEpQWGVMbHIlMkIybmtTOU44WFhQQUNmTlFHcmIxOCUyRlFIa3hvQSUzRCUzRA&cw=1&lsw=1&topicsavail=0&fledgeavail=0 HTTP 302
https://mug.criteo.com/sid?cpp=fqUNVXw0KzZ6UFladll3SDEwOExvUUhCQjZwSnlmREUzUjY5cDd1blFtYWhhRTNzQ0FNekhnUmdMQ0tLMGJLZGxQRWNURE5adVNWaW14elo3eTV2NUZpUGVZSVBkMnhpeWpwaG55UlhJZE84SC9ZQ0pzNS9OVkRvTnhMeEFTend2ak56QTh2THE3aG5PdUN3N2RIdmQrUThGRWUxOEZ3RWZLMkhwWjZsQ1N3eGlvV0ZCMXZ2VzNzRU9HL0NFdFZ3WHI4aWIraFhvaHFjQ3FwTC9PbkNTV0kwa09FSG5ISTZVbFlPMVFaR0J4N05TS0hPVERJeXJOT29iN0Fic0k1ZXQ0UTFROFlhSUNoMVNEWjlYNlBoWkFQU0c0akhGQ3JxUkE1NnNPM2J3cE5tSHIwQT18&cppv=2

Request Chain 124

https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D HTTP 302
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1

Request Chain 125

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=duration_media&endpoint=us-east HTTP 301
https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east

Request Chain 130

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID HTTP 302
https://ads.servenobid.com/sync?pid=312&uid=6489196053422144956

Request Chain 131

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D HTTP 302
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1 HTTP 302
https://ads.servenobid.com/sync?pid=310&uid=Hf6ksRZHFMV5DuskREOGMdtm

Request Chain 133

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1697508735130 HTTP 302
https://ad.turn.com/r/cs?pid=45&rndcb=8615226555

Request Chain 134

https://p.rfihub.com/cm?pub=44007&in=1 HTTP 302
https://ads.servenobid.com/sync?pid=324&uid=5140084927756967657

Request Chain 136

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D HTTP 302
https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1YN-&gdpr=0

Request Chain 141

https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D353%26uid%3D%3Cvsid%3E HTTP 302
https://ads.servenobid.com/sync?pid=353&uid=0000EEA

Request Chain 144

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZS3tf5Sc5DQZ2ai4pZ3OmQAA HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJZm49NkEFxUzr7juHqnZGs&google_cver=1

Request Chain 147

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZS3tf5Sc5DQZ2ai4pZ3OmQAABFQAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid= HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEBz5pvt9RGX3urrRQaQtW1Y&google_cver=1

Request Chain 148

https://euexchangesync.digitaleast.mobi/usersync/index.gif?us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid= HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=11&external_user_id=

Request Chain 149

https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=B0mr8FQYrvIcT6zyAk208AJIoKIcTfugCRoay7xp

Request Chain 150

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_ HTTP 302
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=6yj0YMBi1QSzz95

Request Chain 151

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1 HTTP 302
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1697595135

Request Chain 155

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID HTTP 302
https://usersync.gumgum.com/usersync?b=apn&i=6489196053422144956

Request Chain 156

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_be1499f9-5439-4274-9475-4c00518e075a&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_be1499f9-5439-4274-9475-4c00518e075a&gdpr=0&gdpr_consent=&us_privacy=1--- HTTP 302
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2 HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=gumgum2 HTTP 302
https://x.bidswitch.net/sync?dsp_id=70&user_id=332359993737586236&ssp=gumgum2

Request Chain 157

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D HTTP 302
https://usersync.gumgum.com/usersync?b=opx&i=d451ae72-8881-4076-9bb2-083084f3c1a0

Request Chain 164

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25 HTTP 302
https://usersync.gumgum.com/usersync?b=pln&i=9nFWGEsJY7iC&ev=1&pid=558355

Request Chain 165

https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent= HTTP 302
https://usersync.gumgum.com/usersync?b=sad&i=736215746470683770

Request Chain 167

https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=1301&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/usersync?b=adf&i=8511601196041892094&gdpr=0&gdpr_consent=

Request Chain 168

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=ZS3tfwAYdIZsoQAb HTTP 302
https://usersync.gumgum.com/usersync?b=atm&i=ZS3tfwAYdIZsoQAb&gdpr=0&gdpr_consent=&_test=ZS3tfwAYdIZsoQAb

Request Chain 173

https://creativecdn.com/cm-notify?pi=gumgum HTTP 302
https://creativecdn.com/cm-notify?pi=gumgum&tc=1 HTTP 302
https://usersync.gumgum.com/usersync?b=rth&i=B3OBu39DDSC0aWlODxJZ&pi=gumgum&tc=1

Request Chain 174

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum HTTP 301
https://eus.rubiconproject.com/usync.html?p=gumgum

Request Chain 176

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@ HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

Request Chain 177

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=0959BBFA-6D39-4254-96CF-1F6775E7FC0B&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=0959BBFA-6D39-4254-96CF-1F6775E7FC0B&redir=true&gdpr=0&gdpr_consent=&dcc=t

Request Chain 178

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=C7Q5J1jlPCUQsj4lDrAmJw61MnUQsGl3Befosyp7

Request Chain 179

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6489196053422144956&gdpr=0&gdpr_consent=

Request Chain 180

https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7290744501505620122&gdpr=0&gdpr_consent=

Request Chain 181

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic

Request Chain 184

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent= HTTP 302
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZS3tfwAVOaD-gwA4

Request Chain 186

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token} HTTP 307
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

Request Chain 189

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8692823271894421797

Request Chain 191

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5140084927756967657

Request Chain 194

https://green.erne.co/pubmatic/cm?gdpr=0&gdpr_consent= HTTP 302
https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=0&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25_rid%26gdpr%3D0%26gdpr_consent%3D%25_gdpr_consent

Request Chain 196

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CVm7-m05QlSWzx9ndef8Cw%3D%3D&gdpr=0&gdpr_consent= HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

Request Chain 198

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent= HTTP 307
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=2901374731 HTTP 302
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0 HTTP 302
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=0959BBFA-6D39-4254-96CF-1F6775E7FC0B

Request Chain 200

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MDk1OUJCRkEtNkQzOS00MjU0LTk2Q0YtMUY2Nzc1RTdGQzBC&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 201

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECvub0h5D5B3dYhtBsPj7t4&google_cver=1

Request Chain 203

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5935901323400979004

Request Chain 210

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:e8d58e32-9c1a-4701-9586-b7a22b1fb31c&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

Request Chain 213

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USER_ID&gdpr=0&gdpr_consent= HTTP 302
https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=736215746470683770&gdpr=0&gdpr_consent=

Request Chain 216

https://x.bidswitch.net/sync?ssp=smartadserver&gdpr=0&gdpr_consent= HTTP 302
https://sync.bumlam.com/?src=bsw2&bsw_ssp=smartadserver&bsw_param=dc586155-8272-4bd5-a588-deb2a44fe649&gdpr=0&gdpr_consent= HTTP 302
https://sync.bumlam.com/?src=bsw2&s_data=CAIQARj_2repBloJCgRnZHByEgEwWg4KDGdkcHJfY29uc2VudKIBEJdFpaxskhHuhuAAJZDAZHyqAQ1zbWFydGFkc2VydmVysgEkZGM1ODYxNTUtODI3Mi00YmQ1LWE1ODgtZGViMmE0NGZlNjQ5 HTTP 302
https://x.bidswitch.net/sync?dsp_id=476&user_id=9745a5ac-6c92-11ee-86e0-002590c0647c&expires=90&ssp=smartadserver&bsw_param=dc586155-8272-4bd5-a588-deb2a44fe649

215 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
wheregoes.com/trace/20234856657/ 16 KB
6 KB 155ms
115ms Document
text/html 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/trace/20234856657/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50facb17ffb363b5aace1b995bf49b53fa1d0504c480654f3c7d91d9eef97652

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 817503dbd9751c42-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 17 Oct 2023 02:12:10 GMT
fastcgi-cache: HIT
link: <https://wheregoes.com/?p=19>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yU1TXyJAeeIHvPvhWmI8CiYgqzD9XeLGwCxkddZuNonXdCFqQ0Beq63m1RdZr0EfL%2FGpG6z%2F2Ths%2BJmjDZbSfzj9A%2F4m1QiW5jpWvEmPN4mg7qmvlsPcOH3nj7cl7shf0cEWB5HtdH0ClSaK"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 autoptimize_36ce7b13a75e9e69c252317ad35b53f6.css
wheregoes.com/c/cache/autoptimize/css/ 244 KB
86 KB 20ms
17ms Stylesheet
text/css 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/c/cache/autoptimize/css/autoptimize_36ce7b13a75e9e69c252317ad35b53f6.css

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20234856657/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbf2413b9511bb70a14ab3712ba3e2c2d8974e3253f209a613c15f4257fbdac4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/trace/20234856657/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 615139
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 20:44:00 GMT
server: cloudflare
etag: W/"64e51e10-3d11a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5yLDCBrwcsj4Hi5EzK5kLDOBDa9yml5q9DaQ1NwvvzOX75MENICWdtDlyopQQhLinZzqjyweNeMJmHQddqZo2K1oCEV9BW7vQJ5c4ocRGKO4M2L1OEzRMscJVROVW%2FCO4BM%2B54t3cJLrGed"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 817503dc99c21c42-FRA
expires: Tue, 08 Oct 2024 22:22:48 GMT

GET
H2 200 jquery.min.js Show response
wheregoes.com/wp-includes/js/jquery/ 85 KB
31 KB 137ms
135ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/wp-includes/js/jquery/jquery.min.js?ver=202310170253

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20234856657/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/trace/20234856657/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 20:43:51 GMT
server: cloudflare
etag: W/"64e51e07-155ba"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vw5fUEIzcotico8XddMUq1xiZS7IKrwTCstijtLHI2T%2BMDS53R2kutmhn%2FuweBadSnAWkWRT5DvPVUStA11lhb%2BjFFvicIsvTCoMocPmdsNHipcDceFjquOqV9qEC0bQ76h1V2t1%2BSxYhz78"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 817503dc99c31c42-FRA
expires: Wed, 16 Oct 2024 02:00:14 GMT

GET
H2 200 jquery-migrate.min.js Show response
wheregoes.com/wp-includes/js/jquery/ 13 KB
5 KB 111ms
110ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=202310170253

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20234856657/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/trace/20234856657/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Aug 2023 20:43:51 GMT
server: cloudflare
etag: W/"64e51e07-3509"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0cxBTZCiuuwzZGC5dIsgpkmfgJHe0t%2BUoQ0w9frf20RGxKcYcZUQWHqG96onVI7phCliiHp69DfwzBVZjVDNw5fi5FhfEoTQWN1SJx09d4E0bfh5R63lVhU26Soy8anG83fL%2BPgt5PjSeIHE"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 817503dc99c41c42-FRA
expires: Wed, 16 Oct 2024 02:00:14 GMT

GET
H3 200 script.js Show response
wheregoes.com/js/ 1 KB
1 KB 18ms
18ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/js/script.js

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20234856657/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/trace/20234856657/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:10 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid: 885
age: 3122
x-cache: EXPIRED
cdn-cachedat: 10/17/2023 00:13:18
cdn-pullzone: 682664
cross-origin-resource-policy: cross-origin
application: 10.0.0.3
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 17 Oct 2023 00:59:52 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gF9s9BTwXLWhGpHiCBNTYO%2BZE8DSr9FvQHx0Kc5z4HfmE4eFDiiPz19XALGgeBVqRf%2FeigGZmZ3dBkqUiNjiz2N5qrYRKhPMyQ%2B3t1I89WlERREuTatMvS8ocPIFO4zfjZ%2BLSjXoPqlX5rrt"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: public, max-age=14400
permissions-policy: interest-cohort=()
cdn-requestid: 4a37a18ce1c64445e30f9fc19a0d637a
cf-ray: 817503dd6a5418e9-FRA
cdn-requestcountrycode: US
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 init-1144pc80p2fur20uadwq.js Show response
api.fouanalytics.com/api/ 318 B
727 B 218ms
179ms Script
text/javascript 2606:4700:e2::ac40:8820
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/api/init-1144pc80p2fur20uadwq.js
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/trace/20234856657/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8820 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb219638ce8dfdc9b52f6b6dd446cfeecdaff21a268da098fc4b52a5f2ef3fa5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:10 GMT
content-encoding: br
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ej6%2BoM%2B8bEsudnWawg9NyRoby6g8%2BqW5POapQPfGorv9rn9R90MApBBX9aNuga5mbOwabxL08uTpGMrgCDQTSSlV%2Faps6hyI0gjqVIdyO9tPq3PQnLhwKMOtUB9xxDWqtl%2FpVAVmIdDhLg%2BBXhFUmgbu0g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
cf-ray: 817503ddba2b3a8e-FRA
alt-svc: h3=":443"; ma=86400
expires: 0

GET
H2 200 index.js Show response
wheregoes.com/c/p/contact-form-7/includes/swv/js/ 11 KB
3 KB 133ms
132ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/c/p/contact-form-7/includes/swv/js/index.js?ver=202310170253

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20234856657/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fe46d2da01452067736578431f6c6e8116a24e616f58c72d9d81fdb2c7c9569

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/trace/20234856657/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 28 Sep 2023 14:21:32 GMT
server: cloudflare
etag: W/"65158bec-2a12"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wIVbpI9pULclb8DSvyhHjo6q2pBkMLQAYv79BxC9ydM9JykFQpJhCTpUMfdSwOsHqhTTVZo%2Bg%2F6wuh8APFp2%2BDsTvvRqQz%2BU6C1oNFlhgg9u5NbDt4922C%2BJOyOhcur2KYUrx%2BbvW2CZRK0Q"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 817503dc99c61c42-FRA
expires: Wed, 16 Oct 2024 02:00:14 GMT

GET
H2 200 index.js Show response
wheregoes.com/c/p/contact-form-7/includes/js/ 13 KB
4 KB 117ms
115ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/c/p/contact-form-7/includes/js/index.js?ver=202310170253

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20234856657/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1060091178cbd6c843b802f516f230f1a3a1e85f1afbd6ef84d80e5430ba457e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/trace/20234856657/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 28 Sep 2023 14:21:32 GMT
server: cloudflare
etag: W/"65158bec-328f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fbh9QC8L0NrKhoZSB4PmqgwcOpZ4GVTauzLSb3IK2NesrAUkwXYn18dTnpWl1fqEIDpjlrJIiQ9tAK2oAhQzA8JFsdJr%2BJHR3Zmfd4CI2dsI6GRH5R2Oljm61gFd7y5ZDwbvwj%2FpbcHDAmd0"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 817503dc99c71c42-FRA
expires: Wed, 16 Oct 2024 02:00:14 GMT

GET
H2 200 main.js Show response
wheregoes.com/c/themes/custom-theme/dist/js/ 5 KB
2 KB 15ms
15ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/c/themes/custom-theme/dist/js/main.js?ver=202310170253

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20234856657/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

19f4129c1cfc1a9fcb2e94b35853f3d2085c0807564e37971d1ccb6ef2a7e852

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/trace/20234856657/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 658
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 09 Feb 2023 20:32:40 GMT
server: cloudflare
etag: W/"63e55868-1464"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NAvHLnTsVBdzAbJ9yD6ccE2yprlBAURfgNfmyEAdKvgqUWl83p9%2B7bM4B26a7REZb%2BTq7LqvIyXdwn5gXUPOBbYMjBX2RkpPgWqBFU%2BbYd3v0O9zLjQgqro6jeBVMhSQ%2Fvq5lwVW7INonwln"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 817503dc99c81c42-FRA
expires: Wed, 16 Oct 2024 02:00:15 GMT

GET
BLOB 200
OK 40f20bb1-853d-459b-b9a2-f75a2090a91a
https://wheregoes.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://wheregoes.com/40f20bb1-853d-459b-b9a2-f75a2090a91a
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/trace/20234856657/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H/1.1 200
OK wheregoes.js Show response
cdn4.buysellads.net/pub/ 487 KB
141 KB 298ms
264ms Script
application/javascript 151.139.128.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/trace/20234856657/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: map3.hwcdn.net
Software: AmazonS3 /
Resource Hash: 6da117235d189f2b1e509b371d6f749498efdfded620fd11afd9d99db5227963

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Tue, 17 Oct 2023 02:12:10 GMT
Content-Encoding: gzip
Last-Modified: Tue, 17 Oct 2023 02:03:23 GMT
Server: AmazonS3
x-amz-request-id: T2S60HHY3CYKKMC9
ETag: "613249667847b029f6e6572632bc9e6f"
x-amz-server-side-encryption: AES256
Transfer-Encoding: chunked
X-HW: 1697508730.cds236.fr8.hn,1697508730.cds242.fr8.sc,1697508730.cds242.fr8.p
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
x-amz-id-2: 3ifi7qnakWtCWm8BvnLI1caG49vYc4KbipZeAKiNlP8yt4cSA23eyx6mc8kaxbCC8vhg7aurSAw=

GET
H3 200 logo-h-blue.svg
wheregoes.com/c/themes/custom-theme/img/ 15 KB
6 KB 18ms
18ms Image
image/svg+xml 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://wheregoes.com/c/themes/custom-theme/img/logo-h-blue.svg

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/c/cache/autoptimize/css/autoptimize_36ce7b13a75e9e69c252317ad35b53f6.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d48f7d7bc477f61c161f38835c0daaead5a64ca51be3656755d0b08c866dfcf2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/c/cache/autoptimize/css/autoptimize_36ce7b13a75e9e69c252317ad35b53f6.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 614194
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Sun, 11 Apr 2021 19:20:03 GMT
server: cloudflare
etag: W/"60734be3-3afa"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XO9TKGYNXBQ58Hj1htWwiH45qny0a2Y33Ii82rpmgr5jF8%2B6Qqe24jQDCfnXX0t7RFcAEvIOhov1eToSfx9xXMHajNXTm%2FLH%2FkcCs%2BQVINr9eKvjEBBDORqFGCO5Kc9rDJll4RNoQpwZeeE9"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 817503dd9a6a18e9-FRA
expires: Tue, 08 Oct 2024 22:22:49 GMT

GET
H3 200 wheregoes.woff2
wheregoes.com/c/themes/custom-theme/fonts/ 8 KB
8 KB 14ms
14ms Font
font/woff2 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://wheregoes.com/c/themes/custom-theme/fonts/wheregoes.woff2?90359859
Requested by: Host: wheregoes.com
URL: https://wheregoes.com/c/cache/autoptimize/css/autoptimize_36ce7b13a75e9e69c252317ad35b53f6.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0152ec54bafb1f951d4dc7585aebae598d2235c78d9e81ade8399006f8eb3b9b

Request headers

Referer: https://wheregoes.com/c/cache/autoptimize/css/autoptimize_36ce7b13a75e9e69c252317ad35b53f6.css
Origin: https://wheregoes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:10 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 614194
alt-svc: h3=":443"; ma=86400
content-length: 8024
last-modified: Fri, 18 Jun 2021 18:52:37 GMT
server: cloudflare
etag: "60cceb75-1f58"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G6MDHVdmbHd8ueOVg%2FA51JBqw4T1aMHdxim2wTmwIRfjzoG2fL8L1EqF1c3WYTIKwEwfopIzdITg7KJSRSoFN1uKvQJOdXFGhQjKIO8oIMoFa5Ux99yfGq3UA1COuoAdrnjoJ9hzCy72kUSv"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 817503dd9a6c18e9-FRA
expires: Tue, 08 Oct 2024 22:22:58 GMT

POST
H3 202 event Show response
wheregoes.com/api/ 2 B
762 B 226ms
226ms XHR
text/plain 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/api/event

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/js/script.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://wheregoes.com/trace/20234856657/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 Oct 2023 02:12:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cdn-edgestorageid: 885
cdn-cachedat: 10/17/2023 02:12:10
cdn-pullzone: 682664
application: 10.0.1.5
alt-svc: h3=":443"; ma=86400
content-length: 2
x-request-id: F47DMlvFDbxq8CwwoXMD
cdn-proxyver: 1.04
cdn-requestpullcode: 202
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HidxAd%2BUpXx8OXokEU1skWdl1l9gFQuLUhx7vYpcPI10iU4oBJh5UkbZZjXj2mSyunsjXFc4cBNMPFEaKMGVC1X%2B67lyqwn7iOERzIRq7NxPdTmcv2GTb95uq25VS4NimeZWp5t%2F6aRuQ8FE"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cache-control: must-revalidate, max-age=0, private
access-control-allow-credentials: true
permissions-policy: interest-cohort=()
cdn-requestid: 9b0c2920865470e453a050fb2fb306a9
cf-ray: 817503ddaa7818e9-FRA
cdn-requestcountrycode: US
cdn-requestpullsuccess: True

GET
H3 200 wp-emoji-release.min.js Show response
wheregoes.com/wp-includes/js/ 18 KB
5 KB 107ms
107ms Script
application/javascript 2606:4700:3035::ac43:b70e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://wheregoes.com/wp-includes/js/wp-emoji-release.min.js?ver=202310170253

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20234856657/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700:3035::ac43:b70e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/trace/20234856657/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Wed, 05 Apr 2023 20:53:50 GMT
server: cloudflare
etag: W/"642ddfde-4904"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C%2Fcx%2Bn9fqMc02vbRCTUGEtEgYalwMFv7ci73a7yX9IMeJi6enqWWA%2FKjDqsukc4qV%2Bdci9xRG5RhR0%2BnCZiA%2B%2BMvzbYweBq7KExjMuClZ9SAyPuCC2OzPx5NxKGsW2hvUagb%2BuCiDqe%2BrLEA"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=31536000
cf-ray: 817503ddaa7918e9-FRA
expires: Wed, 16 Oct 2024 02:00:16 GMT

GET
H2 200 pp.js Show response
api.fouanalytics.com/s/ 15 KB
6 KB 14ms
14ms Script
text/javascript 2606:4700:e2::ac40:8820
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/s/pp.js
Requested by: Host: api.fouanalytics.com
URL: https://api.fouanalytics.com/api/init-1144pc80p2fur20uadwq.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:e2::ac40:8820 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9d1aa0febc6ecc7c89d33e056750bcf288264dd8b853078544b3b16b9a12b6e6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:10 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
age: 28035
etag: W/"6528197a-3d35"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nUhUfNPRTvgghd6Oa8M3BYf9dnCXnySNprxpq8tMA3lOK%2BoRakmQqkEnGyK%2FAaf3KbEsG2UYdwBZk8wF59OM%2B%2BRg3%2BUhreFXG6xPxJROo6xP1CGufuxL3fKZM81BreeQLeUVOinwm6fN5vgWcqpRPQemeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=86400
cf-ray: 817503dedac03a8e-FRA
alt-svc: h3=":443"; ma=86400

GET
DATA 200
OK truncated
/ 15 KB
15 KB Font
application/x-font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c72f57881ea9665da29cc614802f61a04084e06b14de9f1d79ce26273e66a991

Request headers

Referer
Origin: https://wheregoes.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: application/x-font-woff;charset=utf-8

POST
H3 200 x
api.fouanalytics.com/api/ 0
452 B 201ms
200ms Ping
text/plain 2606:4700:e2::ac40:8820
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.fouanalytics.com/api/x
Requested by: Host: api.fouanalytics.com
URL: https://api.fouanalytics.com/s/pp.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:e2::ac40:8820 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 17 Oct 2023 02:12:11 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0RZRSUlzLpSq0cEdiLp4ya6loJX0UGfO5WCM%2B0voXAFYKFSYxmIv92X647KpG6TeFO8gEqsH1KYA%2BYOCFzs%2Biu51JwuSzwqrLXVjTOlQOcILXaqSeFI959G%2FBEVliUHqbfZ31EtCnq6MuDNxSrYHfMuYjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: *
cf-ray: 817503e09d751917-FRA
alt-svc: h3=":443"; ma=86400
priority: u=4,i

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 90 KB
29 KB 92ms
30ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

943a4568b86676db27ff7f44871944c652610cef42c4ca5879b1b7432adb6657

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:11 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29626
x-xss-protection: 0
server: cafe
etag: 777 / 19647 / 31078750 / config-hash: 13405835948429687525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 17 Oct 2023 02:12:11 GMT

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/ 420 KB
132 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2c1e314bd40a5d53a2e657710b9a41778f2e105084dd41fb2305dc008d5bffd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 12:47:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48254
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 134705
x-xss-protection: 0
server: cafe
etag: 4581834702576728701
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 15 Oct 2024 12:47:57 GMT

GET
H2 200 CEAIT5QE.json Show response
srv.buysellads.com/ads/ 1 KB
720 B 280ms
24ms Fetch
application/json 64.227.38.224
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: https://srv.buysellads.com/ads/CEAIT5QE.json?forcebanner=513617&ignoretargeting=yes
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 64.227.38.224 Slough, United Kingdom, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS: srv-eu-ldn-17.buysellads.com
Software: //srv.buysellads.com /
Resource Hash: a8115d71dea880efdbe2498bbc614290d96986d5b42b523c27385ff4b6074242

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:11 GMT
content-encoding: gzip
server: //srv.buysellads.com
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-allow-headers: *
content-length: 583

POST
H2 200 v1 Show response
hb-api.omnitagjs.com/hb-api/prebid/ 1 KB
845 B 206ms
126ms XHR
application/json 52.210.78.166
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hb-api.omnitagjs.com/hb-api/prebid/v1?RefererUrl=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&PageUrl=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&PageReferrer=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.210.78.166 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-210-78-166.eu-west-1.compute.amazonaws.com

Software

Resource Hash

4cf5686151c8a8f777cd5dfd9fd6fd33c43fb968afdee231dc03519a9421e077

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 Oct 2023 02:12:11 GMT
via: kong/2.8.4
x-content-type-options: nosniff
content-encoding: gzip
x-kong-proxy-latency: 0
x-kong-upstream-latency: 95
pragma: no-cache
access-control-max-age: 3600
vary: Accept-Encoding, Accept-Encoding
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://wheregoes.com
content-type: application/json; charset=utf-8
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
access-control-allow-headers: Accept-Encoding, Content-Type
expires: 0

POST
H2 204 cdb Show response
bidder.criteo.com/ 0
192 B 154ms
73ms XHR
text/plain 2a02:2638:3::7
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://bidder.criteo.com/cdb?profileId=207&av=36&wv=7.54.0&cb=19612877647&lsavail=1

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::7 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://wheregoes.com
date: Tue, 17 Oct 2023 02:12:10 GMT
strict-transport-security: max-age=31536000; preload;
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
server: Kestrel
vary: Origin

POST
H2 200 prebid Show response
prebid.media.net/rtb/ 1 KB
2 KB 160ms
105ms XHR
application/json 34.120.63.153
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid.media.net/rtb/prebid?cid=8CU18831I
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.63.153 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 153.63.120.34.bc.googleusercontent.com
Software: envoy /
Resource Hash: 5b68a1d7b88697041042fad7334bcd7d5a5c9f4ab43bbcc8ced62e80b2c0f641

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:11 GMT
via: 1.1 google
accept-ch: Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model
server: envoy
content-type: application/json;charset=utf-8
access-control-allow-origin: https://wheregoes.com
cache-control: max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-envoy-upstream-service-time: 86
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 17 Oct 2023 02:12:11 GMT

POST
H2 200 adreq Show response
ads.servenobid.com/ 946 B
785 B 206ms
111ms XHR
application/json 34.254.59.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/adreq?cb=854
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.59.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-59-116.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 46dc9dca3e40095a8d79843b75791f77d4d076d313ebd95910c9688344248952

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 17 Oct 2023 02:12:11 GMT
content-encoding: gzip
amp-access-control-allow-source-origin: *
vary: accept-encoding
content-type: application/json
access-control-allow-origin: https://wheregoes.com
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true

POST
H2 200 prebid-request Show response
onetag-sys.com/ 15 B
361 B 36ms
8ms XHR
application/json 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/prebid-request

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

strict-transport-security: max-age=15552000
content-encoding: gzip
content-type: application/json
access-control-allow-origin: https://wheregoes.com
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
cache-control: no-transform, no-cache
access-control-allow-credentials: true
access-control-allow-headers: content-type, origin, referer, user-agent
content-length: 41

POST
H/1.1 200
OK bid Show response
ap.lijit.com/rtb/ 24 B
400 B 548ms
183ms XHR
application/json 63.251.14.3
INTERNAP-BLOCK-4

General

Check archive.org

Show headers Download Go to

Full URL: https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.54.0
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.3 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS: 3.14.251.63.unassigned.ord.singlehop.net
Software: /
Resource Hash: 749ae82542314757321d1cb8863a100292b72b071b07650fc9f38a406de4195c

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

Date: Tue, 17 Oct 2023 02:12:11 GMT
Vary: Accept-Encoding, User-Agent
Access-Control-Allow-Methods: GET, POST, DELETE, PUT
Content-Type: application/json
Access-Control-Allow-Origin: https://wheregoes.com
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Content-Length: 24

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 433 B
769 B 366ms
280ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=405332&zone_id=2271886&size_id=2&alt_size_ids=55&rp_schain=1.0,1!buysellads.com,15074,1,,,&rf=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&tg_i.domain=wheregoes.com&tg_i.page=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&tg_i.pbadslot=%2F8691100%2FWheregoes_S2S_Leaderboard_ATF_ROS%23bsa-zone_1641228026595-4_123456&tk_flint=pbjs_lite_v7.54.0&x_source.tid=97d04a57-23e5-4825-a38d-a5fe4834e1a2&l_pb_bid_id=3882ee04f2d30c6&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=97d04a57-23e5-4825-a38d-a5fe4834e1a2&rp_maxbids=1&p_gpid=%2F8691100%2FWheregoes_S2S_Leaderboard_ATF_ROS%23bsa-zone_1641228026595-4_123456&slots=1&rand=0.5451387173045166
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: b2582a6c710b11c2bbee68e7dd44f079e8a1daa645ae49bb3d06aae9b78a13b9

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:11 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 433
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 411 B
920 B 186ms
101ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=405332&zone_id=2271886&size_id=15&rp_schain=1.0,1!buysellads.com,15074,1,,,&rf=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&tg_i.domain=wheregoes.com&tg_i.page=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&tg_i.pbadslot=%2F8691100%2FWheregoes_S2S_Sidebar_ROS_Pos1%23bsa-zone_1641228120494-5_123456&tk_flint=pbjs_lite_v7.54.0&x_source.tid=763cde38-cff9-403c-a982-7722196d12b5&l_pb_bid_id=39426a320bb39de&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=763cde38-cff9-403c-a982-7722196d12b5&rp_maxbids=1&p_gpid=%2F8691100%2FWheregoes_S2S_Sidebar_ROS_Pos1%23bsa-zone_1641228120494-5_123456&slots=1&rand=0.039209258114355716
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 03f975df111c595088e331714259403368940ad896eb3422773f6125b9fd8065

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:11 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 411
expires: Wed, 17 Sep 1975 21:32:10 GMT

GET
H2 200 fastlane.json Show response
fastlane.rubiconproject.com/a/api/ 442 B
779 B 188ms
103ms XHR
application/json 2602:803:c003:200::21
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to

Full URL: https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=18812&site_id=405332&zone_id=2271886&size_id=15&alt_size_ids=9%2C8%2C10&rp_schain=1.0,1!buysellads.com,15074,1,,,&rf=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&tg_i.domain=wheregoes.com&tg_i.page=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&tg_i.pbadslot=%2F8691100%2FWheregoes_S2S_Sticky_Sidebar_ROS_Pos2%23bsa-zone_1641318529900-6_123456&tk_flint=pbjs_lite_v7.54.0&x_source.tid=94751577-e630-4cd4-8e7e-e31e4dd647db&l_pb_bid_id=40af38f2df7948e&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=94751577-e630-4cd4-8e7e-e31e4dd647db&rp_maxbids=1&p_gpid=%2F8691100%2FWheregoes_S2S_Sticky_Sidebar_ROS_Pos2%23bsa-zone_1641318529900-6_123456&slots=1&rand=0.21951529090767607
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2602:803:c003:200::21 Amsterdam, Netherlands, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: nginx/1.21.4 /
Resource Hash: 91e327921912fdd40d8f202d9aacac8f86952119d1fc381852141da14fb03ba4

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:11 GMT
server: nginx/1.21.4
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-length: 442
expires: Wed, 17 Sep 1975 21:32:10 GMT

POST
H2 200 prebid Show response
ib.adnxs.com/ut/v3/ 13 KB
6 KB 188ms
170ms XHR
application/json 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

9dd74473e82915526082840b91719399fd77ffd5bfe26fcb97c2298e944856d6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:11 GMT
content-encoding: gzip
an-x-request-uuid: 73a64815-cd48-4b5f-acc8-99cc4cbc0f4e
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
vary: Accept-Encoding
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://wheregoes.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 publishertag.ids.js Show response
static.criteo.net/js/ld/ 42 KB
13 KB 57ms
23ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.ids.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

5a0e0bff8aff490cd3817c0f945e120780bd2148eb66f8179899bb4c999fc762

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:11 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Wed, 11 Oct 2023 08:53:04 GMT
server: nginx
etag: W/"65266270-a892"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 18 Oct 2023 02:12:11 GMT

GET
H2 200 sync.min.js Show response
tags.crwdcntrl.net/lt/c/16589/ 39 KB
12 KB 48ms
8ms Script
text/javascript 65.9.66.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-104.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 04:59:12 GMT
content-encoding: gzip
via: 1.1 120ade321ed0e3697c81eb1eb19b5f62.cloudfront.net (CloudFront)
last-modified: Wed, 06 Sep 2023 15:56:57 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 76380
x-amz-server-side-encryption: AES256
etag: W/"e073e71ed7a44e6f9cdd72904fda5940"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
cache-control: public, max-age=86400
x-amz-cf-id: wwnzx03KCZQuJMxnG1gkWiVwhm5vNE4Q3L0hHTgMksTZMYRDcUwn3A==

GET
H/1.1 200
OK uid2SecureSignal.js Show response
cdn.prod.uidapi.com/ 3 KB
3 KB 47ms
7ms Script
text/javascript 2600:9000:2250:6000:a:e047:753:6381
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.prod.uidapi.com/uid2SecureSignal.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2250:6000:a:e047:753:6381 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-amz-version-id: tte_Zq9MCmRAYf9XeFwo9sUIgrBbXCUY
Date: Mon, 16 Oct 2023 05:16:05 GMT
Via: 1.1 598a1f878f2efc16baaf47787ffe82d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P2
Age: 75367
x-amz-server-side-encryption: AES256
X-Cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 2776
Last-Modified: Wed, 06 Sep 2023 03:40:59 GMT
Server: AmazonS3
ETag: "a3a9a9ee8e72db69d54e805f0586c651"
Content-Type: text/javascript
Accept-Ranges: bytes
X-Amz-Cf-Id: H8T0PHC4rB5TsMe3SZc1WREunsmyDUvutkGlc06TRm8RI4xxDrdjGA==

GET
H2 200 esp.js Show response
oa.openxcdn.net/ 24 KB
8 KB 36ms
9ms Script
application/javascript 34.102.146.192
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oa.openxcdn.net/esp.js
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.146.192 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 192.146.102.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Sun, 24 Sep 2023 19:33:05 GMT
content-encoding: gzip
age: 1924746
x-guploader-uploadid: ADPycdsxLlKLCVb5W3Djj1V0MEZiayMLPqEhV9H3fgXZaELS3ccW0PQo2-GKz1rWI_UNhL9w3-cScigVqDHesSZuOcxycA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7927
last-modified: Thu, 27 May 2021 18:30:51 GMT
server: UploadServer
etag: "df5542b88bc0e368c6999754a5b9e2ba"
x-goog-generation: 1622140251693895
x-goog-hash: crc32c=f21hYg==, md5=31VCuIvA42jGmZdUpbniug==
content-type: application/javascript
cache-control: no-transform
x-goog-stored-content-length: 7927
accept-ranges: bytes
expires: Mon, 23 Sep 2024 19:33:05 GMT

GET
H2 200 esp.js Show response
cdn.id5-sync.com/api/1.0/ 139 KB
30 KB 57ms
17ms Script
text/javascript 2606:4700:10::6816:3456
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.id5-sync.com/api/1.0/esp.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3456 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bfea5e5db4c526a9c86debd0154807b4eaddf36281a55cb3f622e441e5054dc1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:11 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 16 Oct 2023 11:34:12 GMT
server: cloudflare
x-amz-request-id: QVD0983YX1A1WDKF
age: 517
etag: W/"e5bbc80dac7ff8597f5b639831f48d87"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: text/javascript;charset=utf-8
cache-control: public, max-age=3600
cf-ray: 817503e3cab09042-FRA
x-amz-id-2: QcVD24bV+HcL2Do7pPifFhiuKq45vQM/1fFwXSABhr5xLoCaTTAta4+uSD+wW7WvbVYUZGmZpN4=

GET
H2 200 pubcid.min.js Show response
cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/ 732 B
1 KB 34ms
15ms Script
application/javascript 2606:4700::6810:5514
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/prebid/shared-id/pubcid.js/docs/pubcid.min.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5514 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 22180
x-jsd-version: master
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230042-FRA, cache-jnb7027-JNB
x-jsd-version-type: branch
server: cloudflare
etag: W/"2dc-IrZxm/sP4aqtIfs1EfEw6Dg5q1Y"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5GARI0REFqAbkcSA7P4z0bCm3jYYbS9N1B1rbBcZS9mScmDX9L8mFfn%2Fk%2BbU2dV%2Bn7aKmxctXCVJn3e5ryO3DhGNQKzStdzBE7vAzF45bhh4xLxtu%2F05FSC2YHRIGOkljDYm6k0qt5YtzaJI7J4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 817503e3afb69176-FRA

GET
H2

200

esp Show response
oajs.openx.net/
Redirect Chain

https://oajs.openx.net/esp?url=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&rid=esp
https://oajs.openx.net/esp?url=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&rid=esp&cc=1

85 B
203 B

120ms
120ms

Fetch
application/json

34.120.135.53
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://oajs.openx.net/esp?url=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&rid=esp&cc=1
Protocol: H2
Server: 34.120.135.53 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 53.135.120.34.bc.googleusercontent.com
Software: / Express
Resource Hash: 2a2e246b48ee13a2f679715854ea5beac38a26af74061a51f63d355eb74449ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:11 GMT
via: 1.1 google
x-powered-by: Express
etag: W/"55-tKf9eDK6fFpOvSZDq6toEG9zIyU"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://wheregoes.com
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85

Redirect headers

date: Tue, 17 Oct 2023 02:12:11 GMT
via: 1.1 google
x-powered-by: Express
vary: Origin
access-control-allow-origin: https://wheregoes.com
location: /esp?url=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&rid=esp&cc=1
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

POST
H2 200 map Show response
bcp.crwdcntrl.net/6/ 60 B
332 B 110ms
33ms XHR
application/json 63.33.97.132
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bcp.crwdcntrl.net/6/map
Requested by: Host: tags.crwdcntrl.net
URL: https://tags.crwdcntrl.net/lt/c/16589/sync.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.97.132 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-97-132.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 88e868aea079a02804f74d8dd523275e2cbe3e9e25d3be3ee5865768246e2154

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:11 GMT
server: Jetty(9.4.38.v20210224)
content-type: application/json;charset=utf-8
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache
x-server: 10.45.14.85
access-control-allow-credentials: true
content-length: 60
expires: 0

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame C5DF 15 KB
6 KB 44ms
14ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertagids&topUrl=wheregoes.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.ids.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 17 Oct 2023 02:12:11 GMT
server: Kestrel
server-processing-duration-in-ticks: 322876
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 204 increment Show response
id5-sync.com/api/esp/ 0
229 B 41ms
8ms XHR
text/plain 162.19.138.117
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/api/esp/increment?counter=no-config

Requested by

Host: cdn.id5-sync.com
URL: https://cdn.id5-sync.com/api/1.0/esp.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

162.19.138.117 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31533568.ip-162-19-138.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://wheregoes.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://wheregoes.com
date: Tue, 17 Oct 2023 02:12:11 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin

GET
H2

200

sid Show response
mug.criteo.com/ Frame C5DF
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertagids&domain=wheregoes.com&sn=ChromeSyncframe&so=0&topUrl=wheregoes.com&cw=1&lsw=1&topicsavail=0&fledgeavail=0
https://mug.criteo.com/sid?cpp=5rNhgHxJTDgzSzJ0WkdudjN2MXUvaVBuaUFFTCtUbGdWRjVZNGZ5ZEJzb1J6TnFxakdJVWVNRzVja2YxemNqeS9IR25XSlRJWFgrSEc0OUlNeHJBRTFlcG5Oa2dVcHFKdkc5Z0FZdTg1bjV2bnZHYWN0NWp2UU8yZ0MzY1...

439 B
657 B

15ms
14ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=5rNhgHxJTDgzSzJ0WkdudjN2MXUvaVBuaUFFTCtUbGdWRjVZNGZ5ZEJzb1J6TnFxakdJVWVNRzVja2YxemNqeS9IR25XSlRJWFgrSEc0OUlNeHJBRTFlcG5Oa2dVcHFKdkc5Z0FZdTg1bjV2bnZHYWN0NWp2UU8yZ0MzY1lFSnJhUm5zRHlwV2Uxb1M0RHpRdU53UUVKbXc1enJub1V4U0IvWWp6emFwaGFLZjdpOWcxblIzS0hQeFRQdTNHZmVGRVNra3lFVi9VTXF5QWZiSitCVTdPWndWRGJmcHZsVlVwTWFJc3lzRU8zL0JGRVhyUFNKckF4QW9vVklGaTdiVDcrbXZqdnBRaG1wWHdDQVBLSm1xcWdwRyt2Zz09fA&cppv=2

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

f60b504c796bec7693a8dbd52e1cf77f898165c42f13e3ad1839e57ef378944b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:10 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 1255553
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:11 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=5rNhgHxJTDgzSzJ0WkdudjN2MXUvaVBuaUFFTCtUbGdWRjVZNGZ5ZEJzb1J6TnFxakdJVWVNRzVja2YxemNqeS9IR25XSlRJWFgrSEc0OUlNeHJBRTFlcG5Oa2dVcHFKdkc5Z0FZdTg1bjV2bnZHYWN0NWp2UU8yZ0MzY1lFSnJhUm5zRHlwV2Uxb1M0RHpRdU53UUVKbXc1enJub1V4U0IvWWp6emFwaGFLZjdpOWcxblIzS0hQeFRQdTNHZmVGRVNra3lFVi9VTXF5QWZiSitCVTdPWndWRGJmcHZsVlVwTWFJc3lzRU8zL0JGRVhyUFNKckF4QW9vVklGaTdiVDcrbXZqdnBRaG1wWHdDQVBLSm1xcWdwRyt2Zz09fA&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 228679
content-length: 0
expires: 0

GET
H2 200 pd Show response
google-bidout-d.openx.net/w/1.0/ Frame B303 0
176 B 58ms
15ms Document
text/html 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google-bidout-d.openx.net/w/1.0/pd?plm=5
Requested by: Host: oa.openxcdn.net
URL: https://oa.openxcdn.net/esp.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: gzip
content-length: 20
content-type: text/html
date: Tue, 17 Oct 2023 02:12:11 GMT
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
via: 1.1 google

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 123 KB
28 KB 78ms
77ms Fetch
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2922396697822907&correlator=3978105745688948&eid=31078743%2C31078819%2C31078750%2C31078787%2C31078789&output=ldjh&gdfp_req=1&vrg=202310090101&ptt=17&impl=fifs&iu_parts=8691100%2CWheregoes_S2S_Leaderboard_ATF_ROS%2CWheregoes_S2S_Sidebar_ROS_Pos1%2CWheregoes_S2S_Sticky_Sidebar_ROS_Pos2&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3&prev_iu_szs=728x90%7C970x90%2C300x250%2C300x250%7C120x600%7C160x600%7C300x600&ifi=1&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1697508731996&lmt=1697501531&adxs=436%2C1091%2C1091&adys=440%2C666%2C950&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C0%7C0&ucis=1%7C2%7C3&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&url=https%3A%2F%2Fwheregoes.com%2Ftrace%2F20234856657%2F&vis=1&psz=960x267%7C300x952%7C300x952&msz=960x90%7C300x250%7C300x600&fws=516%2C0%2C512&ohw=960%2C0%2C0&ga_vid=1762492804.1697508732&ga_sid=1697508732&ga_hid=390538440&ga_fc=false&dlt=1697508730331&idt=1058&prev_scp=optimize_ad_unit_id%3Dbsa-zone_1641228026595-4_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%26hb_size%3D728x90%26hb_pb%3D0.00%26hb_creative%3D381846714%26hb_adid%3D46b6e260a8dd626%26hb_bidder%3Dappnexus%26_bd%3Dbid%26_pl%3D0.00%26hb_size_appnexus%3D728x90%26hb_pb_appnexus%3D0.00%26hb_adid_appnexus%3D46b6e260a8dd626%26hb_bidder_appnexus%3Dappnexus%7Coptimize_ad_unit_id%3Dbsa-zone_1641228120494-5_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0%7Coptimize_ad_unit_id%3Dbsa-zone_1641318529900-6_123456%26optimize_inview%3Dfalse%26optimize_refresh_int%3D0&cust_params=optimize_refreshed%3Dfalse%26optimize_acceptable%3Dfalse%26optimize_adl_debug%3Dfalse%26optimize_ctv_debug%3Dfalse%26optimize_debug%3Dfalse%26optimize%3Dtrue%26optimize_adl_id%3D%26optimize_amp%3Dfalse%26optimize_audience%3Dtech%26optimize_env%3Dprod%26optimize_pub%3Dwheregoes%26optimize_xp%3Da&adks=1696759606%2C2861055222%2C3809685794&frm=20&is_cau=%2C%2C

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ec3b02e78acac8860a614bda37e63aaa1fc00fe4584d6e5b51d99ab883db0a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29029
x-xss-protection: 0
google-lineitem-id: 5320060794,5324395187,5320060794
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138305491763,138305885717,138305489837
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://wheregoes.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 126ms
25ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202310090101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c13c33a69417f93851f62292e7250faf7aec0dc7aa556314594a62da88c0143f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12299
x-xss-protection: 0

GET
H2 200 container.html Show response
4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 3F84 6 KB
3 KB 73ms
16ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Oct 2023 02:12:12 GMT
expires: Wed, 16 Oct 2024 02:12:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C1FE 6 KB
3 KB 52ms
15ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Oct 2023 02:12:12 GMT
expires: Wed, 16 Oct 2024 02:12:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7F92 0
0 47ms
47ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvduxSeH9iLXgxPT5MeuWkeiOKI_0sWKWx7wNSgWKrkNM2_geAeC6-Db9geDMCJHwh2kGqlVnCbY4une0Tfv0aMsGovNxpO_fyD7aCH3DgbVIRLzLMlblHMLoiDEUWXDw0hi53emgYgStgCT6Qhno_gW7F6-IpNhXIL09xloVXQ6ck9mCybt-Fw_LABcKE8NhSMRacbap78qJSmf59bVbvoqeboq0uyJeMiFDxs937tTSXSGHNH5OwaOBplXd1XCRN6KPcOfsyWtOwQJ5v4FrxA4pyEG1GNjvVN7F9PNqA1c5B_TCY6NmpAZXP2CKjaAdY66rbbF5htB0GvQ5xan7BFbzI4iA&sai=AMfl-YQKdo1nSvEF_0k6HvfyNZzJGhBagG4Myamk2ERYTTlotyQhxFcH3w7XFtL3menpjfcnL0c8xB_iuVYBYl3vwUcw0YTRlZ7Upw5fugmo5MQ1Nd-_XiO50NXs7ao46q67nSg9AOgTMX433mZr97A&sig=Cg0ArKJSzFuREJexZ-dvEAE&uach_m=[UACH]&adurl=

Requested by

Host: wheregoes.com
URL: https://wheregoes.com/trace/20234856657/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 17 Oct 2023 02:12:12 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231011/r20110914/ Frame 7F92 23 KB
9 KB 57ms
7ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231011/r20110914/abg_lite_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fc069e0e04d13807f2632483a883ed5fbd1d72c4eade64a9ac7f6aa71ac47fa4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 13:04:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 47260
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9145
x-xss-protection: 0
server: cafe
etag: 13066256994748809036
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 30 Oct 2023 13:04:32 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231011/r20110914/client/ Frame 7F92 3 KB
1 KB 58ms
8ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231011/r20110914/client/window_focus_fy2021.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 14:12:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 43165
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 30 Oct 2023 14:12:47 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7F92 187 KB
59 KB 71ms
22ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e633b623c0a583bfd0faa2e8ddbedf076e711868262bc8122ef486d7ace2e85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60003
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1697024009209687"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Oct 2023 02:12:12 GMT

GET
H2 200 9435140927320421974
tpc.googlesyndication.com/simgad/ Frame 7F92 92 KB
92 KB 57ms
9ms Image
image/jpeg 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9435140927320421974

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de8279221cec92147e41e962754da2e9667fe862dc94f192566fa7bec3d11f11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 22:05:14 GMT
x-content-type-options: nosniff
age: 274018
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93765
x-xss-protection: 0
last-modified: Tue, 10 Mar 2020 20:30:38 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 12 Oct 2024 22:05:14 GMT

GET
H2 200 container.html Show response
4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame EEC3 6 KB
3 KB 37ms
17ms Document
text/html 2a00:1450:4001:827::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Oct 2023 02:12:12 GMT
expires: Wed, 16 Oct 2024 02:12:12 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 7F92 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7c0355a2b318f4df3618e971015866d16da1251b7f6e896108093f7adbc5f0aa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 63ms
26ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202310090101/pubads_impl.js?cb=31078750

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 17 Oct 2023 02:12:12 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame C1FE 24 KB
7 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 06:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 329883
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 12 Oct 2024 06:34:09 GMT

GET
H2 200 ttj Show response
secure.adnxs.com/ Frame C1FE 8 KB
4 KB 8ms
7ms Script
application/javascript 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/ttj?id=18678115&size=728x90&cb=2086422535&pubclick=https://adclick.g.doubleclick.net/pcs/click%253Fxai%253DAKAOjsupSLFp41UBRGI_z4vnFUV_KePMw6KTaJdOOsmdVbhwl-pSwOjlHoz7k6z-ysgMcxSF8U0qD6a4MBpFNivELe5YMYOdNydC0XfypnaFD2VSSeE3GqVLT9LpBIKSscfUwj2FctW1XdrUteHfYa_0iRFGzXwk9Bm1moMqSViw2tx84qXOuucYaBk6BIYJxXj-eMYB3iObuM9wyZKCHz3qnm4ZJeiDqFoCErrbKAjaSZIluKNhQKhIAuqGGSJjd3AdJCxCjFHRG6VYO4Nt921oAeL71GBxKc-pNrbJOEKRSU-BsVF1rS3De-dF9n6kbtqEyIxvBll5cYK4XoFIf8RF8sMPBwRhgg%2526sai%253DAMfl-YQ4QDgqbvLZuvZSdyLQp1aWfV9sUb9swAho0oLb4rjCeDp_Se3mPzU4aoZ7IIOVOOAKs5n5fHLuf-GGT2FB14dkA0IHeVqbMeA0HDQUBMimaWkJr4AeB6VcJDJV8WIy6brUwe02ZG3WOh0yur4%2526sig%253DCg0ArKJSzC57NGtblOoAEAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253D

Requested by

Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e708778b880b9bb962f27f219c484785afc2684cb5c29ebb9213312736ceaf3e

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:12 GMT
content-encoding: gzip
an-x-request-uuid: 14529318-831f-499f-ae49-290506912f35
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
vary: Accept-Encoding
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C1FE 187 KB
59 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e633b623c0a583bfd0faa2e8ddbedf076e711868262bc8122ef486d7ace2e85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60003
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1697024009209687"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Oct 2023 02:12:12 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame EEC3 24 KB
6 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Fri, 13 Oct 2023 06:34:09 GMT
content-encoding: br
x-content-type-options: nosniff
age: 329883
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sat, 12 Oct 2024 06:34:09 GMT

GET
H2 200 ttj Show response
secure.adnxs.com/ Frame EEC3 8 KB
4 KB 19ms
18ms Script
application/javascript 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/ttj?id=18678115&size=300x250&cb=1111313428&pubclick=https://adclick.g.doubleclick.net/pcs/click%253Fxai%253DAKAOjsuW4vWH1DxdYSJm25qy_H-FGRoc0knmOoLTmBvifnf87KhVPkHzBCSSOSBHNMqfrkWiyTgyxClpPNwDCEY8qJ8JIuyxgDXJwPPXp4Q4E3uYFq5LMcQzcuW8Kq3AHZvSKakHLjrCDjYEN79uqIpXbeyRMsgkP9FoO9XHBh_Yt-gB8mdumjBfxU1oZUyrIUW1H4BmcwMme3HEp6mVxs4nHAQJUGbyfo-IZv3ctLOUNXNSltzWlPTDSS_ohEIZsfXtnpE-XuT9t32NtPWqrmR4FhghG8Jt2OofvPXYix_IfWBZaetvSwWlG8OY5HWcIahI6vKTlZu9mEWDTYu2v-_vlFPs9JFXI5Cjfc4%2526sai%253DAMfl-YRRy9onM9-c7WUrNb1Y510kP_H0OtOaNdw8Vv5IFHBZdOurZh32K_Ni2WzJBPejNWij19SAJHcXEuoiEGbl_41rLZrMZaRRDRdQMGW_IBc32CvLnLrvIx6iIP7Rgo7fErfNEaOjpvCIvk_r1fI%2526sig%253DCg0ArKJSzFCjDYwi0uO_EAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253D

Requested by

Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

77b80a5a234646e13a985fe33b699072097fd300bf77989a29cf87b92d875571

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:12 GMT
content-encoding: gzip
an-x-request-uuid: 94e35faf-ce8b-4d49-bcaf-282eb8210d05
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
vary: Accept-Encoding
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame EEC3 187 KB
59 KB 23ms
23ms Script
text/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7e633b623c0a583bfd0faa2e8ddbedf076e711868262bc8122ef486d7ace2e85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60003
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1697024009209687"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Oct 2023 02:12:12 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C1FE 0
0 46ms
46ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuA-M6Skbr-PVOjeoHQuhEDY4UZyVeIjsaNLXQI5FLglB3VgWf7S3Dq2mLBjbke2aeQij9ToVkeLXSZj4oCDXGoLqe6KvvOcZH9mlj311t6JScnzAtfVnP-Zhl5cKRsnCyTGrgOfmynaxsLnWdrYPoCVO6vXr6U3bPw5AWUyMwEklW5n4DyX4g6PHbNtsp1grjWw_uqjiSnC5MRmdUmbjZd04oL-5wm1I2Zsd_y42x04c0X0DnnxlTMEOajm-oEAxrMYiZkAL0YD4ufi-KxKc-YPsYygMQKDP4JgVDPrhQCfpwJ56DkLgNBf_kqJfO7vVmXvbVPYd9Br7XEbF8Fv_nMpyXr4_Taww&sai=AMfl-YQm5o8TGdSY5IJ8MAI_QVmkxPh6dXifmeCQLCncZiPiqMLH1TvcoBHwWNNLXJBmCuWsD4xR3TAYyQnlUbIu0zcHRLcd_1UEazJxsomtw4AcMLXUaEpJYYxytQt4Md72Vc5LSRsiYJP5NGeLqBA&sig=Cg0ArKJSzFeUtdORaADyEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 sync Show response
gum.criteo.com/ Frame C1FE 51 B
292 B 15ms
13ms Script
text/javascript 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a

Requested by

Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?id=18678115&size=728x90&cb=2086422535&pubclick=https://adclick.g.doubleclick.net/pcs/click%253Fxai%253DAKAOjsupSLFp41UBRGI_z4vnFUV_KePMw6KTaJdOOsmdVbhwl-pSwOjlHoz7k6z-ysgMcxSF8U0qD6a4MBpFNivELe5YMYOdNydC0XfypnaFD2VSSeE3GqVLT9LpBIKSscfUwj2FctW1XdrUteHfYa_0iRFGzXwk9Bm1moMqSViw2tx84qXOuucYaBk6BIYJxXj-eMYB3iObuM9wyZKCHz3qnm4ZJeiDqFoCErrbKAjaSZIluKNhQKhIAuqGGSJjd3AdJCxCjFHRG6VYO4Nt921oAeL71GBxKc-pNrbJOEKRSU-BsVF1rS3De-dF9n6kbtqEyIxvBll5cYK4XoFIf8RF8sMPBwRhgg%2526sai%253DAMfl-YQ4QDgqbvLZuvZSdyLQp1aWfV9sUb9swAho0oLb4rjCeDp_Se3mPzU4aoZ7IIOVOOAKs5n5fHLuf-GGT2FB14dkA0IHeVqbMeA0HDQUBMimaWkJr4AeB6VcJDJV8WIy6brUwe02ZG3WOh0yur4%2526sig%253DCg0ArKJSzC57NGtblOoAEAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

acb5d519051cc13618e992a7df4bce6a980036dfbe2e17a970ec716194329f6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 716334
expires: 60

GET
H2 200 ttj Show response
secure.adnxs.com/ Frame C1FE 11 KB
5 KB 165ms
163ms Script
application/javascript 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/ttj?ttjb=1&bdc=1697508732&bdh=ZJyC52xUTZTdJ9qJYX2D0t7mrEk.&&bdref=https%3A%2F%2Fwheregoes.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwheregoes.com%2F,https%3A%2F%2F4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&&id=18678115&size=728x90&cb=2086422535&pubclick=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%253Fxai%253DAKAOjsupSLFp41UBRGI_z4vnFUV_KePMw6KTaJdOOsmdVbhwl-pSwOjlHoz7k6z-ysgMcxSF8U0qD6a4MBpFNivELe5YMYOdNydC0XfypnaFD2VSSeE3GqVLT9LpBIKSscfUwj2FctW1XdrUteHfYa_0iRFGzXwk9Bm1moMqSViw2tx84qXOuucYaBk6BIYJxXj-eMYB3iObuM9wyZKCHz3qnm4ZJeiDqFoCErrbKAjaSZIluKNhQKhIAuqGGSJjd3AdJCxCjFHRG6VYO4Nt921oAeL71GBxKc-pNrbJOEKRSU-BsVF1rS3De-dF9n6kbtqEyIxvBll5cYK4XoFIf8RF8sMPBwRhgg%2526sai%253DAMfl-YQ4QDgqbvLZuvZSdyLQp1aWfV9sUb9swAho0oLb4rjCeDp_Se3mPzU4aoZ7IIOVOOAKs5n5fHLuf-GGT2FB14dkA0IHeVqbMeA0HDQUBMimaWkJr4AeB6VcJDJV8WIy6brUwe02ZG3WOh0yur4%2526sig%253DCg0ArKJSzC57NGtblOoAEAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253D

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

da5a724b3d0dcf0ae763d66513a30e0dfd9c1a9d2cab302a17d56723e01146b3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
content-encoding: gzip
x-creative-id: 381846714
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
x-xss-protection: 0
pragma: no-cache
an-x-request-uuid: 2f148367-44ce-4bdc-8f0f-50893c3fd235
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EEC3 0
0 45ms
44ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjst5w5MQE_B8Yi8s-JyEwKIxJpbFPt4dMql4MJS1HP8LurPAu1QffoDkeEMqlkonQoFoKQcY5KF3OrgfvSx9971R21vZvJy2Td4-HshU1y4fW_WV27Y5x-STo15AhksSL7tmryyQgK7wfVTCE25Ctfyja4JCTZiVKK3GujD_MJgnLPvc2ZPHBBwLi_69YJJk01eo5UI6F1cXWeX0J2SknhGwLWO7bVrgic9RxhkHIDk82h9Yu7kOiNNXlL57Nn5w1DKkXtZBuS0BlWmVDkg8RaOTrvlKsTACTbqF3rHrmI0gfglF0QTYiK1pkNxWozE7vygFL5uh2ATBf1HuxIytJYHdn8wUT_eSDkv25LU&sai=AMfl-YTGUgdGeLOT-gsy84TliARmTHi0AZXXu5TIlcHtGTqMvXpah-PuTLDv7Ip1DClDcqJDWIsqqU2Z43E04O48cytZluC7c3cGNcwSvpGc9DpQLvwuzxN_Rvs6X5b8qS8qrFraCDYVS7KTKKsrpRo&sig=Cg0ArKJSzAsCu4VBEBheEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 3740 13 KB
5 KB 9ms
7ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 42095
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 16 Oct 2023 14:30:37 GMT
expires: Tue, 15 Oct 2024 14:30:37 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 409C 829 B
1 KB 39ms
16ms Document
text/html 2a00:1450:4001:82a::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

00f451c87141491c962bb79df268a6d70a69cb739b3868860679e6f848f6a666

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-9W22VrjAOaeMox5cqdCKvA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-9W22VrjAOaeMox5cqdCKvA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 17 Oct 2023 02:12:12 GMT
expires: Tue, 17 Oct 2023 02:12:12 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 sync Show response
gum.criteo.com/ Frame EEC3 51 B
293 B 14ms
13ms Script
text/javascript 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a

Requested by

Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?id=18678115&size=300x250&cb=1111313428&pubclick=https://adclick.g.doubleclick.net/pcs/click%253Fxai%253DAKAOjsuW4vWH1DxdYSJm25qy_H-FGRoc0knmOoLTmBvifnf87KhVPkHzBCSSOSBHNMqfrkWiyTgyxClpPNwDCEY8qJ8JIuyxgDXJwPPXp4Q4E3uYFq5LMcQzcuW8Kq3AHZvSKakHLjrCDjYEN79uqIpXbeyRMsgkP9FoO9XHBh_Yt-gB8mdumjBfxU1oZUyrIUW1H4BmcwMme3HEp6mVxs4nHAQJUGbyfo-IZv3ctLOUNXNSltzWlPTDSS_ohEIZsfXtnpE-XuT9t32NtPWqrmR4FhghG8Jt2OofvPXYix_IfWBZaetvSwWlG8OY5HWcIahI6vKTlZu9mEWDTYu2v-_vlFPs9JFXI5Cjfc4%2526sai%253DAMfl-YRRy9onM9-c7WUrNb1Y510kP_H0OtOaNdw8Vv5IFHBZdOurZh32K_Ni2WzJBPejNWij19SAJHcXEuoiEGbl_41rLZrMZaRRDRdQMGW_IBc32CvLnLrvIx6iIP7Rgo7fErfNEaOjpvCIvk_r1fI%2526sig%253DCg0ArKJSzFCjDYwi0uO_EAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

acb5d519051cc13618e992a7df4bce6a980036dfbe2e17a970ec716194329f6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:11 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=3600
server-processing-duration-in-ticks: 1317662
expires: 60

GET
H2 200 ttj Show response
secure.adnxs.com/ Frame EEC3 10 KB
5 KB 169ms
168ms Script
application/javascript 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/ttj?ttjb=1&bdc=1697508732&bdh=ZJyC52xUTZTdJ9qJYX2D0t7mrEk.&&bdref=https%3A%2F%2Fwheregoes.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwheregoes.com%2F,https%3A%2F%2F4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&&id=18678115&size=300x250&cb=1111313428&pubclick=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%253Fxai%253DAKAOjsuW4vWH1DxdYSJm25qy_H-FGRoc0knmOoLTmBvifnf87KhVPkHzBCSSOSBHNMqfrkWiyTgyxClpPNwDCEY8qJ8JIuyxgDXJwPPXp4Q4E3uYFq5LMcQzcuW8Kq3AHZvSKakHLjrCDjYEN79uqIpXbeyRMsgkP9FoO9XHBh_Yt-gB8mdumjBfxU1oZUyrIUW1H4BmcwMme3HEp6mVxs4nHAQJUGbyfo-IZv3ctLOUNXNSltzWlPTDSS_ohEIZsfXtnpE-XuT9t32NtPWqrmR4FhghG8Jt2OofvPXYix_IfWBZaetvSwWlG8OY5HWcIahI6vKTlZu9mEWDTYu2v-_vlFPs9JFXI5Cjfc4%2526sai%253DAMfl-YRRy9onM9-c7WUrNb1Y510kP_H0OtOaNdw8Vv5IFHBZdOurZh32K_Ni2WzJBPejNWij19SAJHcXEuoiEGbl_41rLZrMZaRRDRdQMGW_IBc32CvLnLrvIx6iIP7Rgo7fErfNEaOjpvCIvk_r1fI%2526sig%253DCg0ArKJSzFCjDYwi0uO_EAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253D

Requested by

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e2cdf96e5064443f0ffac94e9eef0be275e04d0dc37c186207c66d873cbe9c69

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
content-encoding: gzip
x-creative-id: 381846714
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
x-xss-protection: 0
pragma: no-cache
an-x-request-uuid: 0d2566eb-97c0-4bef-8639-837498675e8a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 7F92 0
0 60ms
45ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsukXJVGBvAtfYfoBtAeGg4lOaH91aVjIYmAGnt_J0NHVedip-PDz6vxdEZsCgTUigIa5ji69QomuZ4xvcmuVfXgXYKg6RqaVQ09ER1_DO_J5sDvlGUsHZEukmv2B5sp8lYAfMWwJXJLmVtSoTfql-KCNm3L4L6r0P-ppoR40lp0yDe4qe01gR7Z9egAgVlCQUok8h1mPqENMOtUG0RXgK-u-FLdnHzr-Fy3NHCmXExhmNG7foaMPrWGcSmGVvwwdIqtANG1A-8mURg4VBU3UVVIY134tqLdqgV30Tuaz-7h1lzpZeH3bK2ALqjZmXrsEcc4Obdu6OptWV1qOVlJnWlvKHM7BE14&sai=AMfl-YRlEDUzax2z75BLAhN3em8bqvyL85Ce_5pdPVOMSxX6AUpwIhMxGfTGhfVhkRr-6PNhCrbJliWwUJfu4P1S24Kb7Nyu4XhE4Mc-ww3uK7L5CpGmxXvT-2fyB2rvpAT5eNuGOn1V6gmOMXS8ROY&sig=Cg0ArKJSzIqhfEiDrRTsEAE&uach_m=[UACH]&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 17 Oct 2023 02:12:12 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 409C 0
0 56ms
41ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202310090101&jk=2922396697822907&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

GET
H3 200 4QJGLNlKfnVz3XQjPF9W03cPcyZJorHT7_BXddCCsBM.js Show response
pagead2.googlesyndication.com/bg/ Frame 3740 37 KB
14 KB 21ms
7ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/4QJGLNlKfnVz3XQjPF9W03cPcyZJorHT7_BXddCCsBM.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e102462cd94a7e7573dd74233c5f56d3770f732649a2b1d3eff05775d082b013

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Mon, 16 Oct 2023 14:30:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 42094
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14648
x-xss-protection: 0
last-modified: Tue, 10 Oct 2023 07:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 15 Oct 2024 14:30:38 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 3740 0
10 B 8ms
8ms Image
text/plain 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?u9K65A
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 sdk.js Show response
adsdk.microsoft.com/native-to-display/ Frame C1FE 89 KB
36 KB 194ms
43ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://adsdk.microsoft.com/native-to-display/sdk.js
Requested by: Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?ttjb=1&bdc=1697508732&bdh=ZJyC52xUTZTdJ9qJYX2D0t7mrEk.&&bdref=https%3A%2F%2Fwheregoes.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwheregoes.com%2F,https%3A%2F%2F4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&&id=18678115&size=728x90&cb=2086422535&pubclick=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%253Fxai%253DAKAOjsupSLFp41UBRGI_z4vnFUV_KePMw6KTaJdOOsmdVbhwl-pSwOjlHoz7k6z-ysgMcxSF8U0qD6a4MBpFNivELe5YMYOdNydC0XfypnaFD2VSSeE3GqVLT9LpBIKSscfUwj2FctW1XdrUteHfYa_0iRFGzXwk9Bm1moMqSViw2tx84qXOuucYaBk6BIYJxXj-eMYB3iObuM9wyZKCHz3qnm4ZJeiDqFoCErrbKAjaSZIluKNhQKhIAuqGGSJjd3AdJCxCjFHRG6VYO4Nt921oAeL71GBxKc-pNrbJOEKRSU-BsVF1rS3De-dF9n6kbtqEyIxvBll5cYK4XoFIf8RF8sMPBwRhgg%2526sai%253DAMfl-YQ4QDgqbvLZuvZSdyLQp1aWfV9sUb9swAho0oLb4rjCeDp_Se3mPzU4aoZ7IIOVOOAKs5n5fHLuf-GGT2FB14dkA0IHeVqbMeA0HDQUBMimaWkJr4AeB6VcJDJV8WIy6brUwe02ZG3WOh0yur4%2526sig%253DCg0ArKJSzC57NGtblOoAEAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e615f6f367dc60fdba6d1448d36ac3b9195d53b0547eecd900ec7ac5da35f87f

Request headers

Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
Origin: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 17 Oct 2023 02:12:12 GMT
content-encoding: br
last-modified: Tue, 10 Oct 2023 17:29:05 GMT
vary: Accept-Encoding
x-azure-ref: 20231017T021212Z-ee57er3bup1eh9h1kyxn7ahs8800000007a000000001xe4f
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 49722335-401e-005f-44fb-fc8092000000
cache-control: private, max-age=3600
x-cache: TCP_HIT
x-ms-version: 2009-09-19

GET
H2

200

c.gif
www.bing.com/aes/ Frame C1FE
Redirect Chain

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=4d05e800-426d-40a3-be16-c961b929ca64&bidId=15000&bidderId=4&cmExpId=V7&oAdUnit=391466&publisherId=162645330&rId=8d363aaa-38c2-40ba-...
https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=fb3e1a2f35af4e39821d7c8c7564c2b8&SNR=1&GV=2&med=10

0
242 B

33ms
33ms

Image
text/plain

2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=fb3e1a2f35af4e39821d7c8c7564c2b8&SNR=1&GV=2&med=10
Requested by: Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:12 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F59009F1CB3F4C108B48CD84038409D4 Ref B: FRA31EDGE0708 Ref C: 2023-10-17T02:12:12Z
vary: Origin
x-cache: CONFIG_NOCACHE
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
cache-control: private,no-store
content-length: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=15724800; includeSubDomains
date: Tue, 17 Oct 2023 02:12:12 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5F16D0F3963A4AA5B61E810D9B06AF8A Ref B: FRA31EDGE0708 Ref C: 2023-10-17T02:12:12Z
vary: Origin
x-cache: CONFIG_NOCACHE
content-type: text/html; charset=utf-8
location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=fb3e1a2f35af4e39821d7c8c7564c2b8&SNR=1&GV=2&med=10
cache-control: no-cache, no-store, must-revalidate
content-length: 154
expires: 0

GET
H2 200 it
fra1-ib.adnxs.com/ Frame C1FE 0
642 B 30ms
8ms Image
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%3A%2F%2Fwheregoes.com%2F&e=wqT_3QLYDPBMWAYAAAMA1gAFAQj82repBhDG4L7iopCwmUMYvPvf0N6tkIdaKjYJKP72EnFeiT8RpqRqOLgZiD8ZAAAAwPUovD8hpqRqOLgZiD8pKP4JJNAxAAAAQOF6hD8w44L0CDjKQUC1XkjjA1C6iYq2AViY1VJgAGiR92t4hNgFgAEBigEDVVNEkgUG8ECYAdgFoAFaqAEBsAEAuAECwAEFyAEC0AEA2AEA4AEA6gGyBWh0dHBzJTNBJTJGJTJGYWRjbGljay5nLmRvdWJsZQkOLG5ldCUyRnBjcyUyRgUSHCUyNTNGeGFpAQj0aQFEQUtBT2pzdXBTTEZwNDFVQlJHSV96NHZuRlVWX0tlUE13NktUYUpkT09zbWRWYmh3bC1wU3dPamxIb3o3azZ6LXlzZ01jeFNGOFUwcUQ2YTRNQnBGTml2RUxlNVlNWU9kTnlkQzBYZnlwbmFGRDJWU1NlRTNHcVZMVDlMcEJJS1NzY2ZVd2oyRmN0VzFYZHJVdGVIZllhXzBpUkZHelh3azlCbTFtb01xU1ZpdzJ0eDg0cVhPdXVjWWFCazZCSVlKeFhqLWVNWUIzaU9idU05d3laS0NIejNxbm00WkplaURxRm9DRXJyYktBamFTWklsdUtOaFFLaElBdXFHR1NKamQzQWRKQ3hDakZIUkc2VllPNE50OTIxb0FlTDcxR0J4S2MtcE5yYkpPRUtSU1UtQnNWRjFyUzNEZS1kRjluNmtidHFFeUl4dkJsbDVjWUs0WG9GSWY4UkY4c01QQndSaGdnJTI1MjZzYS1v9MQBTWZsLVlRNFFEZ3FidkxadXZaU2R5TFFwMWFXZlY5c1ViOXN3QWhvMG9MYjRyakNlRHBfU2UzbVB6VTRhb1o3SUlPVk9PQUtzNW41ZkhMdWYtR0dUMkZCMTRka0EwSUhlVnFiTWVBMEhEUVVCTWltYVdrSnI0QWVCNlZjSkRKVjhXSXk2YnJVd2UwMlpHM1dPaDB5dXI0JTI1MjZzaWclMjUzRENnMEFyS0pTekM1N05HdGJsT29BRUFFJTI1MjZmYnNfYWVpZCUyNTNEJTI1NUJnd19mYnNhZWlkJTI1NUQlMjUyNnVybGZpeCUyNTNEMSUyNTI2YWR1cmwlMjUzRPABANgCAOACn_A_6gIWaHR0cHM6Ly93aGVyZWdvZXMuY29tL4ADAIgDAZADAJgDGaADAaoDmwMKsQJodHRwczovL3d3dy5iaW5nLmNvbS9hcGkvdjEvbWVkaWF0aW9uL3RyYWNraW5nP2FkVW5pdD0zOTE0NjYmYXVJZD04ZDM2M2FhYS0zOGMyLTQwYmEtODhkZi03NTc4MWVlZDI1ZTQmYmlkSWQ9MTUwMDAmYmlkZGVySWQ9NCZjbUV4cElkPVY3Jm9BMlsAVHB1Ymxpc2hlcklkPTE2MjY0NTMzMCYBDhQ4ZDM2M2F6cAA0cnR5cGU9bnVybCZ0YWcBRHA4Njc4MTE1JnRyYWZmaWNHcm91cD1rbmFxZV8zYxEWCFN1YgkZoHRxY2VjbmZmJmFpZD0ke0FVQ1RJT05fSUR9EgUxMjA4NRoTNDg0MjE0AQTw9TY5ODQwNTk1OCIJMzgxODQ2NzE0KgRiaW5nOjhVMlZoY21Ob1FXUWpOemc0T1RBeE5UTTROamczTWpRak1qTXpNRFk0T1RjM016STVPVFF3TkE9PcAD2ATIAwDYA8XU8gHgAwDoAwD4AwGABACSBAQvdHRqmAQAogQKODEuOTUuNS40MqgEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQA8AS6iYq2AYgFAZgFAKAF1Ne6yNOOg8UiwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFt79W-gUECAAQAJAGAJgGALgGAMEGAAUl6PA_0AbCjQTaBhYKEPuAmEwoXEVGpHHS0J2fmtUQAxgB4AYB8gYCCACABwGIBwCgBwHIB4TYBdIHDQkABUAEAAABsQjaBwYBXrwYAOAHAOoHAggA8AelO4oIAhAAlQgAAIA_mAgBwAgA0ggOCIGChIiQoMCAARAAGAA.&s=4aec8714d2924b35ab29e0d1f5e9f467c004c4b7

Requested by

Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?ttjb=1&bdc=1697508732&bdh=ZJyC52xUTZTdJ9qJYX2D0t7mrEk.&&bdref=https%3A%2F%2Fwheregoes.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwheregoes.com%2F,https%3A%2F%2F4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&&id=18678115&size=728x90&cb=2086422535&pubclick=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%253Fxai%253DAKAOjsupSLFp41UBRGI_z4vnFUV_KePMw6KTaJdOOsmdVbhwl-pSwOjlHoz7k6z-ysgMcxSF8U0qD6a4MBpFNivELe5YMYOdNydC0XfypnaFD2VSSeE3GqVLT9LpBIKSscfUwj2FctW1XdrUteHfYa_0iRFGzXwk9Bm1moMqSViw2tx84qXOuucYaBk6BIYJxXj-eMYB3iObuM9wyZKCHz3qnm4ZJeiDqFoCErrbKAjaSZIluKNhQKhIAuqGGSJjd3AdJCxCjFHRG6VYO4Nt921oAeL71GBxKc-pNrbJOEKRSU-BsVF1rS3De-dF9n6kbtqEyIxvBll5cYK4XoFIf8RF8sMPBwRhgg%2526sai%253DAMfl-YQ4QDgqbvLZuvZSdyLQp1aWfV9sUb9swAho0oLb4rjCeDp_Se3mPzU4aoZ7IIOVOOAKs5n5fHLuf-GGT2FB14dkA0IHeVqbMeA0HDQUBMimaWkJr4AeB6VcJDJV8WIy6brUwe02ZG3WOh0yur4%2526sig%253DCg0ArKJSzC57NGtblOoAEAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253D

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:12 GMT
an-x-request-uuid: be0df870-93ff-4926-bf2d-a00e792f206c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK analytics.js Show response
s.update.ib.adnxs.net/2/225545/ Frame C1FE 6 KB
3 KB 214ms
33ms Script
text/javascript 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.ib.adnxs.net/2/225545/analytics.js?dt=2255451533761563475000&pd=avt&di=https%3A%2F%2Fwheregoes.com%2F&ui=6489196053422144956&ap=&sr=8394&pp=1070141&ti=4842144214698405958&pv=fb80984c-285c-4546-a471-d2d09d9f9ad5&to=3&de=2&md=1&dm=728x90&gt=DE&ac=${CPG_ID}&pc=18678115&cr=381846714&c1=fra1&c2=0&cb=1736643631

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-216-59-119.eu-west-1.compute.amazonaws.com

Software

Resource Hash

41e7e545a8187a4a6d41ce74d560843b6c423239d88eb5a241ac73c418304713

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 17 Oct 2023 02:12:12 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: *
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Timing-Allow-Origin: *
Content-Length: 2809
Expires: 0

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/239/ Frame C1FE 80 KB
28 KB 165ms
15ms Script
application/x-javascript 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/239/trk.js
Requested by: Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?ttjb=1&bdc=1697508732&bdh=ZJyC52xUTZTdJ9qJYX2D0t7mrEk.&&bdref=https%3A%2F%2Fwheregoes.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwheregoes.com%2F,https%3A%2F%2F4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&&id=18678115&size=728x90&cb=2086422535&pubclick=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%253Fxai%253DAKAOjsupSLFp41UBRGI_z4vnFUV_KePMw6KTaJdOOsmdVbhwl-pSwOjlHoz7k6z-ysgMcxSF8U0qD6a4MBpFNivELe5YMYOdNydC0XfypnaFD2VSSeE3GqVLT9LpBIKSscfUwj2FctW1XdrUteHfYa_0iRFGzXwk9Bm1moMqSViw2tx84qXOuucYaBk6BIYJxXj-eMYB3iObuM9wyZKCHz3qnm4ZJeiDqFoCErrbKAjaSZIluKNhQKhIAuqGGSJjd3AdJCxCjFHRG6VYO4Nt921oAeL71GBxKc-pNrbJOEKRSU-BsVF1rS3De-dF9n6kbtqEyIxvBll5cYK4XoFIf8RF8sMPBwRhgg%2526sai%253DAMfl-YQ4QDgqbvLZuvZSdyLQp1aWfV9sUb9swAho0oLb4rjCeDp_Se3mPzU4aoZ7IIOVOOAKs5n5fHLuf-GGT2FB14dkA0IHeVqbMeA0HDQUBMimaWkJr4AeB6VcJDJV8WIy6brUwe02ZG3WOh0yur4%2526sig%253DCg0ArKJSzC57NGtblOoAEAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a9c49f9f526c232731b2ff9aa3e31b686b8b339bdd246bbf74f804c802f9755d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Expires: Wed, 10 Jul 2024 11:56:20 GMT
Date: Tue, 17 Oct 2023 02:12:12 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 8432153
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27646
X-Served-By: cache-lga21944-LGA, cache-fra-eddf8230128-FRA
Last-Modified: Tue, 11 Jul 2023 11:56:12 GMT
Server: AkamaiNetStorage
X-Timer: S1697508733.552194,VS0,VE0
ETag: "615fd4ad24a409f4de5416b603f042c1:1689076572.555276"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 5, 1890456

GET
H2 200 sdk.js Show response
adsdk.microsoft.com/native-to-display/ Frame EEC3 89 KB
36 KB 185ms
44ms Script
application/javascript 2620:1ec:46::45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://adsdk.microsoft.com/native-to-display/sdk.js
Requested by: Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?ttjb=1&bdc=1697508732&bdh=ZJyC52xUTZTdJ9qJYX2D0t7mrEk.&&bdref=https%3A%2F%2Fwheregoes.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwheregoes.com%2F,https%3A%2F%2F4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&&id=18678115&size=300x250&cb=1111313428&pubclick=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%253Fxai%253DAKAOjsuW4vWH1DxdYSJm25qy_H-FGRoc0knmOoLTmBvifnf87KhVPkHzBCSSOSBHNMqfrkWiyTgyxClpPNwDCEY8qJ8JIuyxgDXJwPPXp4Q4E3uYFq5LMcQzcuW8Kq3AHZvSKakHLjrCDjYEN79uqIpXbeyRMsgkP9FoO9XHBh_Yt-gB8mdumjBfxU1oZUyrIUW1H4BmcwMme3HEp6mVxs4nHAQJUGbyfo-IZv3ctLOUNXNSltzWlPTDSS_ohEIZsfXtnpE-XuT9t32NtPWqrmR4FhghG8Jt2OofvPXYix_IfWBZaetvSwWlG8OY5HWcIahI6vKTlZu9mEWDTYu2v-_vlFPs9JFXI5Cjfc4%2526sai%253DAMfl-YRRy9onM9-c7WUrNb1Y510kP_H0OtOaNdw8Vv5IFHBZdOurZh32K_Ni2WzJBPejNWij19SAJHcXEuoiEGbl_41rLZrMZaRRDRdQMGW_IBc32CvLnLrvIx6iIP7Rgo7fErfNEaOjpvCIvk_r1fI%2526sig%253DCg0ArKJSzFCjDYwi0uO_EAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e615f6f367dc60fdba6d1448d36ac3b9195d53b0547eecd900ec7ac5da35f87f

Request headers

Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
Origin: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Tue, 17 Oct 2023 02:12:12 GMT
content-encoding: br
last-modified: Tue, 10 Oct 2023 17:29:05 GMT
vary: Accept-Encoding
x-azure-ref: 20231017T021212Z-ee57er3bup1eh9h1kyxn7ahs8800000007a000000001xe4g
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 49722335-401e-005f-44fb-fc8092000000
cache-control: private, max-age=3600
x-cache: TCP_HIT
x-ms-version: 2009-09-19

GET
H2

200

c.gif
www.bing.com/aes/ Frame EEC3
Redirect Chain

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=308b0460-fa7a-4e95-b757-da1d38e10fb8&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=f7950f03-05c7-4d5d...
https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=f764d49b02fd42eb99b3c2449e1f8e1c&SNR=1&GV=2&med=10

0
184 B

41ms
40ms

Image
text/plain

2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=f764d49b02fd42eb99b3c2449e1f8e1c&SNR=1&GV=2&med=10
Requested by: Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:12 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7125664A9F5D41ADA7E0698DF9AB0142 Ref B: FRA31EDGE0708 Ref C: 2023-10-17T02:12:12Z
vary: Origin
x-cache: CONFIG_NOCACHE
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
cache-control: private,no-store
content-length: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=15724800; includeSubDomains
date: Tue, 17 Oct 2023 02:12:12 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FA79CFF0047449F8BC98CDFB4AD1631A Ref B: FRA31EDGE0708 Ref C: 2023-10-17T02:12:12Z
vary: Origin
x-cache: CONFIG_NOCACHE
content-type: text/html; charset=utf-8
location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=f764d49b02fd42eb99b3c2449e1f8e1c&SNR=1&GV=2&med=10
cache-control: no-cache, no-store, must-revalidate
content-length: 154
expires: 0

GET
H2 200 it
fra1-ib.adnxs.com/ Frame EEC3 0
642 B 20ms
7ms Image
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fra1-ib.adnxs.com/it?an_audit=0&referrer=https%3A%2F%2Fwheregoes.com%2F&e=wqT_3QLvDPBMbwYAAAMA1gAFAQj82repBhDLocuxjKyk1CkYvPvf0N6tkIdaKjYJ8Em0APpOej8RChN4TTr-eD8ZAAAAwPUovD8hChN4TTr-eD8p8EkJJNAxAAAAQOF6hD8w44L0CDjKQUC1XkjjA1C6iYq2AViY1VJgAGiR92t404YGgAEBigEDVVNEkgUG9OEFmAGsAqAB-gGoAQGwAQC4AQLAAQXIAQLQAQDYAQDgAQDqAbcFaHR0cHMlM0ElMkYlMkZhZGNsaWNrLmcuZG91YmxlY2xpY2submV0JTJGcGNzJTJGY2xpY2slMjUzRnhhaSUyNTNEQUtBT2pzdVc0dldIMUR4ZFlTSm0yNXF5X0gtRkdSb2Mwa25tT29MVG1CdmlmbmY4N0toVlBrSHpCQ1NTT1NCSE5NcWZya1dpeVRneXhDbHBQTndEQ0VZOHFKOEpJdXl4Z0RYSndQUFhwNFE0RTN1WUZxNUxNY1F6Y3VXOEtxM0FIWnZTS2FrSExqckNEallFTjc5dXFJcFhiZXlSTXNna1A5Rm9POVhIQmhfWXQtZ0I4bWR1bWpCZnhVMW9aVXlySVVXMUg0Qm1jd01tZTNIRXA2bVZ4czRuSEFRSlVHYnlmby1JWnYzY3RMT1VOWE5TbHR6V2xQVERTU19vaEVJWnNmWHRucEUtWHVUOXQzMk50UFdxcm1SNEZoZ2hHOEp0Mk9vZnZQWFlpeF9JZldCWmFldHZTd1dsRzhPWTVIV2NJYWhJNnZLVGxadTltRVdEVFl1MnYtX3ZsRlBzOUpGWEk1Q2pmYzQlMjUyNnNhaSUyNTNEQU1mbC1ZUlJ5OW9uTTktYzdXVXJOYjFZNTEwa1BfSDBPdE9hTmR3OFZ2NUlGSEJaZE91clpoMzJLX05pMld6SkJQZWpOV2lqMTlTQUpIY1hFdW9pRUdibF80MXJMWnJNWmFSUkRSZFFNR1dfSUJjMzJDdkxuTHJ2SXg2aUlQN1JnbzdmRXJmTkVhT2pwdkNJdmtfcjFmSSUyNTI2c2lnJTI1M0RDZzBBcktKU3pGQ2pEWXdpMHVPX0VBRSUyNTI2ZmJzX2FlaWQlMjUzRCUyNTVCZ3dfZmJzYWVpZCUyNTVEJTI1MjZ1cmxmaXglMjUzRDElMjUyNmFkdXJsJTI1M0TwAQDYAgDgAp_wP-oCFmh0dHBzOi8vd2hlcmVnb2VzLmNvbS-AAwCIAwGQAwCYAxmgAwGqA64DCsQCaHR0cHM6Ly93d3cuYmluZy5jb20vYXBpL3YxL21lZGlhdGlvbi90cmFja2luZz9hZFVuaXQ9MzkxNDY2JmF1SWQ9Zjc5NTBmMDMtMDVjNy00ZDVkLTgwNjEtZmVjYjkyZTQyNTk4JmJpZElkPTE1MDAwJmJpZGRlcklkPTQmY21FeHBJZD1MVjMmb0FkVW5pdD0zOTE0NjYmcHVibGlzaGVySWQ9MTYyNjQ1MzMwJnJJZD1mNzk1MGYwMy0wNWM3LTRkNWQtODA2MS1mZWNiOTJlNDI1OTgmcnR5cGU9bnVybCZ0YWdJZD0xODY3ODExNSZ0cmFmZmljR3JvdXA9a25hcWVfM2MmdHJhZmZpY1N1Ykdyb3VwPWtuYXFlXzNjX3B5dnB4cGJhc3Zlem5ndmJhJmFpZD0ke0FVQ1RJT05fSUR9EgUxMjA4NRoTMzAwMTgwODk5NjQ3MDU0MjUzOSIJMzgxODQ2NzE0KgRiaW5nOjhVMlZoY21Ob1FXUWpOekkwT1Rrek1UQXdNVE0zTnpZak1qTXlOREk1T0RnMk1UZzVNelkzTlE9PcAD2ATIAwDYA8XU8gHgAwDoAwD4AwGABACSBAQvdHRqmAQAogQKODEuOTUuNS40MqgEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQA8AS6iYq2AYgFAZgFAKAFxbjHh9G2zcMFwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFAPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbCjQTaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCgBwHIB9OGBtIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAHpTuKCAIQAJUIAACAP5gIAcAIANIIDgiBgoSIkKDAgAEQABgA&s=6ea554ed942dabaf006e7999b633ae26dd6f3357

Requested by

Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?ttjb=1&bdc=1697508732&bdh=ZJyC52xUTZTdJ9qJYX2D0t7mrEk.&&bdref=https%3A%2F%2Fwheregoes.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwheregoes.com%2F,https%3A%2F%2F4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&&id=18678115&size=300x250&cb=1111313428&pubclick=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%253Fxai%253DAKAOjsuW4vWH1DxdYSJm25qy_H-FGRoc0knmOoLTmBvifnf87KhVPkHzBCSSOSBHNMqfrkWiyTgyxClpPNwDCEY8qJ8JIuyxgDXJwPPXp4Q4E3uYFq5LMcQzcuW8Kq3AHZvSKakHLjrCDjYEN79uqIpXbeyRMsgkP9FoO9XHBh_Yt-gB8mdumjBfxU1oZUyrIUW1H4BmcwMme3HEp6mVxs4nHAQJUGbyfo-IZv3ctLOUNXNSltzWlPTDSS_ohEIZsfXtnpE-XuT9t32NtPWqrmR4FhghG8Jt2OofvPXYix_IfWBZaetvSwWlG8OY5HWcIahI6vKTlZu9mEWDTYu2v-_vlFPs9JFXI5Cjfc4%2526sai%253DAMfl-YRRy9onM9-c7WUrNb1Y510kP_H0OtOaNdw8Vv5IFHBZdOurZh32K_Ni2WzJBPejNWij19SAJHcXEuoiEGbl_41rLZrMZaRRDRdQMGW_IBc32CvLnLrvIx6iIP7Rgo7fErfNEaOjpvCIvk_r1fI%2526sig%253DCg0ArKJSzFCjDYwi0uO_EAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253D

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:12 GMT
an-x-request-uuid: 551a29e3-b3ca-48c2-b0ac-b4a0859e437c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK trk.js Show response
cdn.adnxs.com/v/s/239/ Frame EEC3 80 KB
28 KB 156ms
15ms Script
application/x-javascript 151.101.129.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.adnxs.com/v/s/239/trk.js
Requested by: Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?ttjb=1&bdc=1697508732&bdh=ZJyC52xUTZTdJ9qJYX2D0t7mrEk.&&bdref=https%3A%2F%2Fwheregoes.com%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Fwheregoes.com%2F,https%3A%2F%2F4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-40%2Fhtml%2Fcontainer.html&&id=18678115&size=300x250&cb=1111313428&pubclick=https%3A%2F%2Fadclick.g.doubleclick.net%2Fpcs%2Fclick%253Fxai%253DAKAOjsuW4vWH1DxdYSJm25qy_H-FGRoc0knmOoLTmBvifnf87KhVPkHzBCSSOSBHNMqfrkWiyTgyxClpPNwDCEY8qJ8JIuyxgDXJwPPXp4Q4E3uYFq5LMcQzcuW8Kq3AHZvSKakHLjrCDjYEN79uqIpXbeyRMsgkP9FoO9XHBh_Yt-gB8mdumjBfxU1oZUyrIUW1H4BmcwMme3HEp6mVxs4nHAQJUGbyfo-IZv3ctLOUNXNSltzWlPTDSS_ohEIZsfXtnpE-XuT9t32NtPWqrmR4FhghG8Jt2OofvPXYix_IfWBZaetvSwWlG8OY5HWcIahI6vKTlZu9mEWDTYu2v-_vlFPs9JFXI5Cjfc4%2526sai%253DAMfl-YRRy9onM9-c7WUrNb1Y510kP_H0OtOaNdw8Vv5IFHBZdOurZh32K_Ni2WzJBPejNWij19SAJHcXEuoiEGbl_41rLZrMZaRRDRdQMGW_IBc32CvLnLrvIx6iIP7Rgo7fErfNEaOjpvCIvk_r1fI%2526sig%253DCg0ArKJSzFCjDYwi0uO_EAE%2526fbs_aeid%253D%255Bgw_fbsaeid%255D%2526urlfix%253D1%2526adurl%253D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.129.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a9c49f9f526c232731b2ff9aa3e31b686b8b339bdd246bbf74f804c802f9755d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Expires: Wed, 10 Jul 2024 11:56:20 GMT
Date: Tue, 17 Oct 2023 02:12:12 GMT
Content-Encoding: gzip
Via: 1.1 varnish, 1.1 varnish
Age: 8432153
X-Cache: HIT, HIT
Connection: keep-alive
Content-Length: 27646
X-Served-By: cache-lga21944-LGA, cache-fra-eddf8230128-FRA
Last-Modified: Tue, 11 Jul 2023 11:56:12 GMT
Server: AkamaiNetStorage
X-Timer: S1697508733.552200,VS0,VE0
ETag: "615fd4ad24a409f4de5416b603f042c1:1689076572.555276"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=31536000
Accept-Ranges: bytes
X-Cache-Hits: 5, 1890457

GET
H2 200 th
www.bing.com/ Frame C1FE 11 KB
12 KB 10ms
10ms Image
image/jpeg 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/th?id=OADD2.8177738845434_17B3NB63J2OIE9QSLE&pid=21.2&c=3&w=200&h=105&qlt=90
Requested by: Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ec0b8114cba75656dac9a9a5f990dd5856f785c1467ec3b5baddf579edd3046d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4872601FEBAE46ACA6E05CC559D2D0CB Ref B: FRA31EDGE0708 Ref C: 2023-10-17T02:12:12Z
access-control-allow-methods: GET, POST, OPTIONS
x-cache: TCP_HIT
access-control-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
content-type: image/jpeg
cache-control: public, max-age=2592000
timing-allow-origin: *
access-control-allow-headers: *
content-length: 11389

GET
H2 200 th
www.bing.com/ Frame EEC3 8 KB
9 KB 10ms
10ms Image
image/jpeg 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/th?id=OADD2.7215827213951_16UKU82V8ESS73Y3E9&pid=21.2&c=3&w=300&h=157&qlt=90
Requested by: Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 7bd9acd25b6e6dfabfd03364f40b230808c814e71d9088869f45fe84df150c47

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5EDCDD213C654D6EA4B8A719DC8B3BDD Ref B: FRA31EDGE0708 Ref C: 2023-10-17T02:12:12Z
access-control-allow-methods: GET, POST, OPTIONS
x-cache: TCP_HIT
access-control-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
content-type: image/jpeg
cache-control: public, max-age=2592000
timing-allow-origin: *
access-control-allow-headers: *
content-length: 8632

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame A44C 52 KB
17 KB 35ms
7ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=8394&pub_id=1070141
Requested by: Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 58586
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 17 Oct 2023 02:12:12 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Oct 2023 09:55:16 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 3350, 333143
X-Served-By: cache-lga13626-LGA, cache-fra-eddf8230111-FRA
X-Timer: S1697508733.704809,VS0,VE0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 7097 52 KB
17 KB 21ms
7ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=8394&pub_id=1070141
Requested by: Host: 4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
URL: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 58587
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 17 Oct 2023 02:12:12 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Oct 2023 09:55:16 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 3350, 358941
X-Served-By: cache-lga13626-LGA, cache-fra-eddf8230132-FRA
X-Timer: S1697508733.711289,VS0,VE0

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame C1FE 0
0 47ms
45ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvISdBBqE_FAnP24cOhv1eWQUfsDgy7EcUYQ-jgb3Sb-JTXy-T59vyReIKd3GKb0dysFWOYsCXziH8zT6eF6yWvoElFM9l34ng5QBiy173Tgctd5r0jmQng4AMZwxwyzyQP_dcNk-urGSCvcieN21af8uAwj85EGFASboSQxKYeJDpWE1dbUBv25w5SJJrT8QPXa69Kjeh8tj6v0ghEtb4y3iQetdz1uiInU1xAwVKpUL4em2uOXxT9gnqyT0eNoqxkq_k4tVgrGWu8vtTJ9UxggDPehtBv8uYdRkNapm2nrfBaN2BNhsmGwTb1eoGFoEmfCLSDXZGv1WA0vGOk3a2oRW5h5v-Pn-Jz&sai=AMfl-YS7xlnOUe0MrmgN0WfwQOMiM6JFfiv_KgKI0mGbk8qIqwuNaoh4m_PYTPbnCwhEzX_ReBwAEegUknQK1qpCjKaroPNeVgn48hfCNz90oNPKc7ZbFJgu29Wyquh1zTA0XxaXpTgXBvkPmRbOnIo&sig=Cg0ArKJSzPVWa5lGXbePEAE&uach_m=[UACH]&urlfix=1&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 17 Oct 2023 02:12:12 GMT

POST
H2 200 vevent
fra1-ib.adnxs.com/ Frame EEC3 0
690 B 8ms
7ms Ping
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwheregoes.com%2F&e=wqT_3QLvDPBMbwYAAAMA1gAFAQj82repBhDLocuxjKyk1CkYvPvf0N6tkIdaKjYJ8Em0APpOej8RChN4TTr-eD8ZAAAAwPUovD8hChN4TTr-eD8p8EkJJNAxAAAAQOF6hD8w44L0CDjKQUC1XkjjA1C6iYq2AViY1VJgAGiR92t404YGgAEBigEDVVNEkgUG9OEFmAGsAqAB-gGoAQGwAQC4AQLAAQXIAQLQAQDYAQDgAQDqAbcFaHR0cHMlM0ElMkYlMkZhZGNsaWNrLmcuZG91YmxlY2xpY2submV0JTJGcGNzJTJGY2xpY2slMjUzRnhhaSUyNTNEQUtBT2pzdVc0dldIMUR4ZFlTSm0yNXF5X0gtRkdSb2Mwa25tT29MVG1CdmlmbmY4N0toVlBrSHpCQ1NTT1NCSE5NcWZya1dpeVRneXhDbHBQTndEQ0VZOHFKOEpJdXl4Z0RYSndQUFhwNFE0RTN1WUZxNUxNY1F6Y3VXOEtxM0FIWnZTS2FrSExqckNEallFTjc5dXFJcFhiZXlSTXNna1A5Rm9POVhIQmhfWXQtZ0I4bWR1bWpCZnhVMW9aVXlySVVXMUg0Qm1jd01tZTNIRXA2bVZ4czRuSEFRSlVHYnlmby1JWnYzY3RMT1VOWE5TbHR6V2xQVERTU19vaEVJWnNmWHRucEUtWHVUOXQzMk50UFdxcm1SNEZoZ2hHOEp0Mk9vZnZQWFlpeF9JZldCWmFldHZTd1dsRzhPWTVIV2NJYWhJNnZLVGxadTltRVdEVFl1MnYtX3ZsRlBzOUpGWEk1Q2pmYzQlMjUyNnNhaSUyNTNEQU1mbC1ZUlJ5OW9uTTktYzdXVXJOYjFZNTEwa1BfSDBPdE9hTmR3OFZ2NUlGSEJaZE91clpoMzJLX05pMld6SkJQZWpOV2lqMTlTQUpIY1hFdW9pRUdibF80MXJMWnJNWmFSUkRSZFFNR1dfSUJjMzJDdkxuTHJ2SXg2aUlQN1JnbzdmRXJmTkVhT2pwdkNJdmtfcjFmSSUyNTI2c2lnJTI1M0RDZzBBcktKU3pGQ2pEWXdpMHVPX0VBRSUyNTI2ZmJzX2FlaWQlMjUzRCUyNTVCZ3dfZmJzYWVpZCUyNTVEJTI1MjZ1cmxmaXglMjUzRDElMjUyNmFkdXJsJTI1M0TwAQDYAgDgAp_wP-oCFmh0dHBzOi8vd2hlcmVnb2VzLmNvbS-AAwCIAwGQAwCYAxmgAwGqA64DCsQCaHR0cHM6Ly93d3cuYmluZy5jb20vYXBpL3YxL21lZGlhdGlvbi90cmFja2luZz9hZFVuaXQ9MzkxNDY2JmF1SWQ9Zjc5NTBmMDMtMDVjNy00ZDVkLTgwNjEtZmVjYjkyZTQyNTk4JmJpZElkPTE1MDAwJmJpZGRlcklkPTQmY21FeHBJZD1MVjMmb0FkVW5pdD0zOTE0NjYmcHVibGlzaGVySWQ9MTYyNjQ1MzMwJnJJZD1mNzk1MGYwMy0wNWM3LTRkNWQtODA2MS1mZWNiOTJlNDI1OTgmcnR5cGU9bnVybCZ0YWdJZD0xODY3ODExNSZ0cmFmZmljR3JvdXA9a25hcWVfM2MmdHJhZmZpY1N1Ykdyb3VwPWtuYXFlXzNjX3B5dnB4cGJhc3Zlem5ndmJhJmFpZD0ke0FVQ1RJT05fSUR9EgUxMjA4NRoTMzAwMTgwODk5NjQ3MDU0MjUzOSIJMzgxODQ2NzE0KgRiaW5nOjhVMlZoY21Ob1FXUWpOekkwT1Rrek1UQXdNVE0zTnpZak1qTXlOREk1T0RnMk1UZzVNelkzTlE9PcAD2ATIAwDYA8XU8gHgAwDoAwD4AwGABACSBAQvdHRqmAQAogQKODEuOTUuNS40MqgEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQA8AS6iYq2AYgFAZgFAKAFxbjHh9G2zcMFwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFAPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbCjQTaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCgBwHIB9OGBtIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAHpTuKCAIQAJUIAACAP5gIAcAIANIIDgiBgoSIkKDAgAEQABgA&s=6ea554ed942dabaf006e7999b633ae26dd6f3357&type=nv&nvt=5&jm=1140|1141|1003&px=0&py=0&bw=300&bh=157&sid=5320270341864840554&vd=ct~0|rr~0&sv=239&tv=view7-1js&ua=chrome52&pl=win&x=v&tag_id=18678115&sw=1600&sh=1200&pw=300&ph=250&ww=300&wh=250&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/239/trk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:12 GMT
an-x-request-uuid: 51e020f4-d272-4eef-be28-3fc71d2819c5
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame EEC3 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d8ad8902e0539ab8839d4194b1c92515885f586fd023468923375c67a149142b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame EEC3 0
0 50ms
47ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsumt6BMxWQ6Y5YjrdKyO4sAiOutWvDQFoxBw5qY0GaVN6Vtg21nbJKQwxrI2gVYjn5T8ECNo_-RI34S5PI_7ZTz-3qfkPI_frIFqOrZq9l9TdWS4GYRRSzLodCtHIno-rVpwY1CFmumA0UkqhqwmLgXGUTNSU3QOq6dsglgau6Lk7AKP1AlKqyfgHX-G3BwVWETOhO0fhchXbof-ojZVifr6mHIflrjX_auNSCxVN05-aNxu1Jy3F9dyDuIDfZ9nBHPup4sddZSKr5ttZo9EaUgChmtz-2q1fjnvF2F_2Yahl9gC2pKt1JJoosJ1yVocqbDc7vpcR9YbpvTPVXqtxhLf6GAVGi9Xkop6tspDg&sai=AMfl-YSIS7e8nrwqRtP0dQ8iW5gnsnFPUEyYzmFegcC0Pr0A3RBiq1Saz1dkAPk72As737oBveGxCWf7x9lCUAJHl0JA4tic5Iz4_x2OkTTUq5AcvDkU7uKQj58nYfRvx4iL49SXuScbmHdTLyqmT3I&sig=Cg0ArKJSzPwWt3Pv8HG4EAE&uach_m=[UACH]&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:12 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 17 Oct 2023 02:12:12 GMT

POST
H2 200 vevent
fra1-ib.adnxs.com/ Frame C1FE 0
691 B 10ms
7ms Ping
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwheregoes.com%2F&e=wqT_3QLYDPBMWAYAAAMA1gAFAQj82repBhDG4L7iopCwmUMYvPvf0N6tkIdaKjYJKP72EnFeiT8RpqRqOLgZiD8ZAAAAwPUovD8hpqRqOLgZiD8pKP4JJNAxAAAAQOF6hD8w44L0CDjKQUC1XkjjA1C6iYq2AViY1VJgAGiR92t4hNgFgAEBigEDVVNEkgUG8ECYAdgFoAFaqAEBsAEAuAECwAEFyAEC0AEA2AEA4AEA6gGyBWh0dHBzJTNBJTJGJTJGYWRjbGljay5nLmRvdWJsZQkOLG5ldCUyRnBjcyUyRgUSHCUyNTNGeGFpAQj0aQFEQUtBT2pzdXBTTEZwNDFVQlJHSV96NHZuRlVWX0tlUE13NktUYUpkT09zbWRWYmh3bC1wU3dPamxIb3o3azZ6LXlzZ01jeFNGOFUwcUQ2YTRNQnBGTml2RUxlNVlNWU9kTnlkQzBYZnlwbmFGRDJWU1NlRTNHcVZMVDlMcEJJS1NzY2ZVd2oyRmN0VzFYZHJVdGVIZllhXzBpUkZHelh3azlCbTFtb01xU1ZpdzJ0eDg0cVhPdXVjWWFCazZCSVlKeFhqLWVNWUIzaU9idU05d3laS0NIejNxbm00WkplaURxRm9DRXJyYktBamFTWklsdUtOaFFLaElBdXFHR1NKamQzQWRKQ3hDakZIUkc2VllPNE50OTIxb0FlTDcxR0J4S2MtcE5yYkpPRUtSU1UtQnNWRjFyUzNEZS1kRjluNmtidHFFeUl4dkJsbDVjWUs0WG9GSWY4UkY4c01QQndSaGdnJTI1MjZzYS1v9MQBTWZsLVlRNFFEZ3FidkxadXZaU2R5TFFwMWFXZlY5c1ViOXN3QWhvMG9MYjRyakNlRHBfU2UzbVB6VTRhb1o3SUlPVk9PQUtzNW41ZkhMdWYtR0dUMkZCMTRka0EwSUhlVnFiTWVBMEhEUVVCTWltYVdrSnI0QWVCNlZjSkRKVjhXSXk2YnJVd2UwMlpHM1dPaDB5dXI0JTI1MjZzaWclMjUzRENnMEFyS0pTekM1N05HdGJsT29BRUFFJTI1MjZmYnNfYWVpZCUyNTNEJTI1NUJnd19mYnNhZWlkJTI1NUQlMjUyNnVybGZpeCUyNTNEMSUyNTI2YWR1cmwlMjUzRPABANgCAOACn_A_6gIWaHR0cHM6Ly93aGVyZWdvZXMuY29tL4ADAIgDAZADAJgDGaADAaoDmwMKsQJodHRwczovL3d3dy5iaW5nLmNvbS9hcGkvdjEvbWVkaWF0aW9uL3RyYWNraW5nP2FkVW5pdD0zOTE0NjYmYXVJZD04ZDM2M2FhYS0zOGMyLTQwYmEtODhkZi03NTc4MWVlZDI1ZTQmYmlkSWQ9MTUwMDAmYmlkZGVySWQ9NCZjbUV4cElkPVY3Jm9BMlsAVHB1Ymxpc2hlcklkPTE2MjY0NTMzMCYBDhQ4ZDM2M2F6cAA0cnR5cGU9bnVybCZ0YWcBRHA4Njc4MTE1JnRyYWZmaWNHcm91cD1rbmFxZV8zYxEWCFN1YgkZoHRxY2VjbmZmJmFpZD0ke0FVQ1RJT05fSUR9EgUxMjA4NRoTNDg0MjE0AQTw9TY5ODQwNTk1OCIJMzgxODQ2NzE0KgRiaW5nOjhVMlZoY21Ob1FXUWpOemc0T1RBeE5UTTROamczTWpRak1qTXpNRFk0T1RjM016STVPVFF3TkE9PcAD2ATIAwDYA8XU8gHgAwDoAwD4AwGABACSBAQvdHRqmAQAogQKODEuOTUuNS40MqgEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQA8AS6iYq2AYgFAZgFAKAF1Ne6yNOOg8UiwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFt79W-gUECAAQAJAGAJgGALgGAMEGAAUl6PA_0AbCjQTaBhYKEPuAmEwoXEVGpHHS0J2fmtUQAxgB4AYB8gYCCACABwGIBwCgBwHIB4TYBdIHDQkABUAEAAABsQjaBwYBXrwYAOAHAOoHAggA8AelO4oIAhAAlQgAAIA_mAgBwAgA0ggOCIGChIiQoMCAARAAGAA.&s=4aec8714d2924b35ab29e0d1f5e9f467c004c4b7&type=nv&nvt=5&jm=1140|1141|1003&px=0&py=0&bw=182&bh=90&sid=5320270341864840554&vd=ct~0|rr~0&sv=239&tv=view7-1js&ua=chrome52&pl=win&x=v&tag_id=18678115&sw=1600&sh=1200&pw=728&ph=90&ww=728&wh=90&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/239/trk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:12 GMT
an-x-request-uuid: d2572dc4-087d-41b3-a866-6d0fa4e6aca8
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ Frame C1FE 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 88bd688b3263e5c86b75480092fe4662b49825c420624053935352e31d44ad83

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK postback Show response
s.update.ib.adnxs.net/2/2.108.1/225545/Ak_DmKsLEALhyneq/ Frame C1FE 0
145 B 128ms
32ms XHR
text/plain 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.ib.adnxs.net/2/2.108.1/225545/Ak_DmKsLEALhyneq/postback?oz_pl=1&ti=4842144214698405958&dm=728x90&gt=DE&ac=%24%7BCPG_ID%7D&c1=fra1&dt=2255451533761563475000&di=https%3A%2F%2Fwheregoes.com%2F&ap=&pv=fb80984c-285c-4546-a471-d2d09d9f9ad5&cb=1736643631&ci=225545&pd=avt&sr=8394&pp=1070141&to=3&de=2&md=1&pc=18678115&ui=6489196053422144956&cr=381846714&c2=0&psv=2.108.1&_x=1
Requested by: Host: s.update.ib.adnxs.net
URL: https://s.update.ib.adnxs.net/2/225545/analytics.js?dt=2255451533761563475000&pd=avt&di=https%3A%2F%2Fwheregoes.com%2F&ui=6489196053422144956&ap=&sr=8394&pp=1070141&ti=4842144214698405958&pv=fb80984c-285c-4546-a471-d2d09d9f9ad5&to=3&de=2&md=1&dm=728x90&gt=DE&ac=${CPG_ID}&pc=18678115&cr=381846714&c1=fra1&c2=0&cb=1736643631
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 17 Oct 2023 02:12:12 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK main.js Show response
s.update.ib.adnxs.net/2/2.108.1/ Frame C1FE 145 KB
46 KB 33ms
33ms Script
text/javascript 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.ib.adnxs.net/2/2.108.1/main.js

Requested by

Host: s.update.ib.adnxs.net
URL: https://s.update.ib.adnxs.net/2/225545/analytics.js?dt=2255451533761563475000&pd=avt&di=https%3A%2F%2Fwheregoes.com%2F&ui=6489196053422144956&ap=&sr=8394&pp=1070141&ti=4842144214698405958&pv=fb80984c-285c-4546-a471-d2d09d9f9ad5&to=3&de=2&md=1&dm=728x90&gt=DE&ac=${CPG_ID}&pc=18678115&cr=381846714&c1=fra1&c2=0&cb=1736643631

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-216-59-119.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ba7e136907f01ca29a220c5ad825e0090365fdc435b90b831c46582062a150c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Tue, 17 Oct 2023 02:12:12 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: br
Accept-Ch: Viewport-Width, Viewport-Height, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: Origin, Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, no-transform, immutable, max-age=999999999
Timing-Allow-Origin: *
Content-Length: 47014
Expires: Thu, 24 Jun 2055 18:49:24 GMT

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame A44C 0
591 B 9ms
9ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=8394&pub_id=1070141&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=8394&pub_id=1070141

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:12 GMT
an-x-request-uuid: 8281d75c-4cff-4785-8cba-aaa216e0bee8
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame 7097 0
591 B 7ms
6ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=8394&pub_id=1070141&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=8394&pub_id=1070141

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:12 GMT
an-x-request-uuid: ce2ed13c-e98c-4784-a299-263df4700cc7
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 45ms
44ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202310090101&jk=2922396697822907&bg=!wcKlwo3NAAbFpEfJ5aQ7ADQBe5WfOB_M_7YqdmSJeMIcx7ZZXGXEtYuQ-l-eNAJ72uDr6HwWUWH1dhU_JutbJQrfBDIpAgAAAD5SAAAABWgBBwoACrosJNhVPnI8EBqZAwTgvaHsaokFpvU-puYhnQhROIzUIk1g3nHuXIpuLXHPz4Cejew0zIr9eJwKhKGWT5CoO6k_BTTHiymhcandwsHYETK-Z2bA-gFxpyD0d5C6OWC-cFTx7mxlRW1SJRTYegXHq8_H7_GV8---3QA4hVy6-o9ZeOUjQGwYN8zCRUVuk97Z8XPihCpWqSLo99d3lI9cwV3IgYaGBX2JCkcUM9w98jdyxr0uOezL9vD571-eoiKDez4mSyPOR8nWi9LotbLh8yMEc6HwT0akAYMQGyaCzYsngQTX3VxaAnjh57htTdu-zjTfQeAYL5cVR7MUXIZa_fPl8oVBcZDXEfAWY_ijANfFVg4mQgFsu_yxMq9wSPbGRTFVObwvKnolMA6xtq2aOxtImhv5yH5otyOlJ8AqkFmoRv79qmimxjTdUZLdMgAIBnlHhrhr-dublSsCQxWu6CiMyzoboNNn5ivtK963V_KJWyX6E8dOhc9rq367t3_mFiYU7B-gcc4ffM4Assd6DDs3crHSVkrUmk4moFtgTBvDdzEkKSVPUiTqMadOBiygn6sRoZf2YsBSq1RcFGbtXFm0j4eGMzP5Dw-GMvAKStLM0Mm5O-Qs7XWNEd5Mk_9lrfbkyDQt93xqeaU8K7s34xDlfX7-h7YH8059wZJWupcM5S07JY7K5X6TYs-tsfUysLZaAieukj_RAT_GmR3kZuA-YVy7rj0qJzYT3m7aG9x4swrfktfLFcGVld0Tj9s5lW20KMzghP5bF8Y34ahtb_7KU1F821K2Kzpmg1-0VS_QHgM7mh2JlCOBRhXxQtdhCrSIiLJfni7bvOjYeogaAhyfcv-RbKsuHL4bHIRa7fpOt1coodVg3WU3mS0j6Lij7-IL40uclLc1wJqDjYAK1a835PlwRfMKWyHfzHodXpXzmiYeVm1yY_MUv9-aVRF7Um0uQO59DmzJYNsrYS3tR1MEmE8KzXW2gOZ3wa6BiszyROvjb4lhBvKp9dMgfhHrH1JsmFb7nazTQI3i8RUTFVre
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

POST
H/1.1 200
OK postback Show response
s.update.ib.adnxs.net/2/2.108.1/225545/Ak_DmKsLEALhyneq/ Frame C1FE 0
145 B 32ms
32ms XHR
text/plain 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.ib.adnxs.net/2/2.108.1/225545/Ak_DmKsLEALhyneq/postback?oz_pl=1&ti=4842144214698405958&dm=728x90&gt=DE&ac=%24%7BCPG_ID%7D&c1=fra1&dt=2255451533761563475000&di=https%3A%2F%2Fwheregoes.com%2F&ap=&pv=fb80984c-285c-4546-a471-d2d09d9f9ad5&cb=1736643631&ci=225545&pd=avt&sr=8394&pp=1070141&to=3&de=2&md=1&pc=18678115&ui=6489196053422144956&cr=381846714&c2=0&psv=2.108.1&_x=1
Requested by: Host: s.update.ib.adnxs.net
URL: https://s.update.ib.adnxs.net/2/225545/analytics.js?dt=2255451533761563475000&pd=avt&di=https%3A%2F%2Fwheregoes.com%2F&ui=6489196053422144956&ap=&sr=8394&pp=1070141&ti=4842144214698405958&pv=fb80984c-285c-4546-a471-d2d09d9f9ad5&to=3&de=2&md=1&dm=728x90&gt=DE&ac=${CPG_ID}&pc=18678115&cr=381846714&c1=fra1&c2=0&cb=1736643631
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 17 Oct 2023 02:12:12 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.update.ib.adnxs.net/2/2.108.1/225545/Ak_DmKsLEALhyneq/ Frame C1FE 0
145 B 62ms
32ms XHR
text/plain 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.ib.adnxs.net/2/2.108.1/225545/Ak_DmKsLEALhyneq/postback?ti=4842144214698405958&dm=728x90&gt=DE&ac=%24%7BCPG_ID%7D&c1=fra1&dt=2255451533761563475000&di=https%3A%2F%2Fwheregoes.com%2F&ap=&pv=fb80984c-285c-4546-a471-d2d09d9f9ad5&cb=1736643631&ci=225545&pd=avt&sr=8394&pp=1070141&to=3&de=2&md=1&pc=18678115&ui=6489196053422144956&cr=381846714&c2=0&sid=Ak_DmKsLEALhyneq&oz_sc=6ce2236a2d8511eef0bab61b&oz_df=1697508732973&oz_l=3416&cv=3
Requested by: Host: s.update.ib.adnxs.net
URL: https://s.update.ib.adnxs.net/2/2.108.1/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 17 Oct 2023 02:12:12 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
BLOB 200
OK 82106e20-6c21-4516-8a02-3b5a43ba9343
https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/ Frame C1FE 817 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/82106e20-6c21-4516-8a02-3b5a43ba9343
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98a40f14a4a6d931c36936a220eb1bb644a5bbfa9ce6a9d6ce2f451bbf3a2b2b

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Length: 817
Content-Type

GET
BLOB 200
OK 29b4f9cb-d10c-43b6-bf14-b540ccf0686c
https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/ Frame 01B5 186 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/29b4f9cb-d10c-43b6-bf14-b540ccf0686c
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 985d2b656cce9486a1f152d7c4bbbc4cc1d5a65a0af9bd52e260bcc255bced06

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Length: 186
Content-Type: application/javascript

POST
H/1.1 200
OK postback Show response
s.update.ib.adnxs.net/2/2.108.1/225545/Ak_DmKsLEALhyneq/ Frame C1FE 0
145 B 33ms
33ms XHR
text/plain 54.216.59.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.ib.adnxs.net/2/2.108.1/225545/Ak_DmKsLEALhyneq/postback?ti=4842144214698405958&dm=728x90&gt=DE&ac=%24%7BCPG_ID%7D&c1=fra1&dt=2255451533761563475000&di=https%3A%2F%2Fwheregoes.com%2F&ap=&pv=fb80984c-285c-4546-a471-d2d09d9f9ad5&cb=1736643631&ci=225545&pd=avt&sr=8394&pp=1070141&to=3&de=2&md=1&pc=18678115&ui=6489196053422144956&cr=381846714&c2=0&sid=Ak_DmKsLEALhyneq&oz_sc=6ce2236a2d8511eef0bab61b&oz_df=1697508733227&oz_l=8877&cv=3
Requested by: Host: s.update.ib.adnxs.net
URL: https://s.update.ib.adnxs.net/2/2.108.1/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 54.216.59.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-216-59-119.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 17 Oct 2023 02:12:12 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 7F92 42 B
174 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss3EJ54pGW-gTM6gejz_OHAswBNZBPCan-vqajed3emjsV921pYhslkrd4zaiwMyCL6miiunSQaxFZama8egx8JufbrPjSs6kMzgh8ANpeDUrd1LJczjVYuU_3mel21&sig=Cg0ArKJSzLz0NqZcd1LHEAE&id=lidar2&mcvt=1000&p=666,1091,916,1391&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231011&bin=7&avms=nio&bs=1600,1200&mc=1&vu=1&app=0&itpl=3&adk=2861055222&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1697508732129&rpt=135&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

c.gif
www.bing.com/aes/ Frame C1FE
Redirect Chain

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=4d05e800-426d-40a3-be16-c961b929ca64&bidId=15000&bidderId=4&cmExpId=V7&oAdUnit=391466&publisherId=162645330&rId=8d363aaa-38c2-40ba-...
https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=fb3e1a2f35af4e39821d7c8c7564c2b8&tids=15000&med=10

0
203 B

34ms
34ms

Image
text/plain

2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=fb3e1a2f35af4e39821d7c8c7564c2b8&tids=15000&med=10
Protocol: H2
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:13 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 96EC3246B2C046DE89A30B0E8A8B68F9 Ref B: FRA31EDGE0708 Ref C: 2023-10-17T02:12:13Z
vary: Origin
x-cache: CONFIG_NOCACHE
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
cache-control: private,no-store
content-length: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=15724800; includeSubDomains
date: Tue, 17 Oct 2023 02:12:13 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B3D5F4082E44467688AFCBA71B4A9FA8 Ref B: FRA31EDGE0708 Ref C: 2023-10-17T02:12:13Z
vary: Origin
x-cache: CONFIG_NOCACHE
content-type: text/html; charset=utf-8
location: https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=fb3e1a2f35af4e39821d7c8c7564c2b8&tids=15000&med=10
cache-control: no-cache, no-store, must-revalidate
content-length: 146
expires: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame C1FE 42 B
64 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst5BqULDQElseElALM5mqEU4wXp7yYYxwDmAAVdkujILNheKCbJZ-rD7uMc4l7Yw1-juUK9MIKtCFHlkNZyG5pLAn2GnbbXkA3IaDsweZ8TkAfgV9bXBMjKO0xI5DYH&sig=Cg0ArKJSzFwzsQqmK7ZGEAE&id=lidar2&mcvt=1000&p=440,436,530,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231011&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=1696759606&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1697508732124&rpt=592&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame EEC3 42 B
64 B 45ms
45ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsu7IB0GiJY0pTo4Qo9Ko8AewYYblG4D4NzUDcbUI-YK7U3N-DN0I2cBGyMi-rEy6fshfRf-AJbvOeXNo-nenDjKX6d2Pccuds_NLIfn1d1s0BGMamW9fWJjV4sQrA16&sig=Cg0ArKJSzFpF2bz8bVOJEAE&id=lidar2&mcvt=1000&p=950,1091,1200,1391&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231011&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=19&adk=3809685794&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1697508732141&rpt=610&isd=0&lsd=0&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:13 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 vevent
fra1-ib.adnxs.com/ Frame C1FE 0
691 B 20ms
17ms Ping
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwheregoes.com%2F&e=wqT_3QLYDPBMWAYAAAMA1gAFAQj82repBhDG4L7iopCwmUMYvPvf0N6tkIdaKjYJKP72EnFeiT8RpqRqOLgZiD8ZAAAAwPUovD8hpqRqOLgZiD8pKP4JJNAxAAAAQOF6hD8w44L0CDjKQUC1XkjjA1C6iYq2AViY1VJgAGiR92t4hNgFgAEBigEDVVNEkgUG8ECYAdgFoAFaqAEBsAEAuAECwAEFyAEC0AEA2AEA4AEA6gGyBWh0dHBzJTNBJTJGJTJGYWRjbGljay5nLmRvdWJsZQkOLG5ldCUyRnBjcyUyRgUSHCUyNTNGeGFpAQj0aQFEQUtBT2pzdXBTTEZwNDFVQlJHSV96NHZuRlVWX0tlUE13NktUYUpkT09zbWRWYmh3bC1wU3dPamxIb3o3azZ6LXlzZ01jeFNGOFUwcUQ2YTRNQnBGTml2RUxlNVlNWU9kTnlkQzBYZnlwbmFGRDJWU1NlRTNHcVZMVDlMcEJJS1NzY2ZVd2oyRmN0VzFYZHJVdGVIZllhXzBpUkZHelh3azlCbTFtb01xU1ZpdzJ0eDg0cVhPdXVjWWFCazZCSVlKeFhqLWVNWUIzaU9idU05d3laS0NIejNxbm00WkplaURxRm9DRXJyYktBamFTWklsdUtOaFFLaElBdXFHR1NKamQzQWRKQ3hDakZIUkc2VllPNE50OTIxb0FlTDcxR0J4S2MtcE5yYkpPRUtSU1UtQnNWRjFyUzNEZS1kRjluNmtidHFFeUl4dkJsbDVjWUs0WG9GSWY4UkY4c01QQndSaGdnJTI1MjZzYS1v9MQBTWZsLVlRNFFEZ3FidkxadXZaU2R5TFFwMWFXZlY5c1ViOXN3QWhvMG9MYjRyakNlRHBfU2UzbVB6VTRhb1o3SUlPVk9PQUtzNW41ZkhMdWYtR0dUMkZCMTRka0EwSUhlVnFiTWVBMEhEUVVCTWltYVdrSnI0QWVCNlZjSkRKVjhXSXk2YnJVd2UwMlpHM1dPaDB5dXI0JTI1MjZzaWclMjUzRENnMEFyS0pTekM1N05HdGJsT29BRUFFJTI1MjZmYnNfYWVpZCUyNTNEJTI1NUJnd19mYnNhZWlkJTI1NUQlMjUyNnVybGZpeCUyNTNEMSUyNTI2YWR1cmwlMjUzRPABANgCAOACn_A_6gIWaHR0cHM6Ly93aGVyZWdvZXMuY29tL4ADAIgDAZADAJgDGaADAaoDmwMKsQJodHRwczovL3d3dy5iaW5nLmNvbS9hcGkvdjEvbWVkaWF0aW9uL3RyYWNraW5nP2FkVW5pdD0zOTE0NjYmYXVJZD04ZDM2M2FhYS0zOGMyLTQwYmEtODhkZi03NTc4MWVlZDI1ZTQmYmlkSWQ9MTUwMDAmYmlkZGVySWQ9NCZjbUV4cElkPVY3Jm9BMlsAVHB1Ymxpc2hlcklkPTE2MjY0NTMzMCYBDhQ4ZDM2M2F6cAA0cnR5cGU9bnVybCZ0YWcBRHA4Njc4MTE1JnRyYWZmaWNHcm91cD1rbmFxZV8zYxEWCFN1YgkZoHRxY2VjbmZmJmFpZD0ke0FVQ1RJT05fSUR9EgUxMjA4NRoTNDg0MjE0AQTw9TY5ODQwNTk1OCIJMzgxODQ2NzE0KgRiaW5nOjhVMlZoY21Ob1FXUWpOemc0T1RBeE5UTTROamczTWpRak1qTXpNRFk0T1RjM016STVPVFF3TkE9PcAD2ATIAwDYA8XU8gHgAwDoAwD4AwGABACSBAQvdHRqmAQAogQKODEuOTUuNS40MqgEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQA8AS6iYq2AYgFAZgFAKAF1Ne6yNOOg8UiwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFt79W-gUECAAQAJAGAJgGALgGAMEGAAUl6PA_0AbCjQTaBhYKEPuAmEwoXEVGpHHS0J2fmtUQAxgB4AYB8gYCCACABwGIBwCgBwHIB4TYBdIHDQkABUAEAAABsQjaBwYBXrwYAOAHAOoHAggA8AelO4oIAhAAlQgAAIA_mAgBwAgA0ggOCIGChIiQoMCAARAAGAA.&s=4aec8714d2924b35ab29e0d1f5e9f467c004c4b7&type=pv&jm=1140|1141|1003&px=0&py=0&bw=182&bh=90&sf=1&sid=5320270341864840554&vd=ct~0|rr~5&sv=239&tv=view7-1js&ua=chrome52&pl=win&x=v&tag_id=18678115&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/239/trk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:13 GMT
an-x-request-uuid: ca551250-4d54-4e5e-96fe-fc3ada26d600
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 200 vevent
fra1-ib.adnxs.com/ Frame EEC3 0
691 B 12ms
11ms Ping
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://fra1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Fwheregoes.com%2F&e=wqT_3QLvDPBMbwYAAAMA1gAFAQj82repBhDLocuxjKyk1CkYvPvf0N6tkIdaKjYJ8Em0APpOej8RChN4TTr-eD8ZAAAAwPUovD8hChN4TTr-eD8p8EkJJNAxAAAAQOF6hD8w44L0CDjKQUC1XkjjA1C6iYq2AViY1VJgAGiR92t404YGgAEBigEDVVNEkgUG9OEFmAGsAqAB-gGoAQGwAQC4AQLAAQXIAQLQAQDYAQDgAQDqAbcFaHR0cHMlM0ElMkYlMkZhZGNsaWNrLmcuZG91YmxlY2xpY2submV0JTJGcGNzJTJGY2xpY2slMjUzRnhhaSUyNTNEQUtBT2pzdVc0dldIMUR4ZFlTSm0yNXF5X0gtRkdSb2Mwa25tT29MVG1CdmlmbmY4N0toVlBrSHpCQ1NTT1NCSE5NcWZya1dpeVRneXhDbHBQTndEQ0VZOHFKOEpJdXl4Z0RYSndQUFhwNFE0RTN1WUZxNUxNY1F6Y3VXOEtxM0FIWnZTS2FrSExqckNEallFTjc5dXFJcFhiZXlSTXNna1A5Rm9POVhIQmhfWXQtZ0I4bWR1bWpCZnhVMW9aVXlySVVXMUg0Qm1jd01tZTNIRXA2bVZ4czRuSEFRSlVHYnlmby1JWnYzY3RMT1VOWE5TbHR6V2xQVERTU19vaEVJWnNmWHRucEUtWHVUOXQzMk50UFdxcm1SNEZoZ2hHOEp0Mk9vZnZQWFlpeF9JZldCWmFldHZTd1dsRzhPWTVIV2NJYWhJNnZLVGxadTltRVdEVFl1MnYtX3ZsRlBzOUpGWEk1Q2pmYzQlMjUyNnNhaSUyNTNEQU1mbC1ZUlJ5OW9uTTktYzdXVXJOYjFZNTEwa1BfSDBPdE9hTmR3OFZ2NUlGSEJaZE91clpoMzJLX05pMld6SkJQZWpOV2lqMTlTQUpIY1hFdW9pRUdibF80MXJMWnJNWmFSUkRSZFFNR1dfSUJjMzJDdkxuTHJ2SXg2aUlQN1JnbzdmRXJmTkVhT2pwdkNJdmtfcjFmSSUyNTI2c2lnJTI1M0RDZzBBcktKU3pGQ2pEWXdpMHVPX0VBRSUyNTI2ZmJzX2FlaWQlMjUzRCUyNTVCZ3dfZmJzYWVpZCUyNTVEJTI1MjZ1cmxmaXglMjUzRDElMjUyNmFkdXJsJTI1M0TwAQDYAgDgAp_wP-oCFmh0dHBzOi8vd2hlcmVnb2VzLmNvbS-AAwCIAwGQAwCYAxmgAwGqA64DCsQCaHR0cHM6Ly93d3cuYmluZy5jb20vYXBpL3YxL21lZGlhdGlvbi90cmFja2luZz9hZFVuaXQ9MzkxNDY2JmF1SWQ9Zjc5NTBmMDMtMDVjNy00ZDVkLTgwNjEtZmVjYjkyZTQyNTk4JmJpZElkPTE1MDAwJmJpZGRlcklkPTQmY21FeHBJZD1MVjMmb0FkVW5pdD0zOTE0NjYmcHVibGlzaGVySWQ9MTYyNjQ1MzMwJnJJZD1mNzk1MGYwMy0wNWM3LTRkNWQtODA2MS1mZWNiOTJlNDI1OTgmcnR5cGU9bnVybCZ0YWdJZD0xODY3ODExNSZ0cmFmZmljR3JvdXA9a25hcWVfM2MmdHJhZmZpY1N1Ykdyb3VwPWtuYXFlXzNjX3B5dnB4cGJhc3Zlem5ndmJhJmFpZD0ke0FVQ1RJT05fSUR9EgUxMjA4NRoTMzAwMTgwODk5NjQ3MDU0MjUzOSIJMzgxODQ2NzE0KgRiaW5nOjhVMlZoY21Ob1FXUWpOekkwT1Rrek1UQXdNVE0zTnpZak1qTXlOREk1T0RnMk1UZzVNelkzTlE9PcAD2ATIAwDYA8XU8gHgAwDoAwD4AwGABACSBAQvdHRqmAQAogQKODEuOTUuNS40MqgEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANoEAggB4AQA8AS6iYq2AYgFAZgFAKAFxbjHh9G2zcMFwAUAyQUAAAAAAADwP9IFCQkAAAAAAAAAANgFAeAFAfAFAPoFBAgAEACQBgCYBgC4BgDBBgAAAAAAAPA_0AbCjQTaBhYKEAAAAAAAAAAAAAAAAAAAAAAQABgA4AYB8gYCCACABwGIBwCgBwHIB9OGBtIHDQkAAAAAAAAAABAAGADaBwYIABAAGADgBwDqBwIIAPAHpTuKCAIQAJUIAACAP5gIAcAIANIIDgiBgoSIkKDAgAEQABgA&s=6ea554ed942dabaf006e7999b633ae26dd6f3357&type=pv&jm=1140|1141|1003&px=0&py=0&bw=300&bh=157&sf=1&sid=5320270341864840554&vd=ct~0|rr~5&sv=239&tv=view7-1js&ua=chrome52&pl=win&x=v&tag_id=18678115&ft=3

Requested by

Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/239/trk.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:13 GMT
an-x-request-uuid: a9429d15-ced9-4eff-89d8-9a195462cb50
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

c.gif
www.bing.com/aes/ Frame EEC3
Redirect Chain

https://www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=308b0460-fa7a-4e95-b757-da1d38e10fb8&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=f7950f03-05c7-4d5d...
https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=f764d49b02fd42eb99b3c2449e1f8e1c&tids=15000&med=10

0
185 B

31ms
31ms

Image
text/plain

2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=f764d49b02fd42eb99b3c2449e1f8e1c&tids=15000&med=10
Protocol: H2
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:13 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 54746E23FA4246D2A91B263B49F3F298 Ref B: FRA31EDGE0708 Ref C: 2023-10-17T02:12:13Z
vary: Origin
x-cache: CONFIG_NOCACHE
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
cache-control: private,no-store
content-length: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=15724800; includeSubDomains
date: Tue, 17 Oct 2023 02:12:13 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 768B35C9C2AD460DA93A0ACCFD21FCB8 Ref B: FRA31EDGE0708 Ref C: 2023-10-17T02:12:13Z
vary: Origin
x-cache: CONFIG_NOCACHE
content-type: text/html; charset=utf-8
location: https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=f764d49b02fd42eb99b3c2449e1f8e1c&tids=15000&med=10
cache-control: no-cache, no-store, must-revalidate
content-length: 146
expires: 0

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame A44C 0
591 B 9ms
9ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=8394&pub_id=1070141&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=8394&pub_id=1070141

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:13 GMT
an-x-request-uuid: 38a9187f-102f-4887-98b5-30ac31fa58b3
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame 7097 0
591 B 9ms
8ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels&seller_id=8394&pub_id=1070141&gdpr=0

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=8394&pub_id=1070141

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:13 GMT
an-x-request-uuid: 9dcfb221-5d88-4d67-b0c3-9b710153554f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 publishertag.prebid.136.js Show response
static.criteo.net/js/ld/ 93 KB
30 KB 18ms
18ms Script
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.136.js

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0c1ce1aa8e07e9cd49cd881147c0495b5c636dab10ab1c30ceb935b74a8c0ecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:13 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 19 May 2023 17:15:21 GMT
server: nginx
etag: W/"6467aea9-175c4"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 18 Oct 2023 02:12:13 GMT

GET
H2 200 syncframe Show response
gum.criteo.com/ Frame BFAD 15 KB
6 KB 17ms
15ms Document
text/html 2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://gum.criteo.com/syncframe?origin=publishertag&topUrl=wheregoes.com

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.136.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: private, max-age=3600
content-encoding: gzip
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 17 Oct 2023 02:12:13 GMT
server: Kestrel
server-processing-duration-in-ticks: 993175
strict-transport-security: max-age=31536000; preload;
vary: Accept-Encoding

GET
H2 200 publishertag.prebid.136.js Show response
static.criteo.net/js/ld/ 93 KB
30 KB 51ms
25ms XHR
text/javascript 2a02:2638:3::3
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.criteo.net/js/ld/publishertag.prebid.136.js

Requested by

Host: static.criteo.net
URL: https://static.criteo.net/js/ld/publishertag.prebid.136.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a02:2638:3::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

nginx /

Resource Hash

0c1ce1aa8e07e9cd49cd881147c0495b5c636dab10ab1c30ceb935b74a8c0ecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://wheregoes.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:14 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; preload;
last-modified: Fri, 19 May 2023 17:15:21 GMT
server: nginx
etag: W/"6467aea9-175c4"
content-type: text/javascript
access-control-allow-origin: *
cache-control: max-age=86400, public
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
expires: Wed, 18 Oct 2023 02:12:14 GMT

GET
H2

200

sid Show response
mug.criteo.com/ Frame BFAD
Redirect Chain

https://gum.criteo.com/sid/json?origin=publishertag&domain=wheregoes.com&sn=ChromeSyncframe&so=3&topUrl=wheregoes.com&bundle=afHZlF96ZFN5RzFKMFpYeGdBY2cxdThsSFo4Z0V2UXdBaiUyRjBTaE95N0ZoUzJsTFMlMkZ6...
https://mug.criteo.com/sid?cpp=fqUNVXw0KzZ6UFladll3SDEwOExvUUhCQjZwSnlmREUzUjY5cDd1blFtYWhhRTNzQ0FNekhnUmdMQ0tLMGJLZGxQRWNURE5adVNWaW14elo3eTV2NUZpUGVZSVBkMnhpeWpwaG55UlhJZE84SC9ZQ0pzNS9OVkRvTnhMeE...

430 B
654 B

13ms
13ms

Fetch
application/json

2a02:2638:3::c
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL

https://mug.criteo.com/sid?cpp=fqUNVXw0KzZ6UFladll3SDEwOExvUUhCQjZwSnlmREUzUjY5cDd1blFtYWhhRTNzQ0FNekhnUmdMQ0tLMGJLZGxQRWNURE5adVNWaW14elo3eTV2NUZpUGVZSVBkMnhpeWpwaG55UlhJZE84SC9ZQ0pzNS9OVkRvTnhMeEFTend2ak56QTh2THE3aG5PdUN3N2RIdmQrUThGRWUxOEZ3RWZLMkhwWjZsQ1N3eGlvV0ZCMXZ2VzNzRU9HL0NFdFZ3WHI4aWIraFhvaHFjQ3FwTC9PbkNTV0kwa09FSG5ISTZVbFlPMVFaR0J4N05TS0hPVERJeXJOT29iN0Fic0k1ZXQ0UTFROFlhSUNoMVNEWjlYNlBoWkFQU0c0akhGQ3JxUkE1NnNPM2J3cE5tSHIwQT18&cppv=2

Protocol

Server

2a02:2638:3::c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

7b028a4a7684c89aa89c920b2b8972625fd8ca22c7c14d46bf3717582d11bb4e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gum.criteo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:13 GMT
strict-transport-security: max-age=31536000; preload;
content-encoding: gzip
server: Kestrel
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: https://gum.criteo.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
server-processing-duration-in-ticks: 720453
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:13 GMT
strict-transport-security: max-age=31536000; preload;
server: Kestrel
location: https://mug.criteo.com/sid?cpp=fqUNVXw0KzZ6UFladll3SDEwOExvUUhCQjZwSnlmREUzUjY5cDd1blFtYWhhRTNzQ0FNekhnUmdMQ0tLMGJLZGxQRWNURE5adVNWaW14elo3eTV2NUZpUGVZSVBkMnhpeWpwaG55UlhJZE84SC9ZQ0pzNS9OVkRvTnhMeEFTend2ak56QTh2THE3aG5PdUN3N2RIdmQrUThGRWUxOEZ3RWZLMkhwWjZsQ1N3eGlvV0ZCMXZ2VzNzRU9HL0NFdFZ3WHI4aWIraFhvaHFjQ3FwTC9PbkNTV0kwa09FSG5ISTZVbFlPMVFaR0J4N05TS0hPVERJeXJOT29iN0Fic0k1ZXQ0UTFROFlhSUNoMVNEWjlYNlBoWkFQU0c0akhGQ3JxUkE1NnNPM2J3cE5tSHIwQT18&cppv=2
cache-control: no-cache, no-store, must-revalidate
server-processing-duration-in-ticks: 309471
content-length: 0
expires: 0

GET
H/1.1 200
OK async_usersync.html Show response
acdn.adnxs.com/dmp/ Frame 3C5E 52 KB
17 KB 8ms
7ms Document
text/html 151.101.193.108
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://acdn.adnxs.com/dmp/async_usersync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.193.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: 3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 58589
Cache-Control: max-age=86402
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 17053
Content-Type: text/html
Date: Tue, 17 Oct 2023 02:12:14 GMT
ETag: W/"623de86a-cf34"
Expires: Sun, 01 Oct 2023 09:55:16 GMT
Last-Modified: Fri, 25 Mar 2022 16:06:02 GMT
Server: nginx/1.18.0 (Ubuntu)
Vary: Accept-Encoding
Via: 1.1 varnish, 1.1 varnish
X-Cache: HIT, HIT
X-Cache-Hits: 3350, 358946
X-Served-By: cache-lga13626-LGA, cache-fra-eddf8230132-FRA
X-Timer: S1697508735.988314,VS0,VE0

GET
H/1.1 200
OK usync.html Show response
eus.rubiconproject.com/ Frame C6C3 281 B
554 B 50ms
7ms Document
text/html 95.101.149.233

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.149.233 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 17 Oct 2023 02:12:15 GMT
ETag: "4014f-119-6051b805b8000"
Last-Modified: Mon, 11 Sep 2023 20:52:16 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

GET
H2 200 sync.html Show response
public.servenobid.com/ Frame 8E0B 9 KB
4 KB 54ms
9ms Document
text/html 13.32.27.45

General

Check archive.org

Show headers Download Go to

Full URL: https://public.servenobid.com/sync.html
Requested by: Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.27.45 -, , ASN (),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1c20d54555b098aef8269b6fa89b316fa731aac67e6926c1203c27edf8cf9dbd

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 67176
cache-control: max-age=86400
content-encoding: br
content-type: text/html
date: Mon, 16 Oct 2023 07:32:40 GMT
etag: W/"ea81456e0a6e1fca0e7a864b1d3121aa"
last-modified: Mon, 02 Oct 2023 23:54:30 GMT
server: AmazonS3
vary: Accept-Encoding Origin
via: 1.1 fdc45b521af7652438141328494a79d2.cloudfront.net (CloudFront)
x-amz-cf-id: Cv8OnV64v_W6dbF_0l-IfJn9ljmDO7ddlUYC23zX4PCewoHqYnE57Q==
x-amz-cf-pop: FRA56-C2
x-amz-meta-codebuild-buildarn: arn:aws:codebuild:us-east-1:559734745816:build/adserver-public-prod:58584356-ee8f-4de0-abcc-b50f847fba2c
x-amz-meta-codebuild-content-md5: d3f9c0952d74faa30fada14e06b377b0
x-amz-meta-codebuild-content-sha256: 8aa4841af9e8588faa6f0e126d94acab1f39eb0115dfa16eac2daccf149690d0
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront

GET
H2 204 /
onetag-sys.com/usync/ Frame 6752 0
0 8ms
8ms Document
text/plain 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?cb=1697508731473

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 checksync.php Show response
contextual.media.net/ Frame 5A86 24 KB
8 KB 37ms
20ms Document
text/html 95.101.148.20

General

Check archive.org

Show headers Download Go to

Full URL

https://contextual.media.net/checksync.php?vsSync=1&cs=8&cv=31&https=1&cid=8CU18831I&prvid=2034%2C2033%2C2031%2C2030%2C273%2C233%2C2028%2C2027%2C236%2C2025%2C237%2C117%2C359%2C437%2C97%2C55%2C99%2C2045%2C3012%2C3011%2C3010%2C244%2C201%2C3007%2C246%2C4%2C203%2C446%2C9%2C407%2C2011%2C2055%2C2099%2C3022%2C3020%2C173%2C294%2C251%2C175%2C450%2C2009%2C178%2C255%2C3018%2C3017%2C214%2C336%2C3014%2C337%2C459%2C339%2C70%2C77%2C38%2C182%2C261%2C141%2C262%2C461%2C222%2C301%2C345%2C225%2C468%2C10000%2C80%2C108%2C229%2C307&itype=PREBID&purpose1=1&gdprconsent=0&gdpr=1&coppa=0&usp_status=0&usp_consent=1

Requested by

Host: cdn4.buysellads.net
URL: https://cdn4.buysellads.net/pub/wheregoes.js?1697508600000

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

95.101.148.20 -, , ASN (),

Reverse DNS

Software

Apache /

Resource Hash

53eb4ff1b56736ccdf51b75c1c97bc9407d6512af0999abf3f834632b1b40153

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://wheregoes.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=172800
content-encoding: gzip
content-length: 8515
content-type: text/html; charset=UTF-8
date: Tue, 17 Oct 2023 02:12:15 GMT
expires: Thu, 19 Oct 2023 02:12:15 GMT
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-mnet-hl2: E

GET
H2 200 async_usersync Show response
ib.adnxs.com/ Frame 3C5E 0
591 B 8ms
7ms Script
text/html 37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/async_usersync?cbfn=queuePixels

Requested by

Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://acdn.adnxs.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
an-x-request-uuid: c6f48d69-0772-4159-9707-6bac7109977c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
cache-control: no-store, no-cache, private
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame C6C3 38 KB
11 KB 8ms
8ms Script
text/html 95.101.149.233

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.149.233 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: b50028fc69adb1ad4565caec02ceebb0f4ce91ba0dffdf76a02baea233272dca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Tue, 17 Oct 2023 02:12:15 GMT
Content-Encoding: gzip
Last-Modified: Mon, 16 Oct 2023 22:24:29 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=72709
Connection: keep-alive
Content-Length: 10838
Expires: Tue, 17 Oct 2023 22:24:04 GMT

GET
H2 200 13926 Show response
g2.gumgum.com/usync/ Frame 58C1 3 KB
1 KB 129ms
33ms Document
text/html 52.18.35.108

General

Check archive.org

Show headers Download Go to

Full URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.18.35.108 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ebfb3bceae48c58e464951536fb5d8c6f2bcf6748202986e72f2ce79e68c1069

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Tue, 17 Oct 2023 02:12:15 GMT
etag: W/"05b41b2b2b4c306e103c5a1f50253d656"
server: nginx
timing-allow-origin: *

GET
H2 204 /
onetag-sys.com/usync/ Frame 7B7A 0
0 11ms
9ms Document
text/plain 51.89.9.253
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://onetag-sys.com/usync/?pubId=694e68b73971b58&gdpr=0&gdpr_consent=&us_privacy=1YN-&https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D318%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

51.89.9.253 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip253.ip-51-89-9.eu

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store
strict-transport-security: max-age=15552000

GET
H2 200 sync Show response
ssbsync.smartadserver.com/api/ Frame EC6C 907 B
1 KB 262ms
23ms Document
text/html 185.86.139.101

General

Check archive.org

Show headers Download Go to

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.101 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e30390e6cbf00e9197aa67d9ebb5692966cf768c6d48500c8929f16037f5de8e

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 907
content-type: text/html
date: Tue, 17 Oct 2023 02:12:14 GMT

GET
H2

200

usermatch Show response
ssum-sec.casalemedia.com/ Frame 334D
Redirect Chain

https://ssum-sec.casalemedia.com/usermatch?s=195491&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D
https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1

2 KB
883 B

28ms
26ms

Document
text/html

104.18.27.193

General

Check archive.org

Show headers Download Go to

Full URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.27.193 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: aad6e29f1f9e70059dd5bb8d8e352dd8c4060079a445bcd8b48764ecc6ee7267

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 817503fa9e129180-FRA
content-encoding: br
content-type: text/html
date: Tue, 17 Oct 2023 02:12:15 GMT
expires: 0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NRjBEvdeMluYNUJSY8E5ZAJMTeZfmVaGsujiNM9nYxmgQCUavSZz5tJaAyrNQptNwho%2B4afMt7KGF%2Fr9rX2S2uUo4yvY1grhR4ErvSLdSV2I5kA%2FzIFd8NaKWh1PI8zcTdrpDSiwS7BmOw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

Redirect headers

alt-svc: h3=":443"; ma=86400
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-ray: 817503fa6e079180-FRA
content-length: 0
date: Tue, 17 Oct 2023 02:12:15 GMT
expires: 0
location: /usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ngQtBLBgOKg%2BEjWyEz1mCthjm7zpSjtiaijmiGuq9YikhhKPguY72Bcd%2F7PhsoR0UmwMQ7Dcto4V%2FI3yyjHTgee9NwKiOYvZLbFFgvYIUx0eqoozJ%2FbU3M0%2BhBHOQlmPx1gaMK3qdaVVgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 8946
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=duration_media&endpoint=us-east
https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east

281 B
554 B

7ms
7ms

Document
text/html

95.101.149.233

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.149.233 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 17 Oct 2023 02:12:15 GMT
ETag: "4014f-119-6051b805b8000"
Last-Modified: Mon, 11 Sep 2023 20:52:16 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 17 Oct 2023 02:12:15 GMT
location: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
server: AkamaiGHost

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 7168 15 KB
6 KB 49ms
8ms Document
text/html 23.32.184.192

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.184.192 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=62566
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Tue, 17 Oct 2023 02:12:15 GMT
expires: Tue, 17 Oct 2023 19:35:01 GMT
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 sync-iframe Show response
cs-rtb.minutemedia-prebid.com/ Frame B903 0
524 B 158ms
99ms Document
text/html 2600:9000:223f:8600:1f:4c18:bd40:93a1

General

Check archive.org

Show headers Download Go to

Full URL: https://cs-rtb.minutemedia-prebid.com/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D348%26uid%3D%7BpartnerId%7D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:8600:1f:4c18:bd40:93a1 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://public.servenobid.com/
content-length: 0
content-type: text/html
date: Tue, 17 Oct 2023 02:12:15 GMT
server: istio-envoy
via: 1.1 08d7dbeb0736051b46014fbaac0a421e.cloudfront.net (CloudFront)
x-amz-cf-id: ch4eg4Uv7cCCQB67r56LBlNt1cA8N5D7L3-Rc4LIjxEVOO3Q1EFueQ==
x-amz-cf-pop: FRA56-P5
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 0
x-reason: could not perform CS due to GDPR policy: gdpr is not applied

GET
H/1.1 200
OK user-sync Show response
sync.adkernel.com/ Frame BD57 0
160 B 69ms
13ms Document
text/plain 77.245.57.72

General

Check archive.org

Show headers Download Go to

Full URL: https://sync.adkernel.com/user-sync?zone=181225&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D152%26uid%3D%7BUID%7D&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 77.245.57.72 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 0
Cache-Control: no-store
Connection: close
Content-Length: 0
Date: Tue, 17 Oct 2023 02:12:15 GMT
Pragma: no-cache
Server: nginx

GET
H2 200 sync-iframe Show response
cs-server-s2s.yellowblue.io/ Frame D65D 0
370 B 348ms
105ms Document
text/html 34.228.176.115

General

Check archive.org

Show headers Download Go to

Full URL: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D352%26uid%3D%7BpartnerId%7D
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 34.228.176.115 -, , ASN (),
Reverse DNS
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://public.servenobid.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin: https://public.servenobid.com/
content-length: 0
content-type: text/html
date: Tue, 17 Oct 2023 02:12:15 GMT
server: istio-envoy
x-envoy-upstream-service-time: 0
x-reason: could not perform CS due to GDPR policy: gdpr is not applied

GET
H2

200

sync
ads.servenobid.com/ Frame 8E0B
Redirect Chain

https://ib.adnxs.com/getuid?https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D312%26uid%3D%24UID
https://ads.servenobid.com/sync?pid=312&uid=6489196053422144956

0
344 B

35ms
34ms

Image
image/avif

34.254.59.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=312&uid=6489196053422144956
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.254.59.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-59-116.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
an-x-request-uuid: 115259d8-9c85-4a7f-9318-fe5e6e3666fa
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://ads.servenobid.com/sync?pid=312&uid=6489196053422144956
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 8E0B
Redirect Chain

https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D
https://ce.lijit.com/merge?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&location=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%5BSOVRNID%5D&dnr=1
https://ads.servenobid.com/sync?pid=310&uid=Hf6ksRZHFMV5DuskREOGMdtm

0
350 B

33ms
33ms

Image
image/avif

34.254.59.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=310&uid=Hf6ksRZHFMV5DuskREOGMdtm
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.254.59.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-59-116.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Pragma: no-cache
Date: Tue, 17 Oct 2023 02:12:15 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Location: https://ads.servenobid.com/sync?pid=310&uid=Hf6ksRZHFMV5DuskREOGMdtm
Cache-Control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
X-Sovrn-Pod: ad_ap4ams1
Content-Length: 0
Expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H/1.1 204
No Content pixel
ap.lijit.com/ Frame 8E0B 0
277 B 182ms
179ms Image
text/plain 63.251.14.3
INTERNAP-BLOCK-4

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ap.lijit.com/pixel?pid=273657&3pid=273657&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D310%26uid%3D%24UID
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 63.251.14.3 , United States, ASN14744 (INTERNAP-BLOCK-4, US),
Reverse DNS: 3.14.251.63.unassigned.ord.singlehop.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Tue, 17 Oct 2023 02:12:15 GMT
Access-Control-Allow-Credentials: true
X-Sovrn-Pod: ad_ap2sea1
Access-Control-Allow-Headers: X-Requested-With, Content-Type
Access-Control-Allow-Methods: GET, POST, DELETE, PUT

GET

cs
ad.turn.com/r/ Frame 8E0B
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=duration&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D
https://sync.1rx.io/usersync2/rmpssp?sub=duration&zcc=1&redir=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D321%26uid%3D%5BRX_UUID%5D&cb=1697508735130
https://ad.turn.com/r/cs?pid=45&rndcb=8615226555

0
0

GET
H2

200

sync
ads.servenobid.com/ Frame 8E0B
Redirect Chain

https://p.rfihub.com/cm?pub=44007&in=1
https://ads.servenobid.com/sync?pid=324&uid=5140084927756967657

0
344 B

33ms
32ms

Image
image/avif

34.254.59.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=324&uid=5140084927756967657
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.254.59.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-59-116.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

Location: https://ads.servenobid.com/sync?pid=324&uid=5140084927756967657
Date: Tue, 17 Oct 2023 02:12:15 GMT
Server: Jetty(9.4.51.v20230217)
Content-Length: 0
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

GET
H2 200 usa
sync.go.sonobi.com/ Frame 8E0B 0
399 B 332ms
92ms Image
text/plain 69.166.1.34

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/usa?loc=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D332%26uid%3D

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

69.166.1.34 -, , ASN (),

Reverse DNS

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
server: sonobi-go
vary: negotiate,Accept-Encoding
x-go-server: go-iad-2-5-30
content-type: text/plain; charset=utf8
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store, private
tcn: Choice
content-length: 0
x-xss-protection: 0
expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 8E0B
Redirect Chain

https://prebid.a-mo.net/cchain/0?gdpr=0&gdpr_consent=&us_privacy=1YN-&&cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D327%26uid%3D
https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1YN-&gdpr=0

0
252 B

34ms
34ms

Image
image/avif

34.254.59.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1YN-&gdpr=0
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.254.59.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-59-116.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

location: https://ads.servenobid.com/sync?pid=327&uid=&us_privacy=1YN-&gdpr=0
date: Tue, 17 Oct 2023 02:12:14 GMT
cache-control: max-age=0, private, must-revalidate
x-envoy-upstream-service-time: 0
server: envoy
content-length: 0

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58559/ Frame 8E0B 0
125 B 40ms
9ms Image
text/plain 3.71.149.231

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58559/occ

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 -, , ASN (),

Reverse DNS

Software

ATS/9.1.10.87 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.87
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET redirectuser
ssp.disqus.com/ Frame 8E0B 0
0

GET
H2 204 occ
ups.analytics.yahoo.com/ups/58632/ Frame 8E0B 0
15 B 40ms
10ms Image
text/plain 3.71.149.231

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58632/occ

Requested by

Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 -, , ASN (),

Reverse DNS

Software

ATS/9.1.10.87 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.87
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 v1
match.sharethrough.com/universal/ Frame 8E0B 0
35 B 38ms
7ms Image
text/plain 18.156.141.126

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.sharethrough.com/universal/v1?supply_id=KW3eSFMR&gdpr=0&gdpr_consent=&us_privacy=1YN-&
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.156.141.126 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT

GET
H2

200

sync
ads.servenobid.com/ Frame 8E0B
Redirect Chain

https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D353%26uid%3D%3Cvsid%3E
https://ads.servenobid.com/sync?pid=353&uid=0000EEA

0
335 B

38ms
33ms

Image
image/avif

34.254.59.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=353&uid=0000EEA
Requested by: Host: public.servenobid.com
URL: https://public.servenobid.com/sync.html
Protocol: H2
Server: 34.254.59.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-59-116.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://public.servenobid.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

Redirect headers

pragma: no-cache
strict-transport-security: max-age=86400 ; includeSubDomains, max-age=604800
date: Tue, 17 Oct 2023 02:12:15 GMT
server: Apache
p3p: CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA"
location: https://ads.servenobid.com/sync?pid=353&uid=0000EEA
content-type: text/html
cache-control: max-age=0, no-cache, no-store
content-length: 154
x-mnet-hl2: E
expires: Tue, 17 Oct 2023 02:12:15 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame C6C3 7 B
380 B 174ms
12ms XHR
application/json 69.173.144.165

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 7168 5 KB
6 KB 92ms
13ms Script
text/html 198.47.127.19

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=71151227&p=162412&s=0&a=0&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=1YN-
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 198.47.127.19 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4cddea32975008b5c3d522eabf988b8aef7a4fa838db858dc0f3c7e55071f251

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type: text/html; charset=UTF-8
date: Tue, 17 Oct 2023 02:12:15 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 334D
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=1&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dbm%26google_cm%26google_sc%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dbm&google_cm&google_sc&google_hm=ZS3tf5Sc5DQZ2ai4pZ3OmQAA
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJZm49NkEFxUzr7juHqnZGs&google_cver=1

43 B
729 B

26ms
26ms

Image
image/gif

104.18.27.193

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJZm49NkEFxUzr7juHqnZGs&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H3
Server: 104.18.27.193 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oflg7F0%2BmprfpzitsQtoLZbRNZ88vQ99D04CYdzOcOQYoYamz6rKi4vQrMcZxDgAoTv%2FvHDu9yVomOQuanhIfjR6biRrtGWSVbegUyiOMpltMuLOju8qmeK6pc09zSapUhhKvjxC6z48MQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 817503fb4d019a18-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=45&external_user_id=CAESEJZm49NkEFxUzr7juHqnZGs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 314
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 casale
match.adsrvr.org/track/cmf/ Frame 334D 70 B
148 B 115ms
31ms Image
image/gif 35.71.131.137

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/casale
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 -, , ASN (),
Reverse DNS
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET dcm
s.amazon-adsystem.com/ Frame 334D 0
0

GET
H3

200

usermatchredir
ssum-sec.casalemedia.com/ Frame 334D
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=index&google_cm&google_hm=ZS3tf5Sc5DQZ2ai4pZ3OmQAABFQAAAIB&gdpr_consent=&us_privacy=&gdpr=&gpp=&gpp_sid=
https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEBz5pvt9RGX3urrRQaQtW1Y&google_cver=1

43 B
737 B

33ms
25ms

Image
image/gif

104.18.27.193

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEBz5pvt9RGX3urrRQaQtW1Y&google_cver=1
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H3
Server: 104.18.27.193 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7e1Ntc7bEK%2B11Vdl4AOzuY40LocWDGfvLdQ%2FYmewBBCXPqtOt8TKvKbkOLmyeqldspM8YWPyfxP9V8OHSh8StyAgnzYzSt4JeSDbv%2FoDyJa59CD1p%2B%2FwlF%2FNC4LZnv3qXsJlXwVcX7HOJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 817503fb2cee9a18-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ssum-sec.casalemedia.com/usermatchredir?s=184023&gdpr_consent=&gdpr=&gpp=&gpp_sid=&google_gid=CAESEBz5pvt9RGX3urrRQaQtW1Y&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 364
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 334D
Redirect Chain

https://euexchangesync.digitaleast.mobi/usersync/index.gif?us_privacy=&gdpr=&gdpr_consent=&gpp=&gpp_sid=
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=11&external_user_id=

43 B
767 B

24ms
22ms

Image
image/gif

104.18.27.193

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=11&external_user_id=
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H3
Server: 104.18.27.193 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9VMDi1jPkRvR9T0aiU5eDAtwEpp5ZCV47QOnY4CBWlj%2FIcme0TepTuuUbCRJf4e8JBDghy38QYX0mQdrgXVhkSKE3kg2ZbYGjZ8%2BqycC0wYCm8oj3ul8N%2BqsbelAwo8gcxhHwb5PyJ5p7g%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 817503fb2cf19a18-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=11&external_user_id=
date: Tue, 17 Oct 2023 02:12:15 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95
content-type: text/html; charset=utf-8

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame 334D
Redirect Chain

https://cms.quantserve.com/pixel/p-Z8PuJEk6U7Hyq.gif?idmatch=0
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=B0mr8FQYrvIcT6zyAk208AJIoKIcTfugCRoay7xp

43 B
736 B

20ms
19ms

Image
image/gif

104.18.27.193

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=B0mr8FQYrvIcT6zyAk208AJIoKIcTfugCRoay7xp
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H3
Server: 104.18.27.193 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9IwqB%2B03Qp4Rm2L1MEhHLgDdFPS3wjsyR8w0u08iUG%2F9TjlvDAcg0kAR3R9QzlO6510Lo%2Bn2Z7XqK4Ib4qyVPJZ7PQw%2BDf27TblASj9wgnLtMqPDgrq767fvdgd1%2BPuYG3NUyF1vp%2BYkqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 817503fb3cf79a18-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=81&&external_user_id=B0mr8FQYrvIcT6zyAk208AJIoKIcTfugCRoay7xp
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

crum
dsum-sec.casalemedia.com/ Frame 334D
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
https://pm.w55c.net/ping_match.gif?scc=1&ei=CASALE&rurl=https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=_wfivefivec_
https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=6yj0YMBi1QSzz95

43 B
735 B

23ms
22ms

Image
image/gif

104.18.27.193

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=6yj0YMBi1QSzz95
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H3
Server: 104.18.27.193 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xU2v2s3t4ttJ%2FThTG7RHvq8noHOcNVSihJ3IewZSdPBo7WB1g7EdgmOY2GVu4A%2FHZjCEyXUshAjBsIL2RHjRuNmhWartXv8on0SHvu%2FAo%2FGoh7rl6ZAOq%2Fj5e3bHG0SEO0om%2FFgi2MmjRw%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 817503fb4d039a18-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

Pragma: no-cache
Date: Tue, 17 Oct 2023 02:12:14 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-790-g2a3fdc2#rel-ec2-master i-031606d58fcbc7991@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://dsum-sec.casalemedia.com/crum?cm_dsp_id=47&external_user_id=6yj0YMBi1QSzz95
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

rum
dsum.casalemedia.com/ Frame 334D
Redirect Chain

https://casale-match.dotomi.com/match/bounce/current?networkId=19998&version=1
https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1697595135

43 B
331 B

44ms
21ms

Image
image/gif

104.18.27.193

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1697595135
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H2
Server: 104.18.27.193 -, , ASN (),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBzpE5QTUh3nRcbCsikMXNJKnuJfk%2F04xLwhQUYus8yak5rZwFvJC1R1YSfl7yzl8NiTCbwo0FDQZ%2BAu2ZLbRx0fnXeZ0mHjJT%2BoZLXFgb76IYS8Wx8W2%2FIz%2BKWz8SVluW9G3okk"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 817503fbae6e9180-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

location: https://dsum.casalemedia.com/rum?cm_dsp_id=65&external_user_id=&expiration=1697595135
pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
content-length: 0
expires: 0

GET
H2 200 sync
ads.servenobid.com/ Frame 334D 0
356 B 35ms
34ms Image
image/avif 34.254.59.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=333&uid=ZS3tf5Sc5DQZ2ai4pZ3OmQAABFQAAAIB
Requested by: Host: ssum-sec.casalemedia.com
URL: https://ssum-sec.casalemedia.com/usermatch?cb=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D333%26uid%3D&s=195491&C=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.59.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-59-116.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssum-sec.casalemedia.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 8946 38 KB
11 KB 8ms
7ms Script
text/html 95.101.149.233

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.149.233 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: b50028fc69adb1ad4565caec02ceebb0f4ce91ba0dffdf76a02baea233272dca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=duration_media&endpoint=us-east
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Tue, 17 Oct 2023 02:12:15 GMT
Content-Encoding: gzip
Last-Modified: Mon, 16 Oct 2023 22:24:29 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=72709
Connection: keep-alive
Content-Length: 10838
Expires: Tue, 17 Oct 2023 22:24:04 GMT

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 8946 7 B
380 B 69ms
11ms XHR
application/json 69.173.144.165

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 58C1
Redirect Chain

https://secure.adnxs.com/getuid?https://usersync.gumgum.com/usersync?b=apn&i=$UID
https://usersync.gumgum.com/usersync?b=apn&i=6489196053422144956

35 B
250 B

200ms
36ms

Image
image/gif

34.247.233.198

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=apn&i=6489196053422144956
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.233.198 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Tue, 17 Oct 2023 02:12:15 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
an-x-request-uuid: a57de22b-491d-4761-b29c-deb28b37e270
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://usersync.gumgum.com/usersync?b=apn&i=6489196053422144956
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sync
x.bidswitch.net/ Frame 58C1
Redirect Chain

https://x.bidswitch.net/sync?ssp=gumgum2&user_id=e_be1499f9-5439-4274-9475-4c00518e075a&gdpr=0&gdpr_consent=&us_privacy=1---
https://x.bidswitch.net/ul_cb/sync?ssp=gumgum2&user_id=e_be1499f9-5439-4274-9475-4c00518e075a&gdpr=0&gdpr_consent=&us_privacy=1---
https://c1.adform.net/serving/cookie/match/?party=24&bidswitch_ssp_id=gumgum2
https://c1.adform.net/serving/cookie/match/?CC=1&party=24&bidswitch_ssp_id=gumgum2
https://x.bidswitch.net/sync?dsp_id=70&user_id=332359993737586236&ssp=gumgum2

43 B
145 B

10ms
9ms

Image
image/gif

18.196.230.223

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=70&user_id=332359993737586236&ssp=gumgum2
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Server: 18.196.230.223 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://x.bidswitch.net/sync?dsp_id=70&user_id=332359993737586236&ssp=gumgum2
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 58C1
Redirect Chain

https://us-u.openx.net/w/1.0/cm?_={CACHEBUSTER}&id=47f31213-389c-4904-aaa6-9b11aab9c211&gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dopx%26i%3D
https://usersync.gumgum.com/usersync?b=opx&i=d451ae72-8881-4076-9bb2-083084f3c1a0

35 B
250 B

138ms
35ms

Image
image/gif

34.247.233.198

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=opx&i=d451ae72-8881-4076-9bb2-083084f3c1a0
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.233.198 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Tue, 17 Oct 2023 02:12:15 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

date: Tue, 17 Oct 2023 02:12:15 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
location: https://usersync.gumgum.com/usersync?b=opx&i=d451ae72-8881-4076-9bb2-083084f3c1a0
p3p: CP="CUR ADM OUR NOR STA NID"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET sync
sync.srv.stackadapt.com/ Frame 58C1 0
0

GET
H2 200 gumgum
pr-bh.ybp.yahoo.com/sync/ Frame 58C1 43 B
426 B 215ms
32ms Image
image/gif 2a05:d018:d29:3605:290e:3f93:cc5a:81f7

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/gumgum?gdpr=0&gdpr_consent=

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:290e:3f93:cc5a:81f7 -, , ASN (),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET generic
sync.ipredictive.com/d/sync/cookie/ Frame 58C1 0
0

GET 142
match.deepintent.com/usersync/ Frame 58C1 0
0

GET /
b1sync.zemanta.com/usersync/gumgum/ Frame 58C1 0
0

GET
H2 200 server_match
ad.360yield.com/ Frame 58C1 43 B
199 B 147ms
34ms Image
image/gif 52.212.215.149

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad.360yield.com/server_match?partner_id=N&r=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Didi%26i%3D%7BPUB_USER_ID%7D
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.212.215.149 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 17 Oct 2023 02:12:15 GMT
content-type: image/gif
content-length: 43
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 58C1
Redirect Chain

https://bh.contextweb.com/bh/rtset?pid=558355&ev=1&rurl=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpln%26i%3D%25%25VGUID%25%25
https://usersync.gumgum.com/usersync?b=pln&i=9nFWGEsJY7iC&ev=1&pid=558355

35 B
250 B

102ms
33ms

Image
image/gif

34.247.233.198

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=pln&i=9nFWGEsJY7iC&ev=1&pid=558355
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.233.198 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Tue, 17 Oct 2023 02:12:15 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

strict-transport-security: max-age=15768000
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
server: Jetty(10.0.14)
content-language: de-DE
location: https://usersync.gumgum.com/usersync?b=pln&i=9nFWGEsJY7iC&ev=1&pid=558355
p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
cache-control: private, max-age=0, no-cache, no-store
cw-server: bh-deployment-cdf9fc9cc-hj2kb
expires: -1

GET
H/1.1

200

usersync
usersync.gumgum.com/ Frame 58C1
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=15&redirectUri=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dsad%26i%3D%5Bssb_sync_pid%5D&gdpr=0&gdpr_consent=
https://usersync.gumgum.com/usersync?b=sad&i=736215746470683770

35 B
250 B

47ms
35ms

Image
image/gif

34.247.233.198

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://usersync.gumgum.com/usersync?b=sad&i=736215746470683770
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Server: 34.247.233.198 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Content-Type: image/gif
Pragma: no-cache
Date: Tue, 17 Oct 2023 02:12:15 GMT
Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Expires: 0

Redirect headers

location: https://usersync.gumgum.com/usersync?b=sad&i=736215746470683770
date: Tue, 17 Oct 2023 02:12:14 GMT
content-length: 0

GET
H2 200 sync
ads.servenobid.com/ Frame 58C1 0
357 B 46ms
35ms Image
image/avif 34.254.59.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=309&uid=e_be1499f9-5439-4274-9475-4c00518e075a
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.59.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-59-116.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://g2.gumgum.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET

usersync
rtb.gumgum.com/ Frame C82D
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=1301&gdpr=0&gdpr_consent=
https://c1.adform.net/serving/cookie/match?CC=1&party=1301&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/usersync?b=adf&i=8511601196041892094&gdpr=0&gdpr_consent=

0
0

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 2473
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=
https://sync-tm.everesttech.net/ct/upi/pid/URnmbSKM?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Datm%26i%3D%24%7BTM_USER_ID%7D&gdpr=0&gdpr_consent=&_test=ZS3tfwAYdIZsoQAb
https://usersync.gumgum.com/usersync?b=atm&i=ZS3tfwAYdIZsoQAb&gdpr=0&gdpr_consent=&_test=ZS3tfwAYdIZsoQAb

35 B
250 B

41ms
34ms

Document
image/gif

34.247.233.198

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=atm&i=ZS3tfwAYdIZsoQAb&gdpr=0&gdpr_consent=&_test=ZS3tfwAYdIZsoQAb
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.247.233.198 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Tue, 17 Oct 2023 02:12:15 GMT
Expires: 0
Pragma: no-cache

Redirect headers

accept-ranges: bytes
cache-control: no-cache
content-length: 0
date: Tue, 17 Oct 2023 02:12:15 GMT
location: https://usersync.gumgum.com/usersync?b=atm&i=ZS3tfwAYdIZsoQAb&gdpr=0&gdpr_consent=&_test=ZS3tfwAYdIZsoQAb
pragma: no-cache
retry-after: 0
server: Varnish
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 0
x-served-by: cache-fra-eddf8230075-FRA
x-timer: S1697508735.362005,VS0,VE0

GET
H2 200 pixel Show response
cm.g.doubleclick.net/ Frame 98E3 170 B
243 B 27ms
18ms Document
image/png 172.217.16.194

General

Check archive.org

Show headers Download Go to

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=gumgum_dbm&google_hm=ZV9iZTE0OTlmOS01NDM5LTQyNzQtOTQ3NS00YzAwNTE4ZTA3NWE=&gdpr=0&gdpr_consent=&google_redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dgdv

Requested by

Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 -, , ASN (),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 170
content-type: image/png
cross-origin-resource-policy: cross-origin
date: Tue, 17 Oct 2023 02:12:15 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
server: HTTP server (unknown)
x-xss-protection: 0

GET
H2 200 user_sync.html Show response
ads.pubmatic.com/AdServer/js/ Frame 8193 15 KB
6 KB 14ms
7ms Document
text/html 23.32.184.192

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?predirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dpbm%26i%3D&gdpr=0&gdprConsent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.32.184.192 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: 94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: max-age=62566
content-encoding: gzip
content-length: 5606
content-type: text/html
date: Tue, 17 Oct 2023 02:12:15 GMT
expires: Tue, 17 Oct 2023 19:35:01 GMT
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: Apache
vary: Accept-Encoding

GET
H2 200 generic Show response
match.adsrvr.org/track/cmf/ Frame 49E0 70 B
149 B 61ms
31ms Document
image/gif 35.71.131.137

General

Check archive.org

Show headers Download Go to

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=gumgum&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 -, , ASN (),
Reverse DNS
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 70
content-type: image/gif
date: Tue, 17 Oct 2023 02:12:15 GMT
server: Kestrel

GET idsync
tg.socdm.com/aux/ Frame 86F0 0
0

GET
H/1.1

200

usersync Show response
usersync.gumgum.com/ Frame 2F21
Redirect Chain

https://creativecdn.com/cm-notify?pi=gumgum
https://creativecdn.com/cm-notify?pi=gumgum&tc=1
https://usersync.gumgum.com/usersync?b=rth&i=B3OBu39DDSC0aWlODxJZ&pi=gumgum&tc=1

35 B
250 B

78ms
34ms

Document
image/gif

34.247.233.198

General

Check archive.org

Show headers Download Go to

Full URL: https://usersync.gumgum.com/usersync?b=rth&i=B3OBu39DDSC0aWlODxJZ&pi=gumgum&tc=1
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 34.247.233.198 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: private, no-store, must-revalidate, max-age=0
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif
Date: Tue, 17 Oct 2023 02:12:15 GMT
Expires: 0
Pragma: no-cache

Redirect headers

cache-control: no-cache, no-store, must-revalidate, private, max-age=0
content-length: 0
date: Tue, 17 Oct 2023 02:12:15 GMT Tue, 17 Oct 2023 02:12:15 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://usersync.gumgum.com/usersync?b=rth&i=B3OBu39DDSC0aWlODxJZ&pi=gumgum&tc=1
pragma: no-cache

GET
H/1.1

200
OK

usync.html Show response
eus.rubiconproject.com/ Frame 8979
Redirect Chain

https://secure-assets.rubiconproject.com/utils/xapi/multi-sync.html?p=gumgum
https://eus.rubiconproject.com/usync.html?p=gumgum

281 B
554 B

10ms
9ms

Document
text/html

95.101.149.233

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Requested by: Host: g2.gumgum.com
URL: https://g2.gumgum.com/usync/13926?gdpr=0&gdpr_consent=&us_privacy=1---&r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D309%26uid%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.149.233 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Referer: https://g2.gumgum.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-Ranges: bytes
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 233
Content-Type: text/html; charset=UTF-8
Date: Tue, 17 Oct 2023 02:12:15 GMT
ETag: "4014f-119-6051b805b8000"
Last-Modified: Mon, 11 Sep 2023 20:52:16 GMT
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
content-length: 0
date: Tue, 17 Oct 2023 02:12:15 GMT
location: https://eus.rubiconproject.com/usync.html?p=gumgum
server: AkamaiGHost

GET
H/1.1 200
OK usync.js Show response
eus.rubiconproject.com/ Frame 8979 38 KB
11 KB 9ms
8ms Script
text/html 95.101.149.233

General

Check archive.org

Show headers Download Go to

Full URL: https://eus.rubiconproject.com/usync.js
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html?p=gumgum
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.149.233 -, , ASN (),
Reverse DNS
Software: Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash: b50028fc69adb1ad4565caec02ceebb0f4ce91ba0dffdf76a02baea233272dca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/usync.html?p=gumgum
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Date: Tue, 17 Oct 2023 02:12:15 GMT
Content-Encoding: gzip
Last-Modified: Mon, 16 Oct 2023 22:24:29 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
p3p: CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control: max-age=72709
Connection: keep-alive
Content-Length: 10838
Expires: Tue, 17 Oct 2023 22:24:04 GMT

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 368D
Redirect Chain

https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCooki...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=

42 B
95 B

43ms
23ms

Document
image/gif

185.64.191.210

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.191.210 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 17 Oct 2023 02:12:14 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

cache-control: no-cache
content-length: 0
cross-origin-resource-policy: cross-origin
date: Tue, 17 Oct 2023 02:12:14 GMT
expires: Tue, 17 Oct 2023 00:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&gdpr=0&gdpr_consent=
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
pragma: no-cache
server: Kestrel
server-processing-duration-in-ticks: 760870
strict-transport-security: max-age=31536000; preload;
x-errorlevel: 0

GET

dcm
aax-eu.amazon-adsystem.com/s/ Frame 98FE
Redirect Chain

https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=0959BBFA-6D39-4254-96CF-1F6775E7FC0B&redir=true&gdpr=0&gdpr_consent=
https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=0959BBFA-6D39-4254-96CF-1F6775E7FC0B&redir=true&gdpr=0&gdpr_consent=&dcc=t

0
0

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame A215
Redirect Chain

https://cms.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=C7Q5J1jlPCUQsj4lDrAmJw61MnUQsGl3Befosyp7

42 B
565 B

95ms
18ms

Document
image/gif

185.64.191.210

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=C7Q5J1jlPCUQsj4lDrAmJw61MnUQsGl3Befosyp7
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.191.210 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 17 Oct 2023 02:12:15 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 0
date: Tue, 17 Oct 2023 02:12:15 GMT
expires: Fri, 04 Aug 1978 12:00:00 GMT
location: https://image2.pubmatic.com/AdServer/Pug?&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=C7Q5J1jlPCUQsj4lDrAmJw61MnUQsGl3Befosyp7
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
pragma: no-cache
strict-transport-security: max-age=86400

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 869D
Redirect Chain

https://ib.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6489196053422144956&gdpr=0&gdpr_consent=

42 B
447 B

98ms
21ms

Document
image/gif

185.64.191.210

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6489196053422144956&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.191.210 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 17 Oct 2023 02:12:13 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials: true
access-control-allow-origin: *
an-x-request-uuid: f9a20d37-2ad3-48ef-ad39-9cef0349fcf5
cache-control: no-store, no-cache, private
content-length: 0
content-type: text/html; charset=utf-8
date: Tue, 17 Oct 2023 02:12:15 GMT
expires: Sat, 15 Nov 2008 16:00:00 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=6489196053422144956&gdpr=0&gdpr_consent=
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
pragma: no-cache
server: nginx/1.23.4
x-proxy-origin: 81.95.5.42; 81.95.5.42; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
x-xss-protection: 0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 480E
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7290744501505620122&gdpr=0&gdpr_consent=

42 B
297 B

42ms
22ms

Document
image/gif

185.64.191.210

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7290744501505620122&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.191.210 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 17 Oct 2023 02:12:15 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Connection: keep-alive
Date: Tue, 17 Oct 2023 02:12:15 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA%3D&piggybackCookie=7290744501505620122&gdpr=0&gdpr_consent=
Server: nginx
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET

sync
a.sportradarserving.com/ Frame 9B7D
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=&us_privacy=
https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic

0
0

GET sync
sync.srv.stackadapt.com/ Frame 0D38 0
0

GET /
b1sync.zemanta.com/usersync/pubmatic/ Frame 9935 0
0

GET

b9pj45k4
sync-tm.everesttech.net/ct/upi/pid/ Frame DAD4
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_con...
https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_...

0
0

GET pm
match.prod.bidr.io/cookie-sync/ Frame 4AAD 0
0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame E8F3
Redirect Chain

https://csync.loopme.me/?pubid=11331&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzImdGw9MTI5NjAw&piggybackCookie={viewer_token}
https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}

0
93 B

21ms
21ms

Document
text/html

185.64.191.210

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.191.210 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Tue, 17 Oct 2023 02:12:15 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

content-length: 0
date: Tue, 17 Oct 2023 02:12:15 GMT
location: https://simage2.pubmatic.com/AdServer/Pug?vcode&piggybackCookie={viewer_token}
server: _

GET sync
t.adx.opera.com/pub/ Frame F83F 0
0

GET
H2 200 bridge Show response
cm.adgrx.com/ Frame EC83 43 B
283 B 95ms
13ms Document
image/gif 72.251.241.204

General

Check archive.org

Show headers Download Go to

Full URL: https://cm.adgrx.com/bridge?AG_PID=pubmatic&AG_SETCOOKIE&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 72.251.241.204 -, , ASN (),
Reverse DNS
Software: Cowboy /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, proxy-revalidate
content-length: 43
content-type: image/gif
date: Tue, 17 Oct 2023 02:12:15 GMT
expires: Thu, 23 Sep 2004 17:42:04 GMT
p3p: CP="NOI OTC OTP OUR NOR"
pragma: no-cache
server: Cowboy
x-realserver-nx: ams-delivery-6

GET

Pug
image2.pubmatic.com/AdServer/ Frame 87D8
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8692823271894421797

0
0

GET
H2 200 cm Show response
ipac.ctnsnet.com/int/ Frame 777F 43 B
369 B 65ms
21ms Document
image/gif 35.186.193.173

General

Check archive.org

Show headers Download Go to

Full URL: https://ipac.ctnsnet.com/int/cm?exc=14&redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MTEmdGw9MjAxNjA=&piggybackCookie=[user_id]
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.186.193.173 -, , ASN (),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 43
content-type: image/gif
date: Tue, 17 Oct 2023 02:12:15 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="NOI DSP COR NID CUR OUR NOR"
pragma: no-cache
server: Apache-Coyote/1.1
via: 1.1 google

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame B67B
Redirect Chain

https://p.rfihub.com/cm?pub=224&in=1&getuid=https%3A//image2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw%26piggybackCookie%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5140084927756967657

42 B
195 B

88ms
19ms

Document
image/gif

185.64.191.210

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5140084927756967657
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 185.64.191.210 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, private
content-length: 42
content-type: image/gif; charset=utf-8
date: Tue, 17 Oct 2023 02:12:15 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server: nginx

Redirect headers

Content-Length: 0
Date: Tue, 17 Oct 2023 02:12:15 GMT
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3MzkmdGw9MTI5NjAw&piggybackCookie=5140084927756967657
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server: Jetty(9.4.51.v20230217)

GET
H/1.1 200
OK cookiesync Show response
core.iprom.net/ Frame A055 43 B
277 B 111ms
23ms Document
image/gif 195.5.165.20

General

Check archive.org

Show headers Download Go to

Full URL: https://core.iprom.net/cookiesync?gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 195.5.165.20 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: close
Content-Length: 43
Content-Type: image/gif
Date: Tue, 17 Oct 2023 02:12:15 GMT
Vary: Accept-Encoding
X-adserver-worker: komodo-fa986328b5e4@version_1.573
X-core-time: 0ms
X-server-arch: v2

GET pubmatic
ad.mrtnsvr.com/sync/ Frame 674E 0
0

GET

/
pixel-eu.onaudience.com/ Frame 3D5F
Redirect Chain

https://green.erne.co/pubmatic/cm?gdpr=0&gdpr_consent=
https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=0&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25...

0
0

GET
H2 200 sync Show response
ads.servenobid.com/ Frame 4B0E 0
357 B 41ms
39ms Document
text/html 34.254.59.116
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.servenobid.com/sync?pid=316&uid=0959BBFA-6D39-4254-96CF-1F6775E7FC0B
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.59.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-59-116.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://ads.pubmatic.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
amp-access-control-allow-source-origin: *
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
content-length: 0
content-type: text/html;charset=ISO-8859-1
date: Tue, 17 Oct 2023 02:12:15 GMT

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 7168
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=CVm7-m05QlSWzx9ndef8Cw%3D%3D&gdpr=0&gdpr_consent=
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=

15 KB
15 KB

14ms
14ms

Image
text/html

23.32.184.192

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Server: 23.32.184.192 -, , ASN (),
Reverse DNS
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
content-encoding: gzip
last-modified: Fri, 01 Sep 2023 11:18:33 GMT
server: Apache
vary: Accept-Encoding
content-type: text/html
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=62566
accept-ranges: bytes
content-length: 5606
expires: Tue, 17 Oct 2023 19:35:01 GMT

Redirect headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 404 qmap
sync.crwdcntrl.net/ Frame 7168 49 B
264 B 63ms
38ms Image
image/gif 63.33.97.132
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=0959BBFA-6D39-4254-96CF-1F6775E7FC0B&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.33.97.132 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-33-97-132.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.5.71
content-length: 49
expires: 0

GET
H2

204

ids
idsync.frontend.weborama.fr/ Frame 7168
Redirect Chain

https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=
https://cr.frontend.weborama.fr/cr?key=pubmatic&gdpr=0&gdpr_consent=&bounce=1&random=2901374731
https://image6.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fidsync.frontend.weborama.fr%2Fids%3Fkey%3Dpubmatic%26value%3D%23PM_USER_ID&gdpr=0
https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=0959BBFA-6D39-4254-96CF-1F6775E7FC0B

0
284 B

43ms
18ms

Image
text/plain

34.111.131.239

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=0959BBFA-6D39-4254-96CF-1F6775E7FC0B
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Server: 34.111.131.239 -, , ASN (),
Reverse DNS
Software: Weborama Collect Frontend /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:14 GMT
via: 1.1 google
last-modified: Tue, 17 Oct 2023 02:12:15 GMT
server: Weborama Collect Frontend
vary: Origin
p3p: CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 03 Jul 2001 06:00:00 GMT

Redirect headers

location: https://idsync.frontend.weborama.fr/ids?key=pubmatic&value=0959BBFA-6D39-4254-96CF-1F6775E7FC0B
date: Tue, 17 Oct 2023 02:12:14 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 0
content-type: text/html; charset=UTF-8

GET match
a.audrte.com/ Frame 7168 0
0

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 7168
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=MDk1OUJCRkEtNkQzOS00MjU0LTk2Q0YtMUY2Nzc1RTdGQzBC&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
95 B

93ms
19ms

Image
image/gif

185.64.191.210

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Server: 185.64.191.210 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 17 Oct 2023 02:12:15 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 7168
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECvub0h5D5B3dYhtBsPj7t4&google_cver=1

42 B
265 B

44ms
19ms

Image
image/gif

185.64.191.210

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECvub0h5D5B3dYhtBsPj7t4&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Server: 185.64.191.210 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 17 Oct 2023 02:12:15 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESECvub0h5D5B3dYhtBsPj7t4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 7168 43 B
610 B 70ms
20ms Image
image/gif 34.91.62.186

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.91.62.186 -, , ASN (),

Reverse DNS

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Mon, 16 Oct 2023 02:12:15 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 7168
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5935901323400979004

42 B
242 B

23ms
21ms

Image
image/gif

185.64.191.210

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5935901323400979004
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Server: 185.64.191.210 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 17 Oct 2023 02:12:15 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&gdpr=0&gdpr_consent=&piggybackCookie=5935901323400979004
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 generic
match.adsrvr.org/track/cmf/ Frame 7168 70 B
148 B 39ms
35ms Image
image/gif 35.71.131.137

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 -, , ASN (),
Reverse DNS
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
server: Kestrel
content-length: 70
content-type: image/gif

GET
H2 200 0959BBFA-6D39-4254-96CF-1F6775E7FC0B
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame 7168 43 B
0 154ms
44ms Image
image/gif 2a05:d018:d29:3605:290e:3f93:cc5a:81f7

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/0959BBFA-6D39-4254-96CF-1F6775E7FC0B?gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:290e:3f93:cc5a:81f7 -, , ASN (),

Reverse DNS

Software

ATS /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
content-length: 43

GET
H2 204 sync
ups.analytics.yahoo.com/ups/58292/ Frame 7168 0
15 B 16ms
13ms Image
text/plain 3.71.149.231

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=0959BBFA-6D39-4254-96CF-1F6775E7FC0B&redir=true&gdpr=0&gdpr_consent=

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.71.149.231 -, , ASN (),

Reverse DNS

Software

ATS/9.1.10.87 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.87
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H2 204 pixelSync
pixel-sync.sitescout.com/dmp/ Frame 7168 0
187 B 68ms
18ms Image
text/plain 98.98.134.242

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server: 98.98.134.242 -, , ASN (),
Reverse DNS
Software: A /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
pragma: no-cache
date: Tue, 17 Oct 2023 02:12:14 GMT
cache-control: max-age=0,no-cache,no-store
server: A
expires: Tue, 11 Oct 1977 12:34:56 GMT

GET cs
ad.turn.com/r/ Frame 7168 0
0

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame 7168 0
103 B 55ms
14ms Image
text/plain 2a02:fa8:8806:20::2040

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=0959BBFA-6D39-4254-96CF-1F6775E7FC0B&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:20::2040 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 17 Oct 2023 02:12:15 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 7168
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:e8d58e32-9c1a-4701-9586-b7a22b1fb31c&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw

42 B
95 B

26ms
20ms

Image
image/gif

185.64.191.210

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:e8d58e32-9c1a-4701-9586-b7a22b1fb31c&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=162412&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&us_privacy=1YN-&&predirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D316%26uid%3DPM_UID
Protocol: H2
Server: 185.64.191.210 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

content-type: image/gif; charset=utf-8
date: Tue, 17 Oct 2023 02:12:15 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: https://simage2.pubmatic.com/AdServer/Pug?gdpr_consent=&gdpr=0&piggybackCookie=uid:e8d58e32-9c1a-4701-9586-b7a22b1fb31c&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
Date: Tue, 17 Oct 2023 02:12:15 GMT
Server: Apache
Connection: Keep-Alive
Keep-Alive: timeout=5, max=3000
Content-Length: 0
P3P: policyref="/w3c/p3p.xml", CP="DSP NON LAW OUR CUR DEVo PSAo PSDo IND STA NAV COM INT"

GET
H/1.1 200
OK khaos.json Show response
token.rubiconproject.com/ Frame 8979 7 B
380 B 11ms
10ms XHR
application/json 69.173.144.165

General

Check archive.org

Show headers Download Go to

Full URL: https://token.rubiconproject.com/khaos.json?
Requested by: Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_CBC
Server: 69.173.144.165 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://eus.rubiconproject.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://eus.rubiconproject.com
Cache-Control: no-cache,no-store,must-revalidate
access-control-allow-credentials: true
content-length: 7
X-RPHost: 611afce88997db6fdd35eb213e662871
Expires: 0

GET
H2 200 sync
ads.servenobid.com/ Frame EC6C 0
343 B 50ms
36ms Image
image/avif 34.254.59.116
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.servenobid.com/sync?pid=317&uid=736215746470683770&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.59.116 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-59-116.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
amp-access-control-allow-source-origin: *
content-type: image/avif;charset=ISO-8859-1
access-control-allow-origin: *
access-control-expose-headers: AMP-Access-Control-Allow-Source-Origin
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-credentials: true
content-length: 0

GET

dcm
s.amazon-adsystem.com/ Frame EC6C
Redirect Chain

https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=135&partneruserid=TAM_OK&redirurl=https%3A%2F%2Fs.amazon-adsystem.com%2Fdcm%3Fpid%3D72348060-38ad-4586-8e4f-f1e2a8e789b3%26id%3DSMART_USE...
https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=736215746470683770&gdpr=0&gdpr_consent=

0
0

GET
H2 204 /
s.ad.smaato.net/c/ Frame EC6C 0
241 B 62ms
9ms Image
text/plain 2600:9000:211e:ea00:1b:5138:8a40:93a1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.ad.smaato.net/c/?adExInit=sas&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D133%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:ea00:1b:5138:8a40:93a1 -, , ASN (),
Reverse DNS
Software: CloudFront /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:11:32 GMT
via: 1.1 a4af9b42c2ec29f616825af32712c204.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C2
age: 43
x-cache: Hit from cloudfront
cache-control: no-cache, must-revalidate
x-amz-cf-id: 4ur2ufxXgwsurrwWO5iuU48v63cmI8Pp6zw6NP6qYa5c_TW8hEtZ9Q==

GET e09bad714a425a93d6dea503dcf9c528.gif
cs.admanmedia.com/ Frame EC6C 0
0

GET
H2

200

sync
x.bidswitch.net/ Frame EC6C
Redirect Chain

https://x.bidswitch.net/sync?ssp=smartadserver&gdpr=0&gdpr_consent=
https://sync.bumlam.com/?src=bsw2&bsw_ssp=smartadserver&bsw_param=dc586155-8272-4bd5-a588-deb2a44fe649&gdpr=0&gdpr_consent=
https://sync.bumlam.com/?src=bsw2&s_data=CAIQARj_2repBloJCgRnZHByEgEwWg4KDGdkcHJfY29uc2VudKIBEJdFpaxskhHuhuAAJZDAZHyqAQ1zbWFydGFkc2VydmVysgEkZGM1ODYxNTUtODI3Mi00YmQ1LWE1ODgtZGViMmE0NGZlNjQ5
https://x.bidswitch.net/sync?dsp_id=476&user_id=9745a5ac-6c92-11ee-86e0-002590c0647c&expires=90&ssp=smartadserver&bsw_param=dc586155-8272-4bd5-a588-deb2a44fe649

43 B
145 B

8ms
7ms

Image
image/gif

18.196.230.223

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/sync?dsp_id=476&user_id=9745a5ac-6c92-11ee-86e0-002590c0647c&expires=90&ssp=smartadserver&bsw_param=dc586155-8272-4bd5-a588-deb2a44fe649
Requested by: Host: ssbsync.smartadserver.com
URL: https://ssbsync.smartadserver.com/api/sync?callerId=9&gdpr=0&gdpr_consent=&us_privacy=1YN-&&redirect=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D317%26uid%3D%24UID
Protocol: H2
Server: 18.196.230.223 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ssbsync.smartadserver.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.70 Safari/537.36

Response headers

date: Tue, 17 Oct 2023 02:12:15 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
content-type: image/gif

Redirect headers

Date: Tue, 17 Oct 2023 02:12:15 GMT
Server: nginx
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location: https://x.bidswitch.net/sync?dsp_id=476&user_id=9745a5ac-6c92-11ee-86e0-002590c0647c&expires=90&ssp=smartadserver&bsw_param=dc586155-8272-4bd5-a588-deb2a44fe649
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ad.turn.com
URL: https://ad.turn.com/r/cs?pid=45&rndcb=8615226555

Domain: ssp.disqus.com
URL: https://ssp.disqus.com/redirectuser?r=https%3A%2F%2Fads.servenobid.com%2Fsync%3Fpid%3D346%26uid%3DBUYERUID

Domain: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/dcm?pid=78af914c-e755-4b90-bded-1b172aedc763&us_privacy=&gdpr=&gdpr_consent=&id=ZS3tf5Sc5DQZ2ai4pZ3OmQAABFQAAAIB&gpp=&gpp_sid=

Domain: sync.srv.stackadapt.com
URL: https://sync.srv.stackadapt.com/sync?nid=1&gdpr=0&gdpr_consent=

Domain: sync.ipredictive.com
URL: https://sync.ipredictive.com/d/sync/cookie/generic?partner=gumgum&cspid=9&append=1&cb=${ADELPHIC_CACHE_BUSTER}&gdpr=0&gdpr_consent=&us_privacy=1---&redirect=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dvnt%26i%3D

Domain: match.deepintent.com
URL: https://match.deepintent.com/usersync/142?redir=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Ddit%26i%3D%24%7BDI_USER_ID%7D

Domain: b1sync.zemanta.com
URL: https://b1sync.zemanta.com/usersync/gumgum/?puid=e_be1499f9-5439-4274-9475-4c00518e075a&gdpr=0&gdpr_consent=&us_privacy=1---&cb=https%3A%2F%2Fusersync.gumgum.com%2Fusersync%3Fb%3Dzem%26i%3D__ZUID__

Domain: rtb.gumgum.com
URL: https://rtb.gumgum.com/usersync?b=adf&i=8511601196041892094&gdpr=0&gdpr_consent=

Domain: tg.socdm.com
URL: https://tg.socdm.com/aux/idsync?proto=gumgum

Domain: aax-eu.amazon-adsystem.com
URL: https://aax-eu.amazon-adsystem.com/s/dcm?pid=4bd6ceca-c698-4782-a536-f380f757484c&id=0959BBFA-6D39-4254-96CF-1F6775E7FC0B&redir=true&gdpr=0&gdpr_consent=&dcc=t

Domain: a.sportradarserving.com
URL: https://a.sportradarserving.com/sync?ssp=bidswitch&bidswitch_ssp_id=pubmatic

Domain: sync.srv.stackadapt.com
URL: https://sync.srv.stackadapt.com/sync?nid=11&gdpr=0&gdpr_consent=

Domain: b1sync.zemanta.com
URL: https://b1sync.zemanta.com/usersync/pubmatic/?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzNDMmdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Domain: sync-tm.everesttech.net
URL: https://sync-tm.everesttech.net/ct/upi/pid/b9pj45k4?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA=&piggybackCookie=${TM_USER_ID}&gdpr=1&gdpr_consent=&_test=ZS3tfwAVOaD-gwA4

Domain: match.prod.bidr.io
URL: https://match.prod.bidr.io/cookie-sync/pm?gdpr=0&gdpr_consent=

Domain: t.adx.opera.com
URL: https://t.adx.opera.com/pub/sync?pubid=pub8730968190912

Domain: image2.pubmatic.com
URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=8692823271894421797

Domain: ad.mrtnsvr.com
URL: https://ad.mrtnsvr.com/sync/pubmatic?gdpr=0&gdpr_consent=

Domain: pixel-eu.onaudience.com
URL: https://pixel-eu.onaudience.com/?partner=270&smartmap=1&gdpr=0&gdpr_consent=&redirect=image2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTI4ODQmdGw9MTI5NjAw%26piggybackCookie%3D%25_rid%26gdpr%3D0%26gdpr_consent%3D%25_gdpr_consent

Domain: a.audrte.com
URL: https://a.audrte.com/match?gdpr=0&gdpr_consent=&p=M1717054901&uid=0959BBFA-6D39-4254-96CF-1F6775E7FC0B

Domain: ad.turn.com
URL: https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=

Domain: s.amazon-adsystem.com
URL: https://s.amazon-adsystem.com/dcm?pid=72348060-38ad-4586-8e4f-f1e2a8e789b3&id=736215746470683770&gdpr=0&gdpr_consent=

Domain: cs.admanmedia.com
URL: https://cs.admanmedia.com/e09bad714a425a93d6dea503dcf9c528.gif?redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D130%26partneruserid%3D%5BUID%5D%26gdpr%3D%5BGDPR%5D%26gdpr_consent%3D%5BGDPR_CONSENT%5D&gdpr=0&gdpr_consent=

Verdicts & Comments Add Verdict or Comment

170 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.criteo.com/	1970-01-21 00:53:24	Name: uid Value: 6df61bed-840f-4af1-9ed9-b8a5d3922bdc
.adnxs.com/	1970-01-20 17:41:24	Name: uuid2 Value: 6489196053422144956
.openx.net/	1970-01-21 00:17:24	Name: i Value: f0c0355b-0913-47d7-a61f-d0352884f31b\|1697508731
.rubiconproject.com/	1970-01-21 00:17:24	Name: khaos Value: LNTOVC05-22-G139
.rubiconproject.com/	1970-01-21 00:17:24	Name: audit Value: 1\|naVuGyos1qqP/2a293QhMF4C1LCtWBX9mfsNIvv6QtosxPxU5qr+6FrO851SL053tjr9BQ320rtNK4vGyfbdaMxuhZpbWKLtKo1K0XDjsVm+xUA9sgf/4eNEKcfJxgEB
.wheregoes.com/	1970-01-21 00:53:24	Name: __gads Value: ID=33857f5778442536:T=1697508732:RT=1697508732:S=ALNI_MY_X7v34dMYjjnQa8k6VbM7SwAL_g
.wheregoes.com/	1970-01-21 00:53:24	Name: __gpi Value: UID=00000c9a440a48b5:T=1697508732:RT=1697508732:S=ALNI_MZXdqSrRqVT-YaKV7SatJnsdXwnEw
.doubleclick.net/	1970-01-21 00:53:24	Name: IDE Value: AHWqTUnhEwIQ8dsGd39IZ1rO8QAvRarsL4ZFYXw-7tkCAjzZDEj8J2Zo0wRHNSjBj-M
.adnxs.com/	1970-01-20 17:41:24	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2Il`qmfA?!]tbP6j2F-XstGt!@E2G%+DT%
.adnxs.com/	1970-01-20 17:41:24	Name: icu Value: ChgIvahBEAoYAiACKAIw_Nq3qQY4AkACSAIQ_Nq3qQYYAQ..
.bing.com/	1970-01-21 00:53:24	Name: MUID Value: 1534C7E3787D67AB20BBD44E79D16687
.wheregoes.com/	1970-01-21 00:53:24	Name: cto_bundle Value: UuiJM196ZFN5RzFKMFpYeGdBY2cxdThsSFo4ZlN1V1ZEV3NVa2MzbkFNVzNRaDNvdUtENyUyQmJsZ0hJbExING9yaXNUbDYlMkZ3MDROd3NCOTZtS2JweGtvZ3hkRm50UENzYnJrSldKRCUyQjN6SklBbnVTendGQWduc0VxanMyemhVMW9tUFQ0TEtIMTkyRlNVJTJCWWRINUxHMHdrJTJCTiUyRkElM0QlM0Q

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
worker	error	URL: blob:https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/29b4f9cb-d10c-43b6-bf14-b540ccf0686c Message: Mixed Content: The page at 'blob:https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/29b4f9cb-d10c-43b6-bf14-b540ccf0686c' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://eppiocemhmnlbhjplcgkofciiegomcon/content/safecheck-notification/notification-iframe/index.html'. This request has been blocked; the content must be served over HTTPS.
worker	error	URL: blob:https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/29b4f9cb-d10c-43b6-bf14-b540ccf0686c Message: Mixed Content: The page at 'blob:https://4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com/29b4f9cb-d10c-43b6-bf14-b540ccf0686c' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'chrome-extension://cplklnmnlbnpmjogncfgfijoopmnlemp/skin/logo24.png'. This request has been blocked; the content must be served over HTTPS.
network	error	URL: https://sync.crwdcntrl.net/qmap?c=240&tp=PUBM&tpid=0959BBFA-6D39-4254-96CF-1F6775E7FC0B&gdpr=0&gdpr_consent= Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4aef4c5babe0952c101287d7b6083051.safeframe.googlesyndication.com
a.audrte.com
a.sportradarserving.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ad.360yield.com
ad.mrtnsvr.com
ad.turn.com
ads.pubmatic.com
ads.servenobid.com
adsdk.microsoft.com
ap.lijit.com
api.fouanalytics.com
b1sync.zemanta.com
bcp.crwdcntrl.net
bh.contextweb.com
bidder.criteo.com
c1.adform.net
casale-match.dotomi.com
cdn.adnxs.com
cdn.id5-sync.com
cdn.jsdelivr.net
cdn.prod.uidapi.com
cdn4.buysellads.net
ce.lijit.com
cm.adgrx.com
cm.g.doubleclick.net
cms.quantserve.com
contextual.media.net
core.iprom.net
cr.frontend.weborama.fr
creativecdn.com
cs-rtb.minutemedia-prebid.com
cs-server-s2s.yellowblue.io
cs.admanmedia.com
csync.loopme.me
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dsum.casalemedia.com
euexchangesync.digitaleast.mobi
eus.rubiconproject.com
fastlane.rubiconproject.com
fra1-ib.adnxs.com
g2.gumgum.com
google-bidout-d.openx.net
gum.criteo.com
hb-api.omnitagjs.com
hbx.media.net
ib.adnxs.com
id5-sync.com
idsync.frontend.weborama.fr
image2.pubmatic.com
image6.pubmatic.com
ipac.ctnsnet.com
match.adsby.bidtheatre.com
match.adsrvr.org
match.deepintent.com
match.prod.bidr.io
match.sharethrough.com
mug.criteo.com
oa.openxcdn.net
oajs.openx.net
onetag-sys.com
p.rfihub.com
pagead2.googlesyndication.com
pixel-eu.onaudience.com
pixel-sync.sitescout.com
pm.w55c.net
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prebid.media.net
public.servenobid.com
pubmatic-match.dotomi.com
rtb.gumgum.com
s.ad.smaato.net
s.amazon-adsystem.com
s.update.ib.adnxs.net
secure-assets.rubiconproject.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
srv.buysellads.com
ssbsync.smartadserver.com
ssp.disqus.com
ssum-sec.casalemedia.com
static.criteo.net
sync-tm.everesttech.net
sync.adkernel.com
sync.bumlam.com
sync.crwdcntrl.net
sync.go.sonobi.com
sync.ipredictive.com
sync.srv.stackadapt.com
t.adx.opera.com
tags.crwdcntrl.net
tg.socdm.com
token.rubiconproject.com
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
usersync.gumgum.com
wheregoes.com
www.bing.com
www.google.com
www.googletagservices.com
x.bidswitch.net
a.audrte.com
a.sportradarserving.com
aax-eu.amazon-adsystem.com
ad.mrtnsvr.com
ad.turn.com
b1sync.zemanta.com
cs.admanmedia.com
image2.pubmatic.com
match.deepintent.com
match.prod.bidr.io
pixel-eu.onaudience.com
rtb.gumgum.com
s.amazon-adsystem.com
ssp.disqus.com
sync-tm.everesttech.net
sync.ipredictive.com
sync.srv.stackadapt.com
t.adx.opera.com
tg.socdm.com
104.18.27.193
13.32.27.45
134.122.57.34
145.40.97.67
151.101.129.108
151.101.193.108
151.101.66.49
151.139.128.10
162.19.138.117
172.217.16.194
178.250.1.9
18.156.141.126
18.196.230.223
185.184.8.90
185.64.191.210
185.86.139.101
193.0.160.130
195.5.165.20
198.47.127.19
208.93.169.131
216.52.2.86
23.201.255.110
23.212.88.20
23.32.184.192
2600:9000:211e:ea00:1b:5138:8a40:93a1
2600:9000:223f:8600:1f:4c18:bd40:93a1
2600:9000:2250:6000:a:e047:753:6381
2602:803:c003:200::21
2606:4700:10::6816:3456
2606:4700:3035::ac43:b70e
2606:4700::6810:5514
2606:4700:e2::ac40:8820
2620:116:800d:21:e365:4988:e8a7:3270
2620:1ec:46::45
2620:1ec:c11::200
2a00:1450:4001:803::2002
2a00:1450:4001:827::2001
2a00:1450:4001:82a::2004
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2001
2a00:1450:4001:830::2002
2a02:2638:3::3
2a02:2638:3::7
2a02:2638:3::c
2a02:fa8:8806:20::2040
2a05:d018:d29:3605:290e:3f93:cc5a:81f7
3.120.0.219
3.71.149.231
31.172.81.159
34.102.146.192
34.111.129.221
34.111.131.239
34.120.135.53
34.120.63.153
34.228.176.115
34.247.233.198
34.254.59.116
34.91.62.186
34.95.81.168
35.186.193.173
35.214.230.141
35.244.159.8
35.71.131.137
37.157.3.30
37.252.172.123
51.89.9.253
52.18.35.108
52.210.78.166
52.212.215.149
54.216.59.119
63.251.14.3
63.33.97.132
64.227.38.224
65.9.66.104
69.166.1.34
69.173.144.165
72.251.241.204
77.245.57.72
85.114.159.118
95.101.148.20
95.101.149.233
98.98.134.242
00f451c87141491c962bb79df268a6d70a69cb739b3868860679e6f848f6a666
0152ec54bafb1f951d4dc7585aebae598d2235c78d9e81ade8399006f8eb3b9b
021f0fd27042b279a49e982215c6dc3c3ab84e95b35553a119dfdbd50af6be94
03f975df111c595088e331714259403368940ad896eb3422773f6125b9fd8065
08106c7bf341e3850ac42fe1844e6a66013f726e6927a91c2b965a6861c97121
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c1ce1aa8e07e9cd49cd881147c0495b5c636dab10ab1c30ceb935b74a8c0ecd
1060091178cbd6c843b802f516f230f1a3a1e85f1afbd6ef84d80e5430ba457e
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
19f4129c1cfc1a9fcb2e94b35853f3d2085c0807564e37971d1ccb6ef2a7e852
1c20d54555b098aef8269b6fa89b316fa731aac67e6926c1203c27edf8cf9dbd
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
2a2e246b48ee13a2f679715854ea5beac38a26af74061a51f63d355eb74449ed
2c1e314bd40a5d53a2e657710b9a41778f2e105084dd41fb2305dc008d5bffd2
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
41e7e545a8187a4a6d41ce74d560843b6c423239d88eb5a241ac73c418304713
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46dc9dca3e40095a8d79843b75791f77d4d076d313ebd95910c9688344248952
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4cddea32975008b5c3d522eabf988b8aef7a4fa838db858dc0f3c7e55071f251
4cf5686151c8a8f777cd5dfd9fd6fd33c43fb968afdee231dc03519a9421e077
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
50facb17ffb363b5aace1b995bf49b53fa1d0504c480654f3c7d91d9eef97652
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
53eb4ff1b56736ccdf51b75c1c97bc9407d6512af0999abf3f834632b1b40153
544c55ca9f05d425f3beb90f287308d7a408b1f60d17728eff5c605a494bc1b9
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5a0e0bff8aff490cd3817c0f945e120780bd2148eb66f8179899bb4c999fc762
5b68a1d7b88697041042fad7334bcd7d5a5c9f4ab43bbcc8ced62e80b2c0f641
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
5ec3b02e78acac8860a614bda37e63aaa1fc00fe4584d6e5b51d99ab883db0a1
5fe46d2da01452067736578431f6c6e8116a24e616f58c72d9d81fdb2c7c9569
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6da117235d189f2b1e509b371d6f749498efdfded620fd11afd9d99db5227963
72e960baa80ec819264a604f2f8a8e5c21f81b785ebc17595211ad170d8b1bdc
749ae82542314757321d1cb8863a100292b72b071b07650fc9f38a406de4195c
77b80a5a234646e13a985fe33b699072097fd300bf77989a29cf87b92d875571
7b028a4a7684c89aa89c920b2b8972625fd8ca22c7c14d46bf3717582d11bb4e
7bd9acd25b6e6dfabfd03364f40b230808c814e71d9088869f45fe84df150c47
7c0355a2b318f4df3618e971015866d16da1251b7f6e896108093f7adbc5f0aa
7e633b623c0a583bfd0faa2e8ddbedf076e711868262bc8122ef486d7ace2e85
81c2cbe50044dac07e1ac9ea9841ac415bdc38dd2f6b915ab044bf69ee71c628
88bd688b3263e5c86b75480092fe4662b49825c420624053935352e31d44ad83
88e868aea079a02804f74d8dd523275e2cbe3e9e25d3be3ee5865768246e2154
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
91e327921912fdd40d8f202d9aacac8f86952119d1fc381852141da14fb03ba4
94061a925c5d84bf776554ac894020c407a9a4c89b979d538de3cf45591fe423
943a4568b86676db27ff7f44871944c652610cef42c4ca5879b1b7432adb6657
985d2b656cce9486a1f152d7c4bbbc4cc1d5a65a0af9bd52e260bcc255bced06
98a40f14a4a6d931c36936a220eb1bb644a5bbfa9ce6a9d6ce2f451bbf3a2b2b
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9d1aa0febc6ecc7c89d33e056750bcf288264dd8b853078544b3b16b9a12b6e6
9dd74473e82915526082840b91719399fd77ffd5bfe26fcb97c2298e944856d6
a5230196df9a4e9f6382c504668862efc8e25c1ec093c7dc997fbedb4b3ec54e
a8115d71dea880efdbe2498bbc614290d96986d5b42b523c27385ff4b6074242
a9c49f9f526c232731b2ff9aa3e31b686b8b339bdd246bbf74f804c802f9755d
aad6e29f1f9e70059dd5bb8d8e352dd8c4060079a445bcd8b48764ecc6ee7267
acb5d519051cc13618e992a7df4bce6a980036dfbe2e17a970ec716194329f6a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2582a6c710b11c2bbee68e7dd44f079e8a1daa645ae49bb3d06aae9b78a13b9
b50028fc69adb1ad4565caec02ceebb0f4ce91ba0dffdf76a02baea233272dca
ba7e136907f01ca29a220c5ad825e0090365fdc435b90b831c46582062a150c3
bbf2413b9511bb70a14ab3712ba3e2c2d8974e3253f209a613c15f4257fbdac4
bfea5e5db4c526a9c86debd0154807b4eaddf36281a55cb3f622e441e5054dc1
c13c33a69417f93851f62292e7250faf7aec0dc7aa556314594a62da88c0143f
c72f57881ea9665da29cc614802f61a04084e06b14de9f1d79ce26273e66a991
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d48f7d7bc477f61c161f38835c0daaead5a64ca51be3656755d0b08c866dfcf2
d8ad8902e0539ab8839d4194b1c92515885f586fd023468923375c67a149142b
da5a724b3d0dcf0ae763d66513a30e0dfd9c1a9d2cab302a17d56723e01146b3
de8279221cec92147e41e962754da2e9667fe862dc94f192566fa7bec3d11f11
e102462cd94a7e7573dd74233c5f56d3770f732649a2b1d3eff05775d082b013
e2cdf96e5064443f0ffac94e9eef0be275e04d0dc37c186207c66d873cbe9c69
e30390e6cbf00e9197aa67d9ebb5692966cf768c6d48500c8929f16037f5de8e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e615f6f367dc60fdba6d1448d36ac3b9195d53b0547eecd900ec7ac5da35f87f
e708778b880b9bb962f27f219c484785afc2684cb5c29ebb9213312736ceaf3e
e885badff253144e188588b5657e13cfa1135d4cd682053c9cca02b83baf1ef2
ebfb3bceae48c58e464951536fb5d8c6f2bcf6748202986e72f2ce79e68c1069
ec0b8114cba75656dac9a9a5f990dd5856f785c1467ec3b5baddf579edd3046d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f60b504c796bec7693a8dbd52e1cf77f898165c42f13e3ad1839e57ef378944b
fb219638ce8dfdc9b52f6b6dd446cfeecdaff21a268da098fc4b52a5f2ef3fa5
fc069e0e04d13807f2632483a883ed5fbd1d72c4eade64a9ac7f6aa71ac47fa4

wheregoes.com Open in urlscan Pro 2606:4700:3035::ac43:b70e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

215 Requests

73 %HTTPS

27 %IPv6

75 Domains

108 Subdomains

65 IPs

6 Countries

1384 kBTransfer

3802 kBSize

12 Cookies

1 Outgoing links

Redirected requests

215 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

wheregoes.com Open in urlscan Pro
2606:4700:3035::ac43:b70e Public Scan

Screenshot
Live screenshot

Full Image

215
Requests

73 %
HTTPS

27 %
IPv6

75
Domains

108
Subdomains

65
IPs

6
Countries

1384 kB
Transfer

3802 kB
Size

12
Cookies

215 HTTP transactions
3 data transactions